PEPPOL Architecture Overview - Apr. 2009
-
Upload
hippebrun -
Category
Technology
-
view
544 -
download
1
description
Transcript of PEPPOL Architecture Overview - Apr. 2009
![Page 1: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/1.jpg)
How to connect workshopCopenhagenApril 14th 2009
PEPPOL Architecture overview
Mikkel Hippe BrunTechnical Director @ PEPPOLChief ConsultantDanish National IT and Telecom Agency
![Page 2: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/2.jpg)
Contents
Goals and vision
The “AS-IS” situationPeer-2-peer, Three/Four-corner-models
Business roles and requirements
Initial profilesFull profile
Queued profile
Lightweight profile
![Page 3: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/3.jpg)
WP8 goals
Solutions architecture – design and validation – will focus on design and validation of the
common specifications and building blocks which together will define the technical interoperability layer required to provide an operational e-business infrastructure.
![Page 4: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/4.jpg)
WP8 vision
Pan European exchange of business documents between any private company and any EU governmental institution should be as easy as sending emails.
![Page 5: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/5.jpg)
WP - Outcomes
An architecture – A federated, secure and reliable infrastructure for
electronic document transport.
Specifications– Based on internationally recognized open standards– For secure and reliable transport of electronic
documents.
Software– Dual license (EUPL and MPL 1.1 where applicable)– Lowering barriers for implementers– Provides reference implementations – Demonstrates “that it is easy”
![Page 6: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/6.jpg)
Expected benefits
Easy to exchange business documents
Easy to use the PEPPOL infrastructure
Easy for…– Service providers
• e.g. banks• e.g. Value Added Networks• e.g. E-procurement Platform Providers
– Public sector institutions– Large companies– SME's
![Page 7: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/7.jpg)
The ”As-is-situation”
Several solutions to the same problemNational / Regional / Local / Sector specific / Public / Private
Much variance complexity and designPeer-2-peer
Three-corner-models
Four corner-models
Web-based or based on machine-2-machine interaction
Many different business models
![Page 8: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/8.jpg)
The peer-2-peer-model
Characteristics (simplified)Agreed upon standards for transport
open or proprietary
Perhaps - agreed upon standards for content
Difficult to match business requirements
![Page 9: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/9.jpg)
The three-corner-model
Characteristics (simplified)Proprietary standards (whole stack)
Service provider lock-in / Limited competition
Customers may have to connect to more than one service provider
![Page 10: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/10.jpg)
The four-corner-model
Characteristics (simplified)Agreed upon standards for transport
open or proprietary
Perhaps - agreed upon standards for content
Freedom to choose service provider
![Page 11: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/11.jpg)
High level view
![Page 12: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/12.jpg)
Roles / Actors
We identified 3 distinct roles (with respect to transports)– Service Provider (SP)
• An existing e-business network provider with legacy customers – e.g. banks– e.g. Value Added Networks– e.g. E-procurement Platform Providers
• Service Providers may in addition offer a standardized lightweight access to their customers
– A new role that may be played by existing VANs, Government agencies or private sector initiatives
– Supports (C) using PEPPOL specific interfaces
– Large company or government agency – with hosted services (LC)• A company that is willing to install and maintain a gateway with endpoints available
24x7
– Company or government agency without hosted services (C)• A company (of any size) that is not able or interested in connecting directly to
PEPPOL
![Page 13: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/13.jpg)
Business Requirements
Business concern Service provider Large Organization Company
![Page 14: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/14.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry
![Page 15: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/15.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
![Page 16: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/16.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
![Page 17: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/17.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
Technology comfort zone
![Page 18: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/18.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
Technology comfort zone Reliability
![Page 19: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/19.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
Technology comfort zone Reliability Integrity
![Page 20: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/20.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
Technology comfort zone Reliability Integrity Transport-level non-repudiation
![Page 21: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/21.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
Technology comfort zone Reliability Integrity Transport-level non-repudiation Privacy
![Page 22: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/22.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
Technology comfort zone Reliability Integrity Transport-level non-repudiation Privacy Trust
![Page 23: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/23.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
Technology comfort zone Reliability Integrity Transport-level non-repudiation Privacy Trust Avg. latency lower than 5 min. +
(tender?)
![Page 24: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/24.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
Technology comfort zone Reliability Integrity Transport-level non-repudiation Privacy Trust Avg. latency lower than 5 min. +
(tender?)High volume
![Page 25: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/25.jpg)
Business Requirements
Business concern Service provider Large Organization Company
Low cost of entry Other cost of entry
(e.g.complexity, contractual, etc)
Low cost per msg
Technology comfort zone Reliability Integrity Transport-level non-repudiation Privacy Trust Avg. latency lower than 5 min. +
(tender?)High volume
![Page 26: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/26.jpg)
Architectural goals
Secure and reliable
Realizable with internet technologies
Federated and scalable
Lower barriers
Leverage investments in existing infrastructures
Allow existing business models to co-exist
![Page 27: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/27.jpg)
A four-corner-model is needed because…
The requirements differs a lot between service providers and SME’s
Trust requirement raises the barrierThe technical solution requires a trusted third party
Also the “low latency” and “availability” requirements raises the barrier
Requires hosted service with good SLA
Conclusion: No single transport profile matches all the requirements. The four-corner-model caters for this inherent problem.
![Page 28: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/28.jpg)
Basically a four corner model
![Page 29: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/29.jpg)
However….
All access points must meet a number of requirements:Sign roaming agreement
Meet SLA requirements
Certificate listed in TSL
Have full transport interoperability
Every access points are treated equallyBusiness model not considered
Anyone meeting requirements can become an Access Point
![Page 30: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/30.jpg)
Direct connection possible
![Page 31: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/31.jpg)
Roles and transports
Company
SP
SP
Large Company or government agency
Company
Key
PEPPOL full profilePEPPOL queued profilePEPPOL lightweight profileOut of Scope / Legacy protocol
SP (e.g. Bank)
Company
![Page 32: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/32.jpg)
Initial thinking on transport profiles
• Full profile– High fidelity, guaranteed secure delivery of messages from Access
Point to Access Point– Based on open standards such as WS-*– The only “required” profile
• Queued profile– High fidelity, guaranteed secure delivery of messages from Access
Point to Access Point using a message queuing model– An optional profile to enable efficient delivery of high volume
between two VANs• Lightweight profile
– A simple low cost profile that enables a disconnected company to access stored messages via a PEPPOL Service Provider
– Analogous to using SMTP Relay and POP3/IMAP
![Page 33: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/33.jpg)
Roles and Transports
Company
PSP
SP
Large Company or government agency
Company
Key
PEPPOL full profilePEPPOL queued profilePEPPOL lightweight profileOut of Scope / Legacy protocol
SP (e.g. Bank)
Company
PUTGET
PUT
PUT
PUT
PUT
PUT
PUT
PUT
![Page 34: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/34.jpg)
Message exchange in PEPPOL
• The main questions are:– Who, where, why, how?
Trust
Registry
Sender Receiver
Why should I trust?
How do I advertise my capabilities?Who can I reach?
Where can I send my document?
How do I transport my document?
![Page 35: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/35.jpg)
Scenario – CA based trust
![Page 36: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/36.jpg)
Scenario – TLS based trust
VAN
SME 1
Large company
Govt. agency
SME 5
PEPPOL infrastructure
sphere
Existing infrastructure
sphere
Access Point 1
Large company
Access Point 3
Access Point 4
Portal
SME 4
SME 3
Access Point 2
TrustedService
List
Message + SAML token
Message + SAML token
PEPPOL infra-structure sphere
Existing infra-structure sphere
Trust lookup
Trust
PEPPOLRelay
ServiceSME 2
PUT
3rd partySTS
Gettoken
![Page 37: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/37.jpg)
Scenario – STS based trust
![Page 38: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/38.jpg)
Scenario 1: Basic send
Company ACompany B
Country A
Country B
Operator 1
Company C
Operator 2
PEDRI
PEDRI Registry
Access point, VAN 1
Access point 2, Operator 2
Transport properties• Secure• ReliableProfile properties• Transport + QoS
Invoice
Send to company C –
how??
Public agency D
• Key: CompanyC
• Doc: Invoice• Profile:
Peppol• Country: B
Endpoint: • Access point
2•
http://ap2.de/
WS-* over internet AMQP /
WS-* over internet
Other options..
This is the area that PEDRI adresses
![Page 39: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/39.jpg)
Decentralized registry infrastructure
• 2 central questions:– Which registry has information on the recipient?– Where can I find the recipient?
Service registry
Sender
Registry locator service
Which registry?
Which endpoint?
Register
• These questions can be answered through many different strategies
![Page 40: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/40.jpg)
Registry overview
Transport layer- Open standards- Secure & reliable transport
Top level registry
2nd level registry A
Replicated registries
Operator A
2nd level registry B
Operator B
Point to
Point to
Register
Lookup
Sender entry point
Recipient endpoint
Send payload
Receive payload
Sender
Recipient
Register & manage
Sender
Lookup
![Page 41: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/41.jpg)
Scenario II: Multiple operators
Company ACompany B
Country A
Country B
Operator 1
Company C
Operator 2
PEDRI
Access point, national
Company F
Operator 3
Access point 3, Operator 3 Company E
PEDRI RegistryRegistry A
Invoice
Access point, VAN 1
Access point 2, Operator 2
Registry BTransport properties• Secure• ReliableProfile properties• Transport + QoS
Registry C
Public agency D
• Key: Agency D
• Doc: Invoice• Profile:
Peppol
Endpoint: • Access point
2•
http://ap2.de/
Send to Agency D – how??
• Key: Agency D
Registry: • Registry C•
http://reg.c.de/
![Page 42: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/42.jpg)
Scenario V – Lightweight Profile
Company ACompany B
Country A
Country B
Operator 1
Company C
Operator 2
PEDRI
Company F
Operator 3
Company E
PEDRI Top-level Registry
Invoice
Access point, VAN 1
Access point 2, Operator 2
Transport properties• WS-* based
Registry C
Public agency D
• Bus. key: Company H
• Doc: Invoice• Profile: Peppol
Endpoint: • Company H•
http://compH.de/
• PGP key
Send to company H –
how??
• Key: Company H
Registry: • Registry C•
http://reg.c.de/
Company G
Company H Register with:• Bus. key:
Company H• Doc: Invoice• Profile: Peppol
Access point 4(PEPPOL service provider)
PUT
Access point 5(PEPPOL service provider)
GET
![Page 43: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/43.jpg)
Fees for using PEPPOL infrastructure?
There is no fee associated with sending and receiving messages between PEPPOL Access Point
There may be fees to:– Have an entry listed in a registry– Use an STS / Certificate Validation Service
However..Service providers choose their own business model
![Page 44: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/44.jpg)
Roadmap for PEPPOL Infrastructure
May 2009 – April 2010 : Construction– May – Hands on workshop for developers– October – New release– January - PEPPOL 2010– February – New release– May 1st – Production
May 2010 – April 2011 : Pilot– Workshops– Standardization– Aid to pilots– Patches
![Page 45: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/45.jpg)
Summary
PEPPOL offers:A pan European registry architecture– Business entities, Business processes, Business documents, Transport, Security
information
A trust model
Certificate validation
Secure and reliable transport
Specifications
Reference implementations
A governance model
![Page 46: PEPPOL Architecture Overview - Apr. 2009](https://reader034.fdocuments.us/reader034/viewer/2022052622/5590a1d71a28ab0a798b4618/html5/thumbnails/46.jpg)
http://www.peppol.eu
http://www.peppolinfrastructure.com – WP8 Solution architecture – technical stuff