Working towards the next version of the SWIM Supporting Material

Page tree

Working towards the next version of the SWIM Supporting Material

Skip to end of metadata
Go to start of metadata



Requirement

Title

Service interface protocols and data format

Identifier

SWIM-SERV-019

Requirement

A service description shall include the list of service interface protocols (including name and version) and data format to be used.

Rationale

Makes explicit within the service description what the protocols are.

Verification

Completeness: Verify that all relevant protocols and versions are listed; verify that the information is provided for each provider side and consumer side interface.

Consistency: Verify that the protocols are consistent with the selected interface binding.

Correctness: Not Applicable.

Examples/Notes

Note: The list of supported protocols are the ones corresponding to the selected interface binding. The supported versions of the protocols need to be declared. E.g. version of the Transport Level Security (TLS).

Level of Implementation

Mandatory


Guidance

Examples

See the Service interface protocols and data format section within the Donlon TOBT Setting Service Description.

Guidance for JSON service description 

Unable to render {include} The included page could not be found.

structure of guidance

This requirement is about two kinds of information. The guidance is structured accordingly

  • part 1 - the list of service interface protocols (including name and version)
  • part 2 - the data format to be used

Schema

The guidance concerns JSON Schema v0.0.3 (see Schema releases).

part 1 - service interface protocols

		"Interface" : 
		{
			"description" : "The means by which the underlying capabilities of a service are accessed. [SWIM-SERV-016]",
			"type": "object",
			"additionalProperties": false,
			"required": ["name", "description", "interfaceProvisionSide", "tiPrimitiveMessageExchangePattern", "endPoint", "serviceInterfaceBinding", "networkInterfaceBinding", "interfaceBindingDescription", "operation", "behaviour"],
			"properties":
			{

				"interfaceBindingDescription":
				{
					"description" : "Complementary description of the protocols and other specifications used by the interface complementing the selected bindings, or any additional requirement specified in a SWIM TI Profile that is supported by the interface. [SWIM-SERV-018], [SWIM-SERV-019]",
					"type" : "string",
					"minLength":1
				}

			}
		}


		"ServiceTechnicalDescription" : 
		{
			"description" : "Description of the technical aspects of the service including data structures, interface and operations behaviour, security mechanisms and technical constraints",
			"type": "object",
			"additionalProperties": false,
			"properties":
			{

				"securityMechanism":
				{
					"description" : "A process (or a device incorporating such a process) that is utilized or implemented by the service in order to address a security threat.",
					"type" : "array",
					"items" : { "$ref":"#/definitions/SecurityMechanism" },
					"minItems": 1
				}

			}
		},


		"SecurityMechanism" : 
		{
			"description" : "A process (or a device incorporating such a process) that is utilized or implemented by the service in order to address a security threat.",
			"type": "object",
			"additionalProperties": false,
			"required": ["name", "description"],
			"properties":
			{
				"type":
				{
					"description" : "The type of security mechanism.",
					"type" : "array",
					"items" : { "$ref":"#/definitions/CodeSecurityMechanismType" },
					"minItems": 0
				},
				"name":
				{
					"description" : "The name of the security mechanism.",
					"type" : "string",
					"minLength":1
				},
				"description":
				{
					"description" : "The description of the security mechanism.",
					"type" : "string",
					"minLength":1
				}
			}
		}


		"CodeSecurityMechanismType" : 
		{
			"description" : "A code listing the types of service mechanisms.",
			"type": "string",
			"enum":
			[
				"AUDIT",
				"AUTHENTICATION",
				"AUTHORIZATION",
				"CONFIDENTIALITY",
				"IDENTITY_MANAGEMENT",
				"INTEGRITY",
				"MONITORING",
				"POLICY_ENFORCEMENT"
			]
		}


part 2 - data formats

		"ServiceInformationDescription" : 
		{
			"description" : "A container for the description of the information exchanged by the information service.",
			"type": "object",
			"additionalProperties": false,
			"required": ["informationDefinition", "exchangeSchema"],
			"properties":
			{

				"exchangeSchema":
				{
					"description" : "Formal description of the data involved in an information exchange.",
					"type" : "array",
					"items" : { "$ref":"#/definitions/ExchangeSchema" },
					"minItems": 1
				}
			}
		}


		"ExchangeSchema" : 
		{
			"description" : "Formal description of the data involved in an information exchange.",
			"type": "object",
			"additionalProperties": false,
			"required": ["name", "reference", "schemaLanguage"],
			"properties":
			{
				"name":
				{
					"description" : "The name of the exchange schema. [SWIM-SERV-019]",
					"type" : "string",
					"minLength":1
				},
				"schemaLanguage":
				{
					"description" : "Description of the language used (e.g. XML, JSON). [SWIM-SERV-019]",
					"type" : "string",
					"minLength":1
				},
				"reference":
				{
					"description" : "A reference to the exchange schema containing the specifications of the data structures. [SWIM-SERV-019].",
					"type" : "string",
					"minLength":1
				}
			}
		}

Rules expressed for the cases as defined in Registry URD.

caserules
COMPLIANTmandatory
CANDIDATE
DEFINITION


Guidance

part 1 - guidance for service interface protocols

excerpt from requirement

  • Statement: Include the list of service interface protocols (including name and version)
  • Rationale: Makes explicit within the service description what the protocols are.
  • Note: The list of supported protocols are the ones corresponding to the selected interface binding. The supported versions of the protocols need to be declared. E.g. version of the Transport Level Security (TLS).

The corresponding information in the schema in split between

  • security mechanism : list the (security protocols) that are global for the service, if any
  • interfaceBindingDescription : list per interface the protocols not already mentioned in security mechanism

securityMechanism - Optional

within field securityMechanism, itself within field techncialDescription, list zero or more instances of SecurityMechanism , for security mechanism protocols that are implemented in all interfaces of the service.

SecurityMechanism - Optional - zero or more

A protocol dealing with security.


attribute namedescriptiontypeguidancerule
nameThe name of the security mechanism.string

Provide the name and version of the security mechanism.

Eg X.509v3 Client Certificate

Mandatory
descriptionThe description of the security mechanism.string

Describe the mechanism

Eg Authentication performed based on  X.509 client certificates over a secured connection based on TLS.

Mandatory
typeThe type of security mechanism.

A code listing the types of service mechanisms.

AUDIT 


AUTHENTICATION 

 A security functionality enabling the verification of the validity of credentials and their correspondence with an identity.

AUTHORIZATION 


INTEGRITY 


IDENTITY_MANAGEMENTA security functionality enabling the management of identities (e.g. identity creation, identity validation, federated identity retrieval).

MONITORING 


POLICY_ENFORCEMENT
CONFIDENTIALITY 


Select zero or more code values that indicate the type of security mechanism.Optional


interfaceBindingDescription - Mandatory

Additional attribute to Interface type as described in SWIM-SERV-016 Service interfaces

Within each Interface, use following attribute.


attribute namedescriptiontypeguidancerule
interfaceBindingDescriptionComplementary description of the protocols and other specifications used by the interface complementing the selected bindings, or any additional requirement specified in a SWIM TI Profile that is supported by the interface. [SWIM-SERV-018], [SWIM-SERV-019]string

List all service interface protocols (including name and version) applicable for this interface, and that are not mentioned in securityMechanism.

This field is used as well by requirement SWIM-SERV-018 TI Profile and bindings to describe additionally supported requirements as specified in the selected SWIM TI Profile, if any.

Mandatory

part 2  - guidance for data formats

Within field exchangeSchema, itself within field serviceInformationDescription, list one or more occurrences of type ExchangeSchema.

ExchangeSchema - Mandatory

Enables to understand data format(s).

attribute namedescriptiontypeguidancerule
nameThe name of the exchange schema.stringProvide the name of the data format that is used to exchange data via the service interface.Mandatory
schemaLanguageDescription of the language used (e.g. XML, JSON).stringIndicate the language in which the data format is expressed (e.g. XSD, JSON, natural language,..)Mandatory
referenceA reference to the exchange schema containing the specifications of the data structures.string

Indicate with a reference the location of where the data format is defined (e.g. See service documents)

Optional

Example

part 1 - service interface protocols

			"securityMechanism": [
				{
					"name": "TLS 1.2",
					"description": "The service relies on TLS 1.2 to provide integrity and confidentiality.",
					"type": [
						"AUTHENTICATION",
						"CONFIDENTIALITY",
						"INTEGRITY"
					]
				},
				{
					"name": "Cypher Suites",
					"description": "The following cipher suites are allowed in accordance with ECRYPT-CSA recommendations https://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 , TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
					"type": [
						"AUTHENTICATION",
						"CONFIDENTIALITY",
						"INTEGRITY"
					]
				},
				{
					"name": "X.509v3 Server Certificate",
					"description": "The service utilizes X.509v3 public certificate to authenticate the provider.",
					"type": [
						"AUTHENTICATION"
					]
				},
				{
					"name": "X.509v3 Client Certificate",
					"description": "The service utilizes X.509v3 public certificate to authenticate the consumer.",
					"type": [
						"AUTHENTICATION"
					]
				}
			]


		"serviceInterface": [
			{

				"interfaceBindingDescription": "XML requests and replies embedded into SOAP messages, themselves embedded into HTTP requests and responses. Operation names are associated to SOAP requests. The interface does not use compression or message transmission optimization mechanism (MTOM).",

					}

part 2 - data formats

		"serviceInformationDescription": {
			...
			"exchangeSchema": [
				{
					"name": "TOBT Setting Schema",
					"schemaLanguage": "XML",
					"reference": "This schema defines the data structures used to exchange data with the service. See service documents"
				}
			]
			...
		}


A complete JSON example is available in page JSON example - Donlon TOBT Setting service description.

  • No labels