INTERNET-DRAFT J. Parsons/D. Shepherd ECML/IETF Expires: May 2001 November 2000 Electronic Commerce Modeling Language (ECML) Version 2 Requirements Status of this Memo Distribution of this memo is unlimited. Comments should be sent to the TRADE WG mailing list or the authors. This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) 2000, The Internet Society. All Rights Reserved. Abstract This document lists the design principles, scope, and requirements for the Electronic Commerce Modeling Language (ECML) version 2 specification. It includes requirements as they relate to the html and XML syntax, data model, format, payment processing, and external requirements. Parsons/Sheperd - DRAFT - [Page 1] INTERNET DRAFT ECML version 2 Requirements November 2000 Table of Contents Status of this Memo........................................... 1 Abstact....................................................... 1 1. Introduction .............................................. 3 1.1 The ECML Alliance......................................... 3 1.2 Relationship to Other Standards........................... 3 2. Design Principles and Scope ............................... 4 3. Requirements .............................................. 5 3.1. Payment Processing Elements ............................. 5 3.2. Payment Processing Types ................................ 5 3.3. XML Data Model and Syntax ............................... 5 3.4 Implementation .......................................... 5 4. Security Considerations ................................... 6 References ................................................... 6 Acknowledgements ............................................. 7 Author's Address ............................................. 7 Full Copyright Statement ..................................... 7 Parsons/Sheperd - DRAFT - [Page 2] INTERNET DRAFT ECML version 2 Requirements November 2000 1. Introduction ECML Version 2.0 will describe the syntax of a class of data objects called Payment Processing Objects. This will involve the development of html tags and an XML syntax for payment transactions for both electronic wallets and Business to Business [B2B] payment types such as credit card, check, line of credit, ACH (Automated Clearing House,) Mobile Phone Payments and PDA Payments. This document lists the design principles, scope, and requirements over three things: (1) the scope of work available to the WG, (2) the ECML version 2 specification, and (3) applications that implement the specification. It includes requirements as they relate to the payment element syntax, data model, format, implementation, and external requirements and coordination. Those things that are required are designated as "must", those things that are optional are designated by "may", those things that are optional but recommended are designated as "should". 1.1 The ECML Alliance The set of fields documented herein was started by the ECML Alliance (www.ecml.org.) 1.2 Relationship to Other Standards The ECML fields were initially derived from and are consistent with the W3C P3P base data schema at . ECML Version 2.0 is not a replacement or alternative to SSL/TLS [RFC 2246], SET [SET], XML [XML], or IOTP [IOTP]. These are important standards that provide functionality such as non-repudiatable transactions, automatable payment scheme selection, and smart card support. ECML may be used with any payment mechanism. Information of the use of the ECML fields with W3C P3P protocol is available at . Parsons/Sheperd - DRAFT - [Page 3] INTERNET DRAFT ECML version 2 Requirements November 2000 2. Design Principles and Scope 1. The specification must describe the fields necessary to process an html or XML payment, and describe the html or XML content in particular. The html tags or XML syntax used to represent a payment (using any payment method) is described as ECML version 2. 2. Keep the addition of fields from the previous specification [ECML v1.1] to a minimum. 3. Maintain all existing functionality from ECML v1.1. 4. Increase the flexibility of the standard to include other forms of payments. These are: ACH, Mobile Phone, PDA, Line of Credit, Purchasing Card and eCheck. 5. Allow for use of the common and uniform DTD with back-end payment systems such as Enterprise Resource Provision [ERP,] Card Line Item Detail [LID] Level II & Level III, etc. 6. Allow for use of the standard with B2B payment vehicles, such as B2B Wallets, Marketplaces, etc. 7. Fully test the specification to insure that it is well-formed XML. 8. Create an implementation guide to cover additional use cases for functionality included in this document. 9. Consider for inclusion initial fields listed in "Using P3P for E- Commerce," a W3C note dtd 29 Nov 1999. 10.ECML version 2 should be developed as part of the broader Web design philosophy of decentralization, URIs, Web data, modularity /layering / extensibility, and assertions as statements about statements. [Berners-Lee, WebData] In this context, this standard should take advantage of existing provider (and infrastructure) primitives. Parsons/Sheperd - DRAFT - [Page 4] INTERNET DRAFT ECML version 2 Requirements November 2000 3. Requirements 3.1 Payment Processing Elements 1. Cost 2. Receipt 3. Currency 4. Card 5. Payment 6. Bank/Telco 3.2 Payment Processing Types 1. All current Processing types for ECML 1.1 2. ACH 3. eCheck 4. Line Of Credit (LOC) 5. Mobile phone payments 6. PDA payments 3.3 XML Data Model and Syntax 1. A well-formed DTD needs to be developed to include new fields in this standard. 2. W3C Schema note may be drafted to document changes to the schema. 3.4 Implementation 1. The ECML version 2 specification should meet the requirements of the following applications: 1. Internet Open Trading Protocol v1.0 [IOTP] 2. Financial Services Mark Up Language v2.0. 3. At least one forms application [XFA, XFDL] 2. Check against representative LOC, ACH, eCheck, Mobile Phone and PDA processes. 3. Compare against (in accordance with standard's goals:) 1. Biztalk 2. cXML 3. EBXML 4. ISO 8583 4. Security Considerations ECML is dependent upon the security of the infrastructure of transmission providers that use the standard format. ECML does not add any security to this infrastructure. Parsons/Sheperd - DRAFT - [Page 5] INTERNET DRAFT ECML version 2 Requirements November 2000 References [eCheck] - [HTML] - HTML 3.2 Reference Specification , D. Raggett, January 1997. [IANA] - Internet Assigned Numbers Authority, Official Names for Character Sets, ed. Keld Simonsen et al. . [ISO 3166] - Codes for the representation of names of countries, [ISO 7812] - "Identification card - Identification of issuers - Part 1: Numbering system" [RFC 1766] - "Tags for the Identification of Languages", H. Alvestrand. March 1995. [RFC 2026] - "The Internet Standards Process -- Revision 3", S. Bradner, October 1996. [RFC 2246] - "The TLS Protocol: Version 1.0", T. Dierks, C. Allen. January 1999. [RFC 2411] - "IP Security: Document Roadmap", R. Thayer, N. Doraswany, R. Glenn. November 1998. [RFC 2706] - "ECML v1: Field Names for E-Commerce", D. Eastlake, T. Goldstein, October 1999. [RFC 3XXX] - "ECML v1.1: Field Names for E-Commerce", D. Eastlake, T. Goldstein, xxx 2000 [P3P] - "Using P3P for E-Commerce", J. Coco, S. Klien, D. Schutzer, S. Yen, A. Slater, November 1999 [IOTP] - [RFC 2801], D. Burdett. [SET] - Secure Electronic Transaction, [XML] - Extensible Markup Language (XML) 1.0 (Second Edition), , T. Bray, J. Paoli, C. M. Sperberg-McQueen Parsons/Sheperd - DRAFT - [Page 6] INTERNET DRAFT ECML version 2 Requirements November 2000 Acknowledgements Many members of the ECML Alliance ECML V2 Working Group contributed to this draft. Author's Address Jon W Parsons American Express Corporation Establishment Services/Network Development 3200 E. Camelback Road 75-03-02 Phoenix AZ 85016 Phone: 1.602.766.7731 EMail: jon.w.parsons@aexp.com Dave Sheppherd IBM Secure Payments Systems xxxx Raliegh, NC Phone: 1.919.254.5194 Email: dshepher@us.ibm.com Full Copyright Statement Copyright (c) 2000 The Internet Society & W3C (MIT, INRIA, Keio), All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Parsons/Sheperd - DRAFT - [Page 7]