2.1.5 Internet Open Trading Protocol (trade)

NOTE: This charter is a snapshot of the 45th IETF Meeting in Oslo, Norway. It may now be out-of-date. Last Modified: 27-May-99


Donald Eastlake 3rd <dee3@torque.pothole.com>

Applications Area Director(s):

Keith Moore <moore@cs.utk.edu>
Patrik Faltstrom <paf@swip.net>

Applications Area Advisor:

Patrik Faltstrom <paf@swip.net>


Surendra Reddy <skreddy@us.oracle.com>

Mailing Lists:

General Discussion:ietf-trade@lists.eListX.com
To Subscribe: ietf-trade-request@lists.eListX.com
In Body: (un)subscribe
Archive: http://www.eListX.com/archives/ietf-trade

Description of Working Group:

The Internet Open Trading Protocol provides an interoperable framework for Internet commerce. It is optimized for the case where the buyer and the merchant do not have a prior acquaintance and is payment system independent. It will be able to encapsulate and support payment systems such as SET, Mondex, CyberCash's CyberCoin, DigiCash's e-cash, GeldKarte, etc. IOTP is able to handle cases where such merchant roles as the shopping site, the payment handler, the deliverer of goods or services, and the provider of customer support are performed by different Internet sites.

The Internet Open Trading Protocol (IOTP) working group will (1) determine requirements and document scenarios for IOTP message transport and for IOTP version 2 specification, (2) document interoperability experience with IOTP version 1 (which will have been published as Informational), and (3) develop the specification for IOTP transport and IOTP version 2.

Selection of items for inclusion in version 2 is expected to be from the following and others suggested by the Working Group:

- Dynamic Definition of Trading Sequences - Multiple Protocol Options - Offer Request Block - Public Key Signatures (v1.0 uses secret key signatures) - Signatures on the Delivery Response - Improved Problem Resolution (extend to cover presentation of signed receipt to customer support party, etc.) - Selection of Additional Options - OTP Architecture (informational development of standard interfaces to software components).

The following are out of scope for version 2:

- server to server messages (except as messages needed for client to server communications may also be useful for server to server communications) - legal or regulatory issues surrounding the implementation of the protocol or information systems using it.

Goals and Milestones:

Jul 98


Submit IOTP v1.0 to the IESG to consider publication as an Informational RFC.

Oct 98


Submit Internet-Draft of Open Trading Protocol requirements and scenarios

Oct 98


Submit IOTP transport requirements Internet Draft

Dec 98


Submit Internet-Draft on IOTP v1.0 interoperability experience

Jan 99


Submit Internet-Draft on IOTP transport requirements to IESG for publication as an Informational RFC.

Jan 99


Submit Internet-Draft on IOTP v1.0 interoperability experience to IESG for publication as an Informational RFC.

Feb 99


Submit Internet-Draft of IOTP v2.0 specification

Feb 99


Submit Internet-Draft of IOTP transport specification

May 99


Submit IOTP transport specification I-D to IESG for consideration as a Proposed Standard.

Jun 99


Submit IOTP v2.0 specification I-D to IESG for consideration as a Proposed Standard.


No Request For Comments

Current Meeting Report

[Recorded by Donald Eastlake and corrected by Dave Burdett. Please send me any further corrections. Slides will be made available and/or sent out separately. Donald]

Minutes, taken by Donald Eastlake

There were no suggested changes to the agenda.

Yoshiaki Kawatsura of Hitachi presented an update on the status of the SMILE project. (see separate slides)

David Burdett mentioned that there was an IOTP 1.0 implementation by the Royal Bank of Canada and that one was planned this year by SIZ.

Donald Eastlake and David Burdett mentioned that a company is advertising that they are developing an IOTP toolkit in Java. Info on this was on the mailing list but will be reposted.

Dave Burdett presented the changes in the main IOTP v1.0 Protocol document made in version 3 to produce version 4 of the protocol draft. There was some discussion of the change which permitted optional authentication at the beginning of most transactions.

Steve Crocker wanted to know why that was needed, whether authentication would be manually or automatically initiated, and if manual how the user could tell if they should do so. Dave Burdett indicated he primarily thought of it as user initiated. Tony Lewis gave some business to business examples where it could reasonably be automatic.

Kent Davidson, author of the companion IOTP v1.0 Digital Signature document could not be here. Donald Eastlake indicated that the digital signature document needed a little more polishing. The main protocol document and the digital signature document together are needed to implement IOTP.

A straw poll was taken and indicated overwhelming support by those in the room to advance these two IOTP v1.0 protocol specification documents to the IESG for Informational RFC within a few weeks. (The IESG may choose to do an IETF wide last call on them.) It was suggested that the XML DTD in these two documents be tried with various XML processing tools to be sure it will work with them,

The existing supplemental documents were discussed briefly.

The plan is to finalize the Architecture and API supplement shortly after the main protocol documents are final and publish it as an informational RFC.

Hitachi presented some slides on the SET supplement. (see separate slides)

Jason Easton spoke briefly on the SCCD supplement which Tom Arnold is authoring. Tom had planned to be present but got called away from the IETF meeting due to business considerations. SCCD (Secure Channel Credit Debit) is a payment protocol intended to be used via an SSL or similar secure channel and provide the equivalent of SSL secured plain text forms for credit card charges. This should be out as an I-D within three weeks.

Donald Eastlake spoke briefly on the HTTP supplement. He feels it needs more input from the WG and requests comments.

Possible additional payment system supplements covering eCheck and ACH we listed by Donald Eastlake. Tony Lewis questioned the presence of ACH as it normally requires prior written authorization but Steve Crocker thought it should be there.

David Burdett gave a presentation on the messaging layer of IOTP. Because commerce examples were used in the presentation there was also some discussion of future additions to IOTP such as split payments.

There was strong consensus to split off the XML Messaging layer of IOTP as a separate specification to be developed in the TRADE WG. Comments on this will be sought on the mailing list.

Donald Eastlake gave a presentation on ECML (www.ecml.org). David Burdett said that it was largely complementary to IOTP and could be used to detect the presence of an IOTP wallet.

Ko Fujimura of NTT gave a presentation on "What's Next in Internet Commerce" which concentrated on Digital Right, such as sale of memberships, use of coupons, sale of subscriptions, loyalty systems, etc. There appeared to be a consensus at the meeting to have a BoF like meeting on this topic at the next IETF meeting assuming at a minimum, that a draft requirements document can be prepared in time. This needs discussion on the mailing list.

Finally, David Burdett gave an informational presentation on the OECD and Taxation. (See separate slides.)

Due to lack of time, charter revision was not discussed at the WG meeting but will be persuaded on the list.


Internet Open Trading Protocol Changes "03" TO "04"
What’s Next for Internet Commerce
The OECD and Taxation on the Internet
The Current Status of SET Supplement
Standard SMart Card Integrated SettLEment System Project - SMILE Project -
XML Messaging