The effectiveness of the documents produced by the MODA-ML XML factory can be tested by implementing a communication system to exchange MODA-ML documents between the enterprises of the Textile/Clothing sector. Since this document exchange is done inside some business processes, it is important to establish a sequence in the communication messages that is shared by all participating enterprises and unambiguous. MODA-ML then provides several tools to help the enterprise integrate the MODA-ML exchange mechanism to their internal processes. These tools are collectively called the message switching system.

Figure 1: Information flows between two companies using MODA-ML MSH (click to view the full size image)

The message switching system defines a transport protocol based on ebXML (www.ebXML.org) messaging service specifications; ebXML (Electronic Business using XML) is a set of specifications from UN/CEFACT (www.uncefact.org) and OASIS that defines a collaboration framework over the Internet to enhance interoperability between enterprises. The main aim of ebXML is to support two different aspects of the interoperability processes:

• The semantic definition of the documents: ebXML proposes a set of 'core components' used to define the semantic value of a document. Differently from the EDI framework, ebXML emphasises the importance of these components on the entire document structure, and this aspect gives ebXML more flexibility with respect to EDI.
• Several technical specifications on the communication protocol: MODA-ML follows ebXML transport specifications.

Since the Textile/Clothing sector is composed of various kinds of enterprises, each characterized by a different level of technological sophistication in their information systems, it becomes fundamental to create simple software modules that can be made publicly available.

The main component of the MODA-ML message switching system is the Message Service Handler (MSH), that acts as an email client for the transport of the MODA-ML documents: it takes care to validate MODA-ML documents and to send and receive them over the Internet using SMTP as its transport protocol.

It doesn't interfere with company's information system, but it works beside it, concerning only with communication matters. MODA-ML messages can be automatically created from data stored inside a company's information system using third party applications, and they are simple text messages ready to be sent over the Internet as e-mail messages. So the Message Service Handler doesn't need to know how enterprises organize their internal information, it's a light and independent application that ultimately sends and receives text messages complying with ebXML and MODA-ML specifications.

Figure 2: Message Service Handler interface (click to view the full size image)

The Message Service Handler has other interesting features: it keeps track of all the messages sent and received by storing them in a database accessible via ODBC, it writes logs of the main events that happen while it's running, it allows the user to validate messages against an ebXML CPA (Collaboration Protocol Agreement) and it sends data in a more traditional fax form.

Figure 3: a textile purchase order shown by MSH (click to view the full size image)

Besides basic aspects of document structuring and message exchanging, recent activities in the MODA-ML project were performed in a number of areas including:

• Security aspects for authentication and non-repudiation of MODA-ML messages
• A virtual enterprise simulator for testing new MODA-ML implementations

Security

Business transactions need to be private and to assure a certain level of security: some data must be protected and rendered neither visible nor accessible to subjects not directly involved in the transaction, and must be protected from unauthorised accesses, data integrity violations, and any kind of data corruption, alteration and/or falsification. Given the economic relevance of these transactions, it is necessary to provide the enterprises with techniques to protect them not only from informatic threats, but also to guarantee legal aspects of the transactions; the certification of the document authorship is surely fundamental in order to develop a trusted and reliable service that can gain the confidence of the community.

The security module must provide a set of functionalities to guarantee:

• Confidentiality: any unauthorised access to the message content must be prevented.
• Integrity: the receiver should always be able to verify the message integrity and point out alterations in the data.
• Authentication: the receiver must be guaranteed of the identity of the message sender.
• Non-repudiation: the receivers must be guaranteed that the senders will never be able to successfully disown any message they sent.

Such requirements can be achieved using cryptography and digital signature, for instance based on asymmetric-key algorithms and digital certificates emitted by a acknowldeged Certification Authority.

The basic MODA-ML message switching board does not provide the necessary security guarantees: for this purpose a software module has been developed that implements some security aspects and that can be easily and efficiently integrated within the main modules of MSH.

Figure 4: a MODA-ML signed message shown by MSH (click to view the full size image)

The mechanism adopted to guarantee confidentiality, integrity, authentication and non-repudiation of a conforming MODA-ML message are based on XML–Signature and XML–Encryption, two W3C standards that allow respectively to sign an XML document with a digital signature and to encrypt an XML document or fragment with an electronic key: both standards are fully compliant with the ebXML digital signature and greatly simplify interoperability with other frameworks that adopt ebXML specifications.

The current version of the MODA-ML security library implements the XML Signature protocol to supply authentication to the XML documents, while XML Encryption is being implemented and will be available in future versions. The MODA-ML security library is thought as a dynamic library (.dll), based on the standard cryptographical algorithms of the MS-Windows library. This library is linked to the MSH module, giving it the possibility to sign the documents with a digital certificate (X509). The documents content, thus, are guaranteed to have been sent from the owner of the certificate and to have been received without any falsification. The adoption of MS-Windows library allows the free module of MODA-ML to support encryption and signature at no cost on any Windows XP/2000 workstation. The only, low, cost to be sustained regards company's certificate purchase, that has to be released by an official Certificate Authority in order to be really confident with signed and encrypted messages.

The security module integration was delivered to external MODA-ML users in May 2003. MODA–ML specifications also comprise capabilities of requiring acknowledgement messages in order to inform the sender that his/her message has been received and to implement the non-repudiation aspects of the communication mechanism.

The Message Service Handler uses five security levels, each corresponding to a different combination of exclusive or combined use of cryptography, signature and non-repudiation:

• Forwarding messages with digital signature.
• Forwarding encrypted messages.
• Forwarding encrypted and signed messages.
• Forwarding messages and acks with digital signature.
• Forwarding encrypted and signed messages and acks.

In order to achieve a complete interoperability among all the subjects, the security features of the MSH can be used even by applications that do not directly implement security features.

This software is no more available. Please refer to MSH2.

This page is referred to the outcomes of the projects Moda-ML and Penelope (2001-2004).