Technical Interface Description
Contents
1. S Body tSend xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I OITD transportId lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt transportId gt data xmlns xsi http www w3 org 2001 XMLSchema instance xsi type sMsgType msg xsi type aUnsubscribeType lt subscriId gt 1322843092 lt subscrid gt lt reason gt OTS2TestClient closes lt reason gt lt msg gt lt data gt lt tSend gt lt S Body gt lt S Envelope gt Connection termination Request sClose via tSend tSendR Response is empty S Envelope xmlns S http schemas xmlsoap org soap envelope gt S Body tSend xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I_OITD gt transportId lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt transportId gt Mobility Data Marketplace Page 57 data xmlns xsi http www w3 org 2001 XMLSchema instance xsi type sCloseType sessionId 266419a0 1d02 11e1 a7c2 000c294483b2 sessionId reason End TestClient lt reason gt data tSend 8 Body lt S Envelope gt Response sCloseResponse via tSend via tGetR tGet Request not shown lt env Envelope xmlns env http2. clientPullService ClientPullService Service cps new ClientPullService Service wsdlUrl serviceName cpsp cps getClientPullServicePort D2LogicalModel d2LogicalModel cpsp getDatex2Data return d2LogicalModel catch Exception ex ex printStackTrace return null iparam args A public static void main String args Path to the keystore file that contains the machine code System setProperty javax net ssl keyStore C MDMClient java SSL privkey myPrivateKey p12 Password of the keystore file System setProperty javax net ssl keyStorePassword myKeyPass Type of keystore file System setProperty javax net ssl keyStoreType pkcs12 Path to the truststore file that contains the MDM certificates System setProperty javax net ssl trustStore C MDMClient java SSL myTrustS tore jks MVM Mobility Data Marketplace Page 68 fa Ta Kaal Password of truststore file System setProperty javax net ssl trustStorePassword myTrustStorePass Releases all SOAP communication for debugging purposes System setProperty com sun xml ws transport http client HttpTransportPipe du mp true try TestClientCertDatex2 tc new TestClientCertDatex2 tc testClientPullService catch Exception ex ex printStackTrace Mobility Data Marketplace Page 69 9 1 SWUM Annex B Processing the p12 File for Apache Server Configur
3. tSend lt transportId gt lt tGetR xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec lt env Envelope xmlns env http schemas xmlsoap org soap envelope gt lt clientPa lt serverPa lt transpor msg xsi applica rt gt 1 lt clientPart gt rt gt 27 lt serverPart gt tId gt data xmlns xsi http www w3 org 2001 XMLSchema instance xsi type sMsgType type aTieResponseType gt tion xsi type acApplicationType AA Mobility Data Marketplace Page 54 appVersion GUI OTS2 ActivityLayer SRVTest V 1 0 0 appVersion lt application gt config version configListCounterPart lt cfgs gt cfg lt name gt s_layer lt name gt lt min gt 1 lt min gt lt max gt 1 lt max gt cfg cfg name a distributor sub lt name gt min 1 min lt max gt 1 lt max gt cfg cfg lt name gt a_subscriber lt name gt lt min gt 0 lt min gt lt max gt 0 lt max gt cfg cfg name a c datex any mdm lt name gt lt min gt 0 lt min gt lt max gt 0 lt max gt cfg cfg lt name gt t_layer lt name gt lt min gt 1 lt min gt lt max gt 1 lt max gt cfg cfg lt name gt a_layer lt name gt lt min gt 1 lt min gt lt max gt 1 lt max gt cfg cfgs lt config gt lt msg gt lt data gt lt tSend gt lt ds gt lt tGetR gt lt e
4. System out println No subscription parameter or no data has been given else if responseCode 404 System out println Subscription parameter could not be assigned or the subscription is no longer valid else j System out println Error responseCode Content of error try InputStream is con getErrorStream BufferedReader rd new BufferedReader new InputStreamReader is String line StringBuffer response new StringBuffer while line rd readLine null response append line response append r rd close System out println response toString catch Exception ex ex printStackTrace InputStream is null How does the transmission of content occur String encoding con getContentEncoding Generate the required wrapper based on encoding if encoding null amp amp encoding equalsIgnoreCase gzip is new GZIPInputStream con getInputStream else if encoding null amp amp encoding equalsIgnoreCase deflate MVM Mobility Data Marketplace Page 64 fa Ta Kaal is new InflaterInputStream con getInputStream new Inflater true else 4 is con getInputStream Read results BufferedReader rd new BufferedReader new InputStreamReader is String line StringBuffer response new StringBuffer while line rd readLine null response append line response append r rd close S
5. schemas xmlsoap org soap envelope gt env Header lt env Body gt lt tGetR xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I_OITD gt lt ds gt lt tSend gt lt transportId gt lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt transportId gt data xmlns xsi http www w3 org 2001 XMLSchema instance xsi type sCloseResponseType lt sessionId gt 266419a0 1d02 1lel a7c2 000c294483b2 lt sessionId gt lt data gt lt tSend gt lt ds gt lt tGetR gt lt env Body gt lt env Envelope gt Request tDisconnect lt S Envelope xmlns S http schemas xmlsoap org soap envelope gt lt S Body gt lt tDisconnect xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I_OITD gt lt transportId gt lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt transportId gt lt reason gt close lt reason gt lt tDisconnect gt lt S Body gt lt S Envelope gt AA Mobility Data Marketplace Page 58 Response tDisconnectR Envelope xmlns env http schemas xmlsoap org soap envelope gt env lt env Header gt lt env Body gt lt tDisconnectR xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmln
6. http www w3 0rg 2003 05 soap envelope lt faultcode gt s Server lt faultcode gt lt faultstring gt lt faultstring gt lt S Fault gt lt S Body gt lt S Envelope gt Error Messages with HTTPS Requests If no SOAP request is available the error message will be sent with HTTP 503 and content type text Error Handling in the Context of OTS 2 Protocol Different error situations which may occur for an OTS 2 client are hereinafter described For more information on the OTS 2 standard errors e g parameters included can be consulted in OTS2 Session setup If the required certificates are missing or invalid an error of the type 1301 TConnect failed will be initiated on the client side This is done either by the method call onError or onRemoteError depending on whether the error is already detected on the client or on the server side In the field reason of the error Certificate error is given as reason If the certificates are inappropriate valid but e g not suitable for the intended publication subscription an error 1301 TConnect failed will Mobility Data Marketplace Page 45 6 4 2 6 4 3 6 4 4 SWUM also be triggered The field reason will then include Certificate inappropriate If you try to use an incorrect protocol connection not soap tls an error of the type 1001 invalid URI will be triggered by onError If the feature t_targetURI is missing in the confi
7. 3 2 Response to the MDM platform The data client system must respond to the request with an HTTPS response The message body is empty The standard HTTP status codes HTTP 1 1 may be used as status codes whereby the explanations described in Table 9 shall apply Description Request Request POST data delivery HTTP 1 1 Host Data client host Content Type text xml Accept Encoding GZIP lt container gt lt container gt Response Response HTTP 1 1 200 OK Status Statuscodes Standard HTTP1 1 Statuscodes HTTP 1 1 codes The following status codes have a particular meaning 400 No subscription parameter or no data has been given 404 Subscription parameters could not be assigned Table 9 Request Response between the MDM broker system data client system with Publisher Push HTTPS AA Mobility Data Marketplace Page 25 4 3 4 3 1 4 3 1 1 SOAP Interface Data supplier Client Pull SOAP DATEX II As with the Client Pull SOAP exchange process the MDM broker system requests the data supplier system to deliver its data to the MDM platform 4 3 1 1 1 Offering a web service The data supplier system must provide a web service that is defined according to the DATEX II Pull WSDL DatexIIPull Null is thereby expected as input As output the MDM broker system gets in return the requested data in DATEX II format J clientPullService LI clientPullinterface B clientPullSoapEndP
8. Broker system The broker system handles the actual processing of the data packets and it is therefore the focus of this interface description Administration The administration is realized by means of a web based user interface GUI see BHB Table 3 Overview of the MDM platform components AA Mobility Data Marketplace Page 10 The following communication and application scenarios are supported by the MDM platform o Interested parties as well as data clients and data suppliers can communicate with the metadata directory by using the web GUI in order to access services such as researching or registering To view or edit certain content of the metadata directory an authentication must first be run throughout the MDM platform security component o Following an authentication via the security component the data client and data supplier systems can establish an M2M communication with the broker system to deliver or request data AA Mobility Data Marketplace Page 11 MVM Formats In order to exchange mobility data between the broker system and the data supplier and data client systems the following data formats are specified o The MDM platform supports the XML based format DATEX II by means of native interfaces to allow rapid utilization of the platform using standard compliant DATEX II implementations o In order to create a generic interface independent from any specific format a new data format is p
9. MDM administration component the data client must enter its service endpoint in the subscription configuration The broker system identifies the data client systems and launches a corresponding web service call If the data transfer could be successfully completed the broker system would then expect a confirmation message from the data client system lt D2LogicalModel d2LogicalModel modelBaseVersion 2 xsi schemaLocation http datex2 eu schema 2 2 0 DATEXIISchema 2 2 0 xsd xmlns D2LogicalModel http datex2 eu schema 2 2 0 xmlns xsi http www w3 0rg 2001 XMLSchema instance D2LogicalModel exchange lt D2LogicalModel response gt acknowledge lt D2LogicalModel response gt D2LogicalModel exchange lt D2LogicalModel d2LogicalModel gt Publisher Push SOAP Container With the Publisher Push exchange process the MDM broker system delivers the data to the data client systems on its own initiative In this process an appropriate SOAP interface must be used Whether the data is event based on occurrence or periodically generated and delivered to the MDM platform is in this case irrelevant the mechanism for the delivery to the data client remains identical Mobility Data Marketplace Page 32 4 3 2 4 1 Offering a web service The data client system must provide a web service that is defined on the basis of the specification MCS A data packet of the type container format must be accepted
10. Require a Certificate based Authentication Mobility Data Marketplace Page 36 4 4 4 2 4 4 4 3 4 4 4 4 SWUM The data supplier must set the following special features in the configuration information o a publisher 1 indicates that it is a data supplier o a c datex any mdmz 1 encodes the specific conditions for the use of OTS 2 protocol in MDM o t targetURI with the complete target URI e g t targetURI soap tls service mac mdm portal de BASt MDM OTS2 Interface pub 2004000 is internally required by the MDM server OTS 2 To establish a connection see also OTS2 chapter 7 6 4 1 and 7 6 4 2 Order Pursuant to OTS2 protocol after a successful connection establishment OTS 2 method call onATied the data supplier has to wait until the MDM places an order OTS 2 method call onASubscribe This order has the type acSubscriptionAnyType The data to be provided is already determined by the selection of the service endpoint in MDM and it is therefore not specified in the order For the order please see also OTS2 chapter 7 6 7 1 and 7 6 7 2 Data delivery The data supplier regularly delivers his data after receipt of the order OTS 2 method ASnippet The data supplier is responsible for the transmission of data packets to MDM in the agreed delivery frequency pursuant to the configuration of the data services in the metadata directory The data packets must use the type acDataAnyType The data there
11. Sat 29 Oct 1994 19 43 31 GMT 4 2 2 1 2 Response to data client 4 2 2 2 The MDM broker system generates an HTTPS response after receipt of the request For this purpose the associated packet buffer and the appropriate data packet will be determined on the basis of the subscription ID The content of the data packet is sent to the data client in the body of the response Pursuant to DATEX II Client Pull HTTP profile DatexIIPSM section 4 the response has the content type text xml charset utf 8 Client Pull HTTPS Container With the client pull exchange process the data client system must prompt the MDM broker system to transfer the data Which subscription is affected has to be specified by a request parameter 4 2 2 2 1 Request to the MDM platform AA The data client system must send an HTTPS GET request to the MDM platform As a parameter the subscription ID of the subscription for which a data packet has to be delivered is handed over to the MDM The URL of the broker system is constructed as follows https BASt MDM Broker Server BASt MDM Interface srv container v1 0 subscriptionID Subskriptions ID Mobility Data Marketplace Page 23 Example https service mac mdm portal de BASt MDM Interface srv container v1 0 subscriptionID 2000000 4 2 2 2 2 Response to the data client system 4 2 2 3 AA The MDM broker system generates an HTTPS response after receipt of the request T
12. called data format has been specially created for the exchange of data via the MDM The schema of the data format is found in the container format specification MCS In addition to the actual payload that is contained in a body element the data format allows more structural information to be transmitted in a header element This information is particularly used to control the communication process bc containerRootElement 4 bc header E container ses Strukturinformationen bc body Nutzdaten Figure 2 Container Format Overview In order to keep the model flexible the format and content of the body element is not specified Thus not only data in XML format can be transported in containers but also binary data AA Mobility Data Marketplace Page 14 fa Ta Kaal Interfaces of the MDM Broker System The MDM broker system takes the role of the client or the role of the server as an intermediary between the data supplier system and the data client system depending on the situation o As a client the broker system can request data from the data supplier or the data supplier can on his own initiative send the data to the broker system o As a client the data client can on its part request data from the broker system or the broker system can send on its own initiative the data to the data client Figure 3 shows the possible paths that are available for data packet transmission between the data
13. following URL for the request by the MDM broker system https DG Maschine context publicationID 2000002 4 2 1 2 2 Response to the MDM platform AA The data supplier system must respond to the request with an HTTPS response The content type of the response must be of the type text xml and should be available as GZIP encoding Non compressed content can also be processed by the MDM platform The message body has to include the requested data packet The standard HTTP status codes HTTP 1 1 must be used whereby the explanations described in Table 6 shall apply Mobility Data Marketplace Page 20 Description Request GET anfrageServlet publicationID 2000002 HTTP 1 1 Host Data supplier host Accept Encoding GZIP Response HTTP 1 1 200 OK Content Type text xml Content Length xx lt container gt lt container gt Statuscodes Standard HTTP1 1 Statuscodes HTTP 1 1 The following status codes have a particular meaning 400 No publication parameter has been given 404 Publication parameters could not be assigned Table 6 Request Response between the data supplier system and the MDM platform with the Client Pull HTTPS 4 2 1 3 Publisher Push HTTPS Container The data supplier system has to send a data packet for a publication to the MDM broker system 4 2 1 3 1 Request to the MDM broker system The data supplier system must send an HTTPS POST request with a mes
14. key out ehp otten software de key gt Enter passphrase for server key lt Enter the previously self selected passphrase gt gt writing RSA key Enter the generated key file in the Apache configuration under the following attribute SSLCertificateKeyFile As a next step split the certificates into two files To do this first open the file lt sammeldatei pem gt with a text editor AA Mobility Data Marketplace Page 72 MVM T gt UltraEdit 32 G projekte j2eeleclipse bast SSL Aprivkey ehp otten software de keyandcerts pem LJ Eile Edit Search Project View Format Column Macro Advanced Window Help Deg la B Aa Wol H BR l Bag Attributes 2 localKeyID 74 8C 25 B2 C2 ED 35 F3 11 5C 2C FE 4C CB 3F 00 B2 C8 6D 73 3 subject C DE ST North Rhine Westphalia O Otten Software GmbH OU IT CN ehp otten software d 4issuer C DE ST North Rhine Westphalia O MATERNA GmbH OU BUC Service Management CN BUC Serv C Programme Apache C Programme Apache C Programme Apache CiWINDOWSIsystem3 G projekte jzee eclipsd Edit2 G projekte jzee eclipsd x lotten swiotsoft PRC Me 32 Bag Attributes No Attributes gt 33 subject C DE ST North Rhine Westphalia O MATERNA GmbH OU BUC Service Management CN BUC Ser 34 issuer C DE ST North Rhine Westphalia L Dortmund O MATERNA GmbH OU BUC Service Management 36 MIIFrTCCASUgAwIBAgIBCTANBgkqhkiG9wOBAQUF ADCBOZELMAKGA1UEBhMCREUX 37 Hzh dBgNVBAgTFk5vcnRoIFJoaUSlLVd
15. sent to the data supplier data client by e mail The password that is required for signature is sent by fax The data supplier system data client system must finally integrate the certificate into their IT infrastructure so that the data exchange with the MDM platform can be authenticated Tasks of the Security Component The security component is responsible for the realization of the safety aspects of the MDM platform This includes in particular the authentication of data supplier systems and data client systems which want to communicate with the MDM platform Before the data packets arriving at the MDM platform can be accepted their origin must be checked This includes the authentication of the data supplier system that is associated with the data packet using a digital certificate Each data supplier system must have a valid certificate to be used for login at the platform The security component authenticates the certificate sent by the data supplier system within the MDM platform Before a data packet can be sent to a data client system the identity of this data client system needs to be checked Each data client system must authenticate itself to the MDM platform using a digital certificate The security component authenticates the certificate sent by the data client system within the MDM platform The confidentiality of communications between the data supplier system and the MDM platform on the one hand and the MDM platfo
16. supplier and the broker system on the one hand and the broker system and the data client on the other Client Client du E g t o gt E o O 9 S 9 O ke Data Supplier Publisher Publisher en d Figure 3 Interfaces between data supplier broker system and data client The data packets received or sent by the broker system must be in DATEX II format or in self defined container format The transmission protocols HTTPS and SOAP via HTTPS are supported for each format For the format DATEX II the OTS 2 protocol is also supported The following table shows what communications are supported The section in which the relevant communication is described distinguished by the data supplier and data client systems is mentioned for each data format DATEX II container communication pattern Client Pull Publisher Push and protocol HTTPS SOAP OTS 2 if Supported Mobility Data Marketplace Page 15 4 1 SWUM It is additionally indicated whether the data supplier or data client system acts as a client or as a server towards the MDM Client here means that the system makes enquiries to the MDM or actively establishes the connection to it On the other hand server means that the system is contacted by the MDM and must answer its enquiries In this case an external network access to the system to be connected to the MDM must be allowed Data supplier sys
17. 0 Se WSO ed vee 00 10 2 KeyIdentifier FB 4B 89 BO No Certificate was added to keystore Do you trust this certificate x Signature algorithm name ReasonFlags D9 D4 57 C9 3E 64 CC EA 2011 until Sat Feb 0 Digital thumbprint of the certificate OA DA 6A FB 5B AD F7 31 77 BD BB 8E 4C C2 58 08 FC 60 48 F4 E3 25 AB Z 12200752 CET 2013 SHAlwithRSA Version 3 Enhancements 1 ObjectId 2 5 29 19 Criticality true BasicConstraints CA true PathLen 0 2 ObjectId 2 5 29 15 KeyUsage Key CertSign Crl Sign 3 ObjectId 2 5 29 14 SubjectKeyIdentifier KeyIdentifier 0000 32 60 8E F6 ot Ute en tob 0010 A2 95 CD 9A 4 ObjectId 2 5 29 31 CRLDistributionPoints DistributionPoint key compromi 2 16 840 1 113730 1 1 Criticality false 37 18 37 5D Yes URIName se 5 EB Cl 6B 89 Mobility Data Marketplace Page 67 author Frank Rossol x public class TestClientCertDatex2 return n public D2LogicalModel testClientPullService URL wsdlUrl null QName serviceName null String subscriptionId 123456 Server name under which the MDM platform is accessible String mdmHost service mac mdm portal de ClientPullService cpsp null try wsdlUrl new URL https mdmHost BASt MDM Interface srv subscriptionId clientPullService wsdl serviceName new QName http datex2 eu wsdl clientPull 2 0
18. 4wV2 zAMBgNVHRMEBTADAQH MAOGCSQqGSID3DQEBBQUAA4ICAQAa 101 7hgOOEJwyc ALv4At7ciUZCfwIIx4wmljArjOY7mqgDftMWhsKnR8O0drYdqcdAGEK wU 102 ooLLX9rOfpu tu cF VJPuD3ErnRbiuwZO3tTqQgZKTd9m69QD5JGukd3mKSHfGV 103 5DZI2x9n47Uh3i5gkB4ubpOQORZcfyiaj3LzjU JQ6v aAKo uhThSVBaVMdfTpNF 104 DEOhimDnsTYqhhP lH3J c uojJixsSrESckFBCceRscHvKDm8wzEFtPAFvGz7O06Sz 105 ErZoc7DQT uUGFP7efdfFMrNilFiP5VsuK60GYRH CKOTUCUd822wa37hQFJdJUp 106 6YG4 77Diett6TnGsIzoPiktVerWQ2DmdiBjHq nv6MiiXlDqBGhiZv5AO0SG9RbU 107 g57ulIq WpZ p8z685Bq32wQOnfHqx211A1z7GdsR9AtgcC6SBbGc4WykNoObJHao 108 ZZ59VmWXOglcSEQgbermttIJVSyt2je2BhhmiyYeugrQ9BG4XM bYDqIu17jcDGgk 109 uy9j cruFHYaaPKoO0Vk6 c USpWORSOnNwvJSbS3vYsWcZdSNj9YONSeXc5yd4bGcoQV 110 7UZztYy4pck dODey3hKICDk4xnhNxI21jfUT27Yl18Jkev9ptogBSRhwp hUfvOq 111 j8vKO2UZSKBnOcbKZDiN ynJTHHZJTJaUGAt5rHWp A X hotten swiatsoft PRG 113 Bag Attributes 114 localKeyID 7A 8C 25 B2 C2 ED 35 F3 11 5C 2C FE 4C CB 3F 00 B2 C8 6D 73 115 Key Attribute lt No Attributes gt For Help press F1 Figure 16 File lt sammeldatei pem gt Copy the part of BEGIN RSA PRIVAT until A F Ei T ND RSA PRIVATE KEY to a new file named lt server key gt Mobility Data Marketplace Page 71 Remove the passphrase to prevent that it is requested each time the server is restarted openssl rsa in lt server key gt out lt server key nopass gt Example openssl rsa in server
19. 9 Oct 1994 19 43 31 GMT Mobility Data Marketplace Page 19 4 2 1 1 2 Response to the MDM platform 4 2 1 2 After receipt of the request the data supplier system must generate an HTTPS response whose message body consists of the requested DATEX II data Pursuant to DatexIIPSM section 4 the response has the content type text xml charset utf 8 and should be available as GZIP encoding The MDM broker system accepts this data and stores it in a packet buffer A previous data packet if it still exists will be replaced Client Pull HTTPS Container The MDM broker system prompts the data supplier system to periodically deliver a packet for a publication to the MDM platform The time interval used must be configured in the metadata directory when configuring the data services 4 2 1 2 1 Request to data supplier The broker system sends an HTTPS GET request to the data supplier system As a parameter the publication ID of the publication for which a data packet has to be delivered is handed over to the MDM Via the MDM administration component the data supplier must enter its URL in the publication configuration The URL of the data supplier system from the publication configuration is complemented by appending the publication ID Example Data supplier configured in metadata directory as URL for pickup https DG Maschine context The ID of the associated publication is 2000002 This results in the
20. T I_OITD gt lt transportId gt AA Mobility Data Marketplace Page 51 SWUM lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt transportId gt config version m configListServer S3A gt tConnectR lt env Body gt lt env Envelope gt Request tGet tGetR Response s u S Envelope xmlns S http schemas xmlsoap org soap envelope gt S Body tGet xmlns http opentrafficsystems org OTS2 xmlns ns22 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I OITD transportId lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt transportId gt lt tGet gt lt S Body gt lt S Envelope gt Request sOpen via tSend tSendR Response is empty lt S Envelope xmlns S http schemas xmlsoap org soap envelope gt lt S Body gt tSend xmlns http opentrafficsystems org OTS2 xmlns ns22 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I OITD transportId lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt transportId data xmlns xsi http www w3 org 2001 XMLSchema instance xsi type sOpenType neededConfig version m configListClient C2X data tSend 8 Body lt S Envelope gt Response sOpenResponse via tGetR tGet Request see above lt e
21. Technical Interface Description Version 2 4 1 28 04 2015 Table of Contents 1 1 1 1 2 1 3 1 4 2 3 3 1 3 2 4 4 1 4 1 1 4 1 2 4 2 4 2 1 4 2 2 4 3 4 3 1 4 3 2 4 4 4 4 1 4 4 2 4 4 3 4 4 4 4 4 5 5 1 5 2 5 3 5 4 5 5 5 6 SVM TTPO Lur lo EE 6 EE 6 Structure of the Docmoent irrito icto tieni EE 6 Referenced Documents 7 List ot ADBESVISEIONS ore e E b le b lt bun E nee rer 8 Overview of the MDM Platform Components eeen 10 Formats c 12 BATEN DEE 13 Container Format inteb cmd e ete ee Seege s Reg 14 Interfaces of the MDM Broker System ek 15 Use Df Interfac amp Sun amen amenities iten iten 16 Data SUPPER csi eeu helen adm nen nand it E IE a 18 Re E EE 18 HTTPS Interface E 19 Data SUP EE 19 Data Client e oe ice I IA A a 22 E El EE 26 RECKEN 26 Data CERES Lets Are deten enn eee ene 30 OTS 2 IntSrface i pee eode ae 34 Neien UE 34 SE 34 DATEX II compression for OTS 2 sss 34 OTS 2 PBbD IISD dtes onto ee tato e oti Tu duo 35 OTS 2 el le 38 Certificate based M2M Communication 41 Tasks of the Security Comporient ectetuer raten ee 41 Note on Server Name Indication keen 42 Applying for a Machine Certificate nnnsnnnnnnnneeennnnnneeeeennnen 42 Installing a Machine Certificate and Issuer Certificate 43 Authentication of the MDM Platform as Web Client 43 Authentication of Data Supplie
22. able 5 MDM operation modes The OTS 2 protocol OTS2 works session based and by publish subscribe data subscription It differs from the other interfaces provided by MDM The valid specification of the OTS 2 protocol including associated schema and WSDL files can be obtained from the OTS website OTS2 The available content complies with the DIN SPEC PAS 91213 OTS2DIN The use of the MDM OTS 2 interface requires a client that implements the OTS 2 protocol stack Since OTS 2 has a higher complexity than the other interfaces provided by MDM due to its extensive capabilities only partially required for the MDM interface its use must be weighed carefully The use will particularly be rewarding if other OTS 2 interfaces are operated or planned in the client system or if the advantage of the push mode is used for data clients This advantage consists of the ability to transfer without delays caused by additional latency by poling MDM data in push mode without having to implement a server that makes an opening of its own network necessary for external access for the MDM see chapter 4 4 5 Thus the data client is supplied as soon as possible It does however not open its network to the outside as in the corresponding Push HTTPS and SOAP protocol options of MDM OTS 2 uses only DATEX II as data model as described in this document or in DatexIISpec Regarding the dispatch of complete data packets as opposed to the dispatch o
23. ache Server Configuration 70 Mobility Data Marketplace Page 3 List of tables Table 1 Referenced documents ee Table 2 Eist of abbreviations oc de E Eee ea eene Table 3 Overview of the MDM platform components anneer Table 4 Overview of the interfaces of the MDM broker system Table 5 MDM operation modes iie s Ft ices er E a ec a ee ate Table 6 Request Response between the data supplier system and the MDM platform with the Client Pull HTTPS ENER Table 7 Request Response between the data supplier system and the MDM platform with the Publisher Push HTTPS eenen eenenennenn Table 8 Request Response between MDM platform data client system with Client Pull HTTPS eesseesseeennenm Imm nennen nemen herr nnns nn is Table 9 Request Response between the MDM broker system data client system with Publisher Push HIT List of figures Figure 1 Components of the MDM platform a eeneeee eneen eennnenneeen Figure 2 Container Format Overview sssssssseeeeenem eene Figure 3 Interfaces between data supplier broker system and data client Figure 4 Webservice Data supplier system MDM broker system DATEX II ClienteP ll s s ek E Figure 5 Webservice Data supplier system MDM broker system Container Client PUL ae sce eco reete oie e Mee eie Figure 6 Webservice Data supplier system MDM broker system DATEX II Publisher Du
24. ackage If the package is considered at HTTP level it will then constitute an uncompressed packet Given the specific requirements regarding the processing time of data packets through the MDM and the relatively long computation time required for the compression of a single data packet it has been decided that only the DATEX II payload would be transmitted compressed and the subscription specific individual OTS 2 frame would be transmitted uncompressed Thus the Mobility Data Marketplace Page 34 4 4 4 SWUM MDM can also submit a once compressed data packet to a number of data clients using OTS 2 For this purpose an OTS 2 snippet of the type acDataAnyType other types are not used includes a BASE64Binary encoded binary package which contains the DATEX II package in GZIP compressed form The binary package is embedded in a lt binary gt element The attribute type of the lt binary gt element identifies the type of data transferred and it is here provided with base64BinaryDatex2Gzip This results in the following structure within an OTS 2 snippet lt dataAny gt lt binary type base64BinaryDatex2Gzip gt PGQyTG9naWNhbE1vZGVsIHhtbG5zPSJodHRwOi8vZGFOZXgyLmV 1L3NjaGVt binary dataAny Figure 12 Structure of a binary coded OTS 2 dataAny PDU To restore the original DATEX II package a data client must first decode the content of the binary element from the dataAny snippet using BASE64Binary and t
25. ain crt gt Mobility Data Marketplace Page 73 Enter this file in the Apache configuration under the following attribute SSLCertificateChainFile Enter the MDM client certificate incl the certificate hierarchy under the following Apache attribute SSLCACertificateFile Example of an Apache configuration SSLCertificateFile C Programme Apache Software Foundation Apache2 2 conf ssl ssl crt ehp otten software de crt SSLCertificateKeyFile C Programme Apache Software Foundation Apache2 2 conf ssl ssl key ehp otten software de key SSLCertificateChainFile C Programme Apache Software Foundation Apache2 2 conf ssl ssl crt bast_ cert chain crt SSLCACertificateFile C Programme Apache Software Foundation Apache2 2 conf ssl ssl crt bast_trust_chain crt AA Mobility Data Marketplace Page 74
26. as input and as output a status message must be delivered JQ TrafficDataService g bast 3i pushContainerData B containerReceiver http datennehmerhost input P containerdata e containerdata Ql output status e containerdata Figure 11 Web service MDM broker system Data client system Container Publisher Push 4 3 2 4 2 Calling up the web service The MDM broker system provides a web service client that is defined according to the container format specification MCS to invoke the web services of the data client system Via the MDM administration component the data client must enter its service endpoint in the URL attribute of the subscription configuration The broker system identifies the data client systems and launches a corresponding web service call If the data transfer could be successfully completed the broker system would then expect a status message from the data client system AA Mobility Data Marketplace Page 33 4 4 4 4 1 4 4 2 4 4 3 SWUM OTS 2 Interface Procedure For delivering or retrieving data the external client must initially establish a session with the OTS 2 server of the MDM platform In response a data order subscription takes place within the session by the intended recipient data client or MDM The data transmitter MDM or data supplier will then transmit the required data within the existing session automatically and continuously without any further qu
27. at Feb 02 12 00 52 CET 2013 Digital thumbprint of the certificate ZS MD5 OA DA 6A FB 5B AD F7 31 77 BD BB 8E 4C C2 58 08 Si SHA1 E8 4A 92 C2 05 65 15 78 E9 B6 C1 D7 53 FC 60 48 F4 E3 25 AB x Signature algorithm name SHAlwithRSA Version 3 Enhancements 1 ObjectId 2 5 29 19 Criticality true BasicConstraints CA true PathLen 0 X 2 ObjectId 2 5 29 15 Criticality false KeyUsage Key CertSign B Crl Sign x a 3 ObjectId 2 5 29 14 Criticality false SubjectKeyIdentifier KeyIdentifier 0000 32 60 8E F6 A7 CE 7B 92 CB 28 OF AB 05 05 96 9A 2 nd s 0010 A2 95 CD 9A esed a 4 ObjectId 2 5 29 31 Criticality false CRLDistributionPoints DistributionPoint URIName http ca mbucqa de sslca crl ReasonFlags key compromise CA compromise E 5 ObjectId 2 16 840 1 113730 1 1 Criticality false Mobility Data Marketplace Page 61 NetscapeCertType SSL CA hd x 6 ObjectId 2 5 29 35 Criticality false AuthorityKeyIdentifier KeyIdentifier 0000 D9 D4 57 C9 3E 64 CC EA 37 18 37 5D EB Cl 6B 89 W 2d 7 7 k 0010 FB 4B 89 BO RV ia Do you trust this certificate No Yes Certificate was added to keystore author Frank Rossol public class TestClientCertHttpDatex2 returns an SSL connection by using client certificates to the specified URL param urlString URL to whic
28. ata of individual data suppliers Thus the MDM platform allows its users to offer find and subscribe to online traffic related data without the necessity of any time consuming search for relevant data and a complex technical and organisational coordination between data clients and data suppliers The data exchange is handled via standardized interfaces In conclusion the business processes should be simplified for all parties involved and the potential of existing data sources should be exploited This interface description is aimed at potential data suppliers and data clients It is presupposed that knowledge in the implementation and operation of SOAP web services SOAP or HTTPS client server architectures are provided in order to use the interfaces of the MDM system The interfaces offered by the MDM platform can be used by the data supplier systems and data client systems to access the services of the platform These services for data collection or deliveries are provided by using defined and unified URLs URL and require a certificate based client authentication via HTTPS HTTPS For this client authentication X 509 compliant certificates are used PKI They are issued by the operator of the MDM platform The data transfer between the MDM platform and the data supplier or data client systems can be supplied via SOAP based web services or simple HTTPS GET POST requests In addition the transmission by OTS2 protocol is provided Wh
29. ation The Apache server configuration cannot handle any files of the type p12 For processing manual steps that are described in the following chapters are required Export first the keys and certificates Run the following command in the command prompt openssl exe pkcsl2 in lt pl2 Datei gt out lt sammeldatei pem gt Example openssl exe pkcsl2 in ehp otten software de p12 out ehp otten software de keyandcerts pem Enter the certificate passwords in the openssl environment gt Enter Import Password Password from fax gt MAC verified OK gt Enter PEM pass phrase lt Self selected passphrase for the key gt Verifying Enter PEM passphrase lt Repetition of the self selected passphrase for the key gt Mobility Data Marketplace Page 70 MVM Open the file lt sammeldatei pem gt with a text editor T UltraEdit 32 G projekte j2ee eclipse bast SSL privkey ehp otten software de keyandcerts pem Elle Edit Search Project View Format Column Macro Advanced Window Help Dsg amp nHewHEFk5BEessshwa pace6gnest Fatz hosts P12 Datei f r Apache zelegen pt ehp otten software de keyandcerts pem Edi o 97 MRUWEwYDVOQOKE wxNOVRF UkKSBIEdt YkgxHzAdBgNVBAsTFRIVOyBTZXJ2ZauUN1IEih 98 brFnzWi1lbnOxNTAzBgNVBAMTLEJVOyBTZXJZaWUNIIEihbmFnzWilbnQgOZVydGlm 99 aUNhdGUgQOXVOaGS9SyaXR5MSEvHwYJKoZIhvcNAQKBFhJKkYUxiZXJzQGihdGVybmEu 100 ZGUCCQCBHJUOu
30. d by either side OTS 2 methods AUnSubscribe to terminate the order or delivery data and then AUntie to terminate a connection Connections will be terminated by the MDM only if a publication or a subscription is set out in an inactive mode from the administration metadata directory or if the MDM server is shut down e g for maintenance purposes In the case of a connection termination OTS 2 method call onAUntied the client receives in the first case the reason MDM Service Disabled in the field reason and in the second case the reason MDM Server Shutdown If the data client wants to terminate the connection it will have to provide an appropriate justification in the reason field e g MDM Client Shutdown or MDM Client Restart to create detailed log messages To terminate a connection see also OTS2 chapter 7 6 5 and 7 6 8 Mobility Data Marketplace Page 40 5 1 SWUM Certificate based M2M Communication The security component of the MDM platform requires a certificate based data exchange between the data supplier system and the platform on the one side and between the platform and the data client system on the other This chapter begins with an overview of the functions of the security component and then describes the steps to be taken by the data suppliers and the data clients to request certificates and set them up for M2M communication The certificate is created following a request and then
31. e stamp with the date of creation according to the elements of the container model schema The data supplier system must generate and return a data packet in the container format for the transferred publication ID CI bastContainer pullContainerDataBroker JS TrafficDataService 5 containerSender http Idatengeberhost co EP publicationId e publicationId timestamp le timestamp output containerdata el containerdata Figure 5 Webservice Data supplier system MDM broker system Container Client Pull Via the MDM administration component the data supplier must enter the service endpoint in the URL attribute of the publication configuration 4 3 1 2 2 Calling up a web service 4 3 1 3 AA The MDM broker system provides a web service client that is defined according to the container format specification MCS to invoke web services The broker system identifies the data supplier systems that have subscribed to a pull method and the associated service endpoints in the metadata directory and periodically calls them up according to the configured publication frequency The data received after the call is cached in corresponding packet buffers for delivery to potential data clients A previous data packet if it still exists will be replaced Publisher Push SOAP DATEX II With the Publisher Push exchange process the data supplier system must deliver the data to the MDM platform on its own
32. em is as follows https BASt MDM Broker Server BASt MDM Interface srv container v1 0 Example https service mac mdm portal de BASt MDM Interface srv container v1 0 4 3 2 3 Publisher Push SOAP DATEX II With the Publisher Push exchange process the MDM broker system delivers the data to the data client systems on its own initiative In this process an appropriate SOAP interface must be used Whether the data is event based on occurrence or periodically generated and delivered to the MDM platform is in this case irrelevant the mechanism for the delivery to the data client is identical 4 3 2 3 1 Offering a web service The data client system must provide a web service that is defined according to the specification DatexIIPush The data to be supplied is expected as input As output the MDM platform gets in return AA Mobility Data Marketplace Page 31 confirmation data in DATEX II format The format of the input parameter corresponds to the DATEX II scheme DatexIISchema supplierPushInterface supplierPushService m supplierPushSoapEndPoint https MDP adress suppl Figure 10 Web service MDM broker system Data client system DATEX II Publisher Push 4 3 2 3 2 Calling up the web service 4 3 2 4 MVM The MDM broker system provides a web service client that is defined according to the DatexIIPush to invoke the web services of the data client system Via the
33. en transmitting data between the MDM platform and the data supplier systems both GZIP encoded i e compressed and uncompressed HTTPS requests and responses are supported The data transmission between the MDM platform and the data client systems always takes place using GZIP encoded HTTPS requests and responses If SOAP is used for transmission the WS security standards must be adhered to This includes a transfer of the security token and possibly the signature of the message Structure of the Document This document is divided into the following sections o Section 1 provides a brief overview the referenced documents and the list of abbreviations o Section 2 describes the components of the MDM system Mobility Data Marketplace Page 6 o Section 3 handles the available data formats o Section 4 describes the interfaces of the MDM platform for M2M communications o Section 5 describes the measures which secure the M2M communication o Section 6 shows possible messages that might occur with faulty requests to the interfaces o Section 7 contains XML examples for SOAP and HTTPS requests in DATEX II and container format and an example of the use of OTS 2 1 3 Referenced Documents Source Publisher MDM User Manual V1 2 BHB http service mdm portal de doc MDM Benutzerhandbuch pdf DatexIIPSM DATEX II V2 0 Exchange Platform Specific Model DatexIIPull DATEX II V2 0 Pull wsdl DatexIIPush DATEX II V2 0 Push w
34. er aSubscribe and the data delivery aSnippets are transmitted in the reverse direction the order is received over tGetR and the data delivery is sent over tSend instead of vice versa as shown in the example 7 3 1 1 Connection establishment The subscription ID must be provided in the path of the URL and additionally the URL as a configuration parameter t_targetURI Request tConnect lt S Envelope xmlns S http schemas xmlsoap org soap envelope gt lt S Body gt lt tConnect xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I_OITD gt lt clientId gt f 97c2b4c0a8013800d902546789ad4c lt clientId gt username lt password gt lt localTransportId gt 1 lt localTransportId gt lt timeout gt 100000 lt timeout gt lt neededConfig version m_configListClient_C3X gt lt cfgs gt cfg name t targetURI soap tls service mac mdm portal de BASt MDM OTS2 DeliveryService sub 2035000 name min 0 min lt max gt 0 lt max gt cfg cfgs neededConfig tConnect lt S Body gt lt S Envelope gt Response tConnectR lt env Envelope xmlns env http schemas xmlsoap org soap envelope gt lt env Header gt lt env Body gt lt tConnectR xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCI
35. er 4 The underlying documents on which DATEX II is based are listed in chapter Referenced Documents DatexlIISpec The structure of the DATEX II payload is not relevant to the MDM platform as the latter transfers the data unchanged and does not process the data in any way DATEX II not only provides for the dispatch of complete data packets but also for sending updates to previous versions This DATEX II option is not supported by the MDM platform Both the data supplier system and the MDM broker system must always send complete data packets This means that each packet contains all records of the relevant publication that are known to the data supplier These records are valid at the time of packet sending It is therefore not possible to send only changes to the last known state This may seem to be a disadvantage but it is a requirement that is essential to the preservation of the MDM system scalability The disadvantage of this partial redundancy is tacitly accepted as it is taken into account by the scalable architecture of the platform and the performance of modern ICT infrastructure It should be borne in mind that the MDM platform diminishes the burden of scalability of the data suppliers Mobility Data Marketplace Page 13 3 2 Container Format In addition to the DATEX II standard mentioned in the previous section another XML based model for the transmission of data is supported by the MDM platform This container format
36. eries until the order is completed Features The methods of the OTS 2 activity layer used for communication with the MDM include ATie ASubscribe for data clients ASnippet for data suppliers AUnsubscribe and AUntie The used method calls comprise onATied onASnippet for data clients onASubscribe for data suppliers onAUnsubscribe and onAUntied The data contents application subscriptionAny and dataAny are transported Only the OTS 2 protocol range which enables the transmission of any up to date DATEX II packages by subscriptionAny will therefore be needed Singular queries and commands are not used Historical data cannot be obtained from the MDM In addition special requests to read out the current state and then subsequent changes are not supported Therefore data packets coming from the data suppliers must always describe the complete current state The data clients cannot retrieve any selection of objects belonging to a service The data packets are always completely submitted MDM subscription If necessary data suppliers should split their data offering into several publications in order to enable the data clients to subscribe to only a subset of the available data services DATEX II compression for OTS 2 On the data client side the MDM basically provides compressed data In contrast to the use of HTTPS and SOAP protocols only the DATEX II payload is compressed in the case of OTS 2 and not the complete OTS 2 p
37. f changes the descriptions in chapter 4 4 2 shall apply Compression is applied only for the actual payload not for the OTS 2 protocol part see chapter 4 4 3 Mobility Data Marketplace Page 17 4 1 1 4 1 2 SWUM Data supplier Towards the data supplier the publisher the MDM broker system appears as a subscriber who receives the data packets The broker system can assume the role of a server or a client depending on the procedure When using the OTS 2 protocol the broker system takes the role of an OTS 2 distributor the data supplier system takes the role of an OTS 2 publisher Data client Towards the data client the subscriber the MDM broker system appears as a publisher who provides the data packets The broker system can assume the role of a server or a client depending on the procedure When using the OTS 2 protocol the broker system takes the role of an OTS 2 distributor the data client system takes the role of an OTS 2 subscriber Mobility Data Marketplace Page 18 4 2 4 2 1 4 2 1 1 HTTPS Interface Data supplier Client Pull HTTPS DATEX II As with the client pull exchange process the MDM broker system requests the data supplier system periodically to deliver its data to the MDM platform The time interval used must be configured in the metadata directory when configuring the data services For this exchange the points C1 C12 from the Simple HTTP Server Profile of the DatexIIPSM shal
38. f the certificate file Path to the certificate to be imported keystore file name of the trusstore file Example C Programme Java jdk1 6 0 22 bin keytool import trustcacerts alias BUCServiceManagementCertificateAuthority file trustcerts BUCServiceManagementCertificateAuthority crt keystore mytruststore jks Enter the keystore password again With the first certificate set your own password Use this password for all subsequent imports Enter the password again Password repetition The following is the output of the certificate to be imported Owner EMAILADDRESS dalbers materna de CN BUC Service Management SSL CA OU BU C Service Management O MATERNA GmbH ST North Rhine Westphalia C DE Originator EMAILADDRESS dalbers materna de CN BUC Service Management Certificate Authority OU BUC Service Management O MATERNA GmbH L Dortmund ST North Rhine Westphalia C DE Serial number 9 AA Mobility Data Marketplace Page 66 SWVMN Valid from Thu Feb 03 12 00 52 CET MD5 SHA1 E8 4A 92 C2 05 65 15 78 E9 B6 C1 D7 53 Criticality false Criticality false A7 CE 7B 92 sand CB 28 OF AB U5 05 96 9A Criticality false http ca mbucqa de sslca crl CA compromise ObjectId NetscapeCertType SSL CA ObjectId 2 5 29 35 Criticality false AuthorityKeyIdentifier 000
39. fic error of the type 10002 Mobility Data Marketplace Page 46 7 1 7 1 1 7 1 2 AA Examples HTTPS Interface Data Supplier Client Pull HTTPS Container The publication ID must be provided as a parameter in the URL Request GET https DG Server Context publicationID 2053008 content type text plain accept encoding identity gzip Response lt xml version 1 0 encoding UTF 8 standalone yes container xmlns http ws bast de container TrafficDataService xmlns ns2 http schemas xmlsoap org ws 2002 07 utility xmlns ns3 http www w3 org 2000 09 xmldsig gt lt header gt lt Identifier gt lt publicationId gt 2053008 lt publicationId gt lt Identifier gt lt header gt lt body gt lt binary id test id bin type hexBinary gt amp lt CDATA amp gt lt binary gt xml schema test schema id test id xml lt n4 musterDatenRoot gt lt n4 trafficData origin home gt lt n4 musterDatenRoot gt xml body lt container gt Data Supplier Publisher Push HTTPS Container The publication ID is included in the XML data lt xml version 1 0 encoding UTF 8 ns3 containerRootElementEl xmlns http www w3 org 2000 09 xmldsig xmlns ns2 http schemas xmlsoap org ws 2002 07 utility xmlns ns3 http ws bast de container TrafficDataService gt lt ns3 header gt lt ns3 Identifier gt lt ns3 publicationId
40. g to the specification DatexIIPull to invoke web services The corresponding subscription ID must be carried in the URL as input parameter The SOAP endpoint of the broker system is as follows https BASt MDM Broker Server BASt MDM Interface srv lt Subskriptions ID gt clientPullService Example https service mac mdm portal de BASt MDM Interface srv 2000000 clientPullService Client Pull SOAP Container With the Client Pull SOAP exchange process the data client system must prompt the MDM platform to transfer the data to the data client system Mobility Data Marketplace Page 30 4 3 2 2 1 Offering a web service The MDM broker system provides a web service which expects as input a subscription ID and a timestamp includes the creation time of the request The data is returned as output in the container format 4 amp TrafficDataService a bastContainer ZS pullContainerDataClient ovs subscriptionId e subscriptionId B containerSender http mdphost container timestamp timestamp lloutput P containerdata E containerdata Figure 9 Web service MDM broker system Data client system Container Client Pull 4 3 2 2 2 Calling up the web service The data client system must provide a web service client in accordance with the container format specification MCS This client serves to launch the web service The SOAP endpoint of the broker syst
41. gt 12345 lt ns3 publicationId gt lt ns3 Identifier gt ns3 header lt ns3 body gt lt ns3 binary id test id bin type hexBinary gt Mobility Data Marketplace Page 47 dGVzdC10ZXhO0 amp xD lt ns3 binary gt lt ns3 xml schema test schema id test id xml gt lt n4 musterDatenRoot gt lt n4 trafficData origin home gt lt n4 musterDatenRoot gt ns3 xml ns3 body ns3 containerRootElementEl 7 1 3 Data client Client Pull HTTPS DATEX II The request must contain no more data The subscription ID must be provided in the path of the URL and also as a parameter GET https service mac mdm portal de BASt MDM nterface srv 2000000 clientPullService subscriptionID 2000000 H 7 1 4 Data client Client Pull HTTPS Container The request must contain no more data The subscription ID must be provided as a parameter in the URL Request GET https service mac mdm portal de BASt MDM nterface srv container v1 0 subscriptionID 2000000 i 7 2 SOAP Interface 7 2 1 Data Supplier Publisher Push SOAP DATEX II The publication ID must be provided in the path of the URL https service mac mdm portal de BASt MDM Interface srv 2000002 supplierPushService lt xml version 1 0 encoding UTF 8 S Envelope xmlns S http schemas xmlsoap org soap envelope gt S Body d2LogicalModel xmlns h
42. guration information an error of the type 5102 rejected will be triggered by onRemoteError The field reason will include Feature t targetURI required If the feature a c datex any mdm is missing in the configuration information an error of the type 3301 ATie failed will be triggered by onRemoteError The field reason will include Feature a c datex any mdm required If the server does not accept any connections or is not available an error of the type 1301 TConnect failed will be triggered The field reason will include Unavailable URI Order If the order is of the wrong type not acSubscriptionAnyType an error of the type 8709 Subscription invalid parameter will be triggered In the field par you find the invalid type Data delivery If a data delivery to the MDM is of the wrong type not acDataAnyType or not processable content an MDM specific error of the type 10001 will be triggered General If there is no communication for a longer period of time and the connection is in a timeout or if the connection is unexpectedly interrupted for other reasons an error of the type 1003 Transport connection lost will be triggered If a data transfer fails an error 1501 TSenaData failed will be triggered In both cases the connection must be ended and if necessary a re establishment of the connection must be attempted An internal error of the MDM broker component is displayed with the MDM speci
43. h the connection is to be established return HttpsURLConnection Https connection x private HttpsURLConnection getSecureConnection String urlString try Password of the P12 file String password myKeyPass Password of the truststore file that contains the certificates of the MDM platform String trustPassword myTrustStorePass Type of keystore file String keyStoreType pkcs12 Type of truststore file String trustStoreType JKS Load p12 file KeyStore keyStore KeyStore getInstance keyStoreType keyStore load new FileInputStream C MDMClient java SSL privkey myPrivateKey p12 passwort toCharArray KeyManagerFactory kmf KeyManagerFactory getInstance SunX509 SunJSSE kmf init keyStore passwort toCharArray Load truststore eyStore trustStore KeyStore getInstance trustStoreType MVM Mobility Data Marketplace Page 62 trustStore load new FileInputStream C MDMClient java SSL myTrustStore jks trustPasswort toCharArray TrustManagerFactory tmf TrustManagerFactory getInstance PKIX tmf init trustStore TrustManager tms tmf getTrustManagers SSLContext sslcontext SSLContext getInstance TLS KeyManager km kmf getKeyManagers SecureRandom random new SecureRandom Initialize SSL context with keystore and truststore instances sslcontext init km tms random SSLSocketFactory sslfactory sslcontext getSocketFactory HttpsURLCo
44. he standard HTTP status codes HTTP 1 1 can be used whereby the explanations described in Table 8 shall apply The content type of the response is of the type text xml and is sent GZIP compressed The message body of the response consists of the requested data packet Description Request Request GET BASt MDM Interface srv container v1 O0 subscriptionID 2000000 HTTP 1 1 Host mdmhost Accept Encoding GZIP Response Response HTTP 1 1 200 OK Content Type text xml Content Length xx container lt container gt Statuscodes Standard HTTP1 1 Statuscodes HTTP 1 1 The following status codes have a particular meaning 204 No data packet in the packet buffer for subscription 400 No subscription parameter 404 None or no longer valid subscription to the subscription parameter found Table 8 Request Response between MDM platform data client system with Client Pull HTTPS Publisher Push HTTPS Container The MDM broker system sends a data packet of a subscription to a data client system Mobility Data Marketplace Page 24 4 2 2 3 1 Request to the data client system The MDM broker system sends an HTTPS POST request to the data client system in which the subscription ID is delivered in the header element and the payload in the body element of the container message Via the MDM administration component the data client must enter its URL in the subscription configuration 4 2 2
45. hen decompress it using GZIP In addition to classic compression at HTTP level OTS 2 data suppliers can also use this variant of compression during delivery the use of this method is recommended OTS 2 Publish When using the OTS 2 protocol the data supplier takes the role of an OTS 2 publisher Depending on the MDM publication a separate connection has to be established to the designated service endpoint OTS 2 method ATie The URL of the service endpoint is structured as follows soap tls BASt MDM Broker Server BASt MDM OTS2 Interface pub lt publicationID gt Mobility Data Marketplace Page 35 Example soap tls service mac mdm portal de BASt MDM OTS2 Interface pub 2004000 The connections are usually maintained as long as possible permanently and not rebuilt e g every minute The authentication takes place only when establishing a connection see below The following Figure 13 shows an example of a sequence with a connection establishment order by the MDM data delivery by the client here are just two deliveries indicated and a connection terminated by the client a disconnection in the reverse direction by the MDM would also be possible The data supplier client is located on the left side sd MDMPublisher Interne Kommunikation ikati Client Publisher zwischen Client OTSAcitivity Kommunikation zwischen Server OTSAcitivity Pala MDM Server OTSActivit
46. ient system must prompt the MDM broker system to transfer the data 4 2 2 1 1 Request to the MDM platform SWUM The data client system must send an HTTPS GET request to the URL of the MDM platform Due to the subscription ID the associated packet buffer and the data packet are determined The URL of the broker system is constructed as follows https lt BASt MDM Broker Server gt BASt MDM Interface srv Subskriptions ID gt clientPullService subscriptionID lt Subskriptions ID gt Mobility Data Marketplace Page 22 Example https service mac mdm portal de BASt MDM Interface srv 2000000 clientPullService subscriptionID 2000000 The broker system supports requests that have an If Modified Since header field For this purpose the responses of the broker system always contain the header field Last Modified see HTTP 1 1 If the data client system wants to use this feature it must always transmit the value from the last Last Modified header field As a result the transfer of already collected data packets can be prevented It is strongly recommended that you implement this feature on the data client side Example If the response of the previous data packet contains for example the following header field Last Modified Sat 29 Oct 1994 19 43 31 GMT the next data packet must be requested with a request that contains the following header field If Modified Since
47. in is expected to be a DATEX II package or recommended a BASE64 encoded and GZIP compressed DATEX II binary package see chapter 4 4 3 For the data delivery please see also OTS2 chapter 7 6 7 3 and 7 6 7 4 Connection termination An existing connection can be again terminated by either side OTS 2 methods AUnSubscribe to terminate the order or data delivery and then AUntie to terminate a connection Connections will be terminated by the MDM only if a publication or a subscription is set out in an inactive mode from the administration metadata directory or if the MDM server is shut down e g for maintenance purposes Mobility Data Marketplace Page 37 4 4 5 SWUM In the case of a connection termination OTS 2 method call onAUntied the client receives in the first case the reason MDM Service Disabled in the field reason and in the second case the reason MDM Server Shutdown If the data supplier wants to terminate the connection it will have to provide an appropriate justification in the reason field e g MDM Client Shutdown or MDM Client Restart to create detailed log messages To establish a connection see also OTS2 chapter 7 6 5 and 7 6 8 OTS 2 Subscribe When using the OTS 2 protocol the data client takes the role of an OTS 2 subscriber Depending on the MDM subscription a separate connection has to be established to the designated service endpoint OTS 2 method ATie The URL
48. initiative In this process an appropriate SOAP interface must be used Whether the data is event based on occurrence or periodically generated and delivered to the MDM platform is irrelevant to the operation of the Mobility Data Marketplace Page 27 MDM broker system The mechanism for the exchange is the same in both cases 4 3 1 3 1 Offering a web service The MDM broker system provides a web service that is defined based on the specification DATEX II Push WSDL DatexIIPush The data to be supplied is expected as input As output the data supplier system gets in return confirmation data in DATEX II format The output consists of an acknowledgement of receipt Za supplierPushService LI supplierPushInterface Be putDatex2Data supplierPushSoapEndPoint https MDP_adress suppl body d2LogicalModel P body e d2LogicalModel Figure 6 Webservice Data supplier system MDM broker system DATEX II Publisher Push In the broker system the ID of the publication the data packets belong to is entered in the URL of the service endpoint The URL is structured as follows https BASt MDM Broker Server BASt MDM Interface srv publication ID gt supplierPushService Example https service mac mdm portal de BASt MDM Interface srv 2000002 supplierPushService 4 3 1 3 2 Calling up the web service 4 3 1 4 AA The data supplier system has to provide a web service client that i
49. irectory Based on the certificate the machine can be assigned to the organization Furthermore it can be checked whether the organization is the owner of the publication or subscription for which data exchange is to take place It should be noted that the server certificate of the MDM has been issued to the MDM broker by the MDM s own CAs Therefore the server certificate should be checked on the client side against the CA certificates which can be downloaded under http hilfe mdm portal de fileadmin user upload Dokumente Hilfeseite MDM CA Cert zip In the Annex A you will find a Java code example that demonstrates the use of client certificates both for the communication with a SOAP web service as well as for a web server via HTTPS Mobility Data Marketplace Page 44 6 1 6 2 6 3 6 4 6 4 1 SWUM Exceptions and Error Messages Exception Unchanged Data If a DATEX II client pull request uses the header field If Modified Since and if there are no more recent data packets than those already gathered an HTTP status code 304 Not Modified will be generated The same shall apply if no data is not yet available Error Messages with SOAP Requests Error messages with SOAP requests are reported as SOAP faults Here the error message in the faultstring of the following SOAP response is sent lt S Envelope xmlns S http schemas xmlsoap org soap envelope gt lt S Body gt lt S Fault xmlns ns4
50. l apply It should be noted that the additional optional rules do not apply The options for authentication C13 C14 C17 do not apply as they are obsolete when using the HTTPS method that is compulsory for MDM C18 C27 do no longer apply since the options relate only to the optional provision of DATEX II data in file format which is not applicable to MDM 4 2 1 1 1 Request to data supplier AA The MDM broker system sends an HTTPS GET request to the data supplier system from which the data is to be collected The MDM platform is able to identify the data supplier systems that have subscribed to a pull method and to send requests to them at defined intervals Via the MDM administration component the data supplier must enter the publication specific server URL in the publication configuration The broker system sends the request with an If Modified Since header field whenever the data supplier system had set the header field Last Modified in its response see HTTP 1 1 The data supplier system should always set this header field to enable the MDM platform to use this feature As a result the transfer of already collected data packets can be prevented Example If the response of the previous data packet contains the following header line Last Modified Sat 29 Oct 1994 19 43 31 GMT the next data packet will be requested with a request which contains the following header line If Modified Since Sat 2
51. lc3RwaGFsaWExETAPBgNVBACTCERvcnRt 38 dWSkMRUVEWvYDVOOKEuwxNQVRFUKSBIEdtYkgxHzAdBgNVBASTFKJVOyBTZXJZaWNl 39 IE1hbmFnzU11bnOxNTAzBgNVBAMTLEJVOyBTZXJZaWNIIEl1hbmFnzWilbnOgO2Vy 40 dGlmaUNhdGUgOXVOaG9yaXR5MSEwHwYJKoZIhvcNAQOkBFhJkYUxizXJzQGlhdGVy 41 bmEuZGUWHhcNMTEwMjAzMTEwvMDUyUhcNMTMwuMjAyMTEuMDUyWjCBSTELMAKGA1UE 42 BhMCREUxHzA dBgNVBAgTFKkS5vcnRoIFJoaWUSlLVdlc3RwaGFsaWVExFTATBGNVBAOT 43 DE1BVEVSTKEgRZ1iSDEfMBOGA1UECxMWOlVDIFNlcnZpYZUgTWFuYWdlbWVudDEm 44 MCOGAIUEAxMGOIVDIFNlcnZpYZUgTWFuYUWdlbWVudCBTUOwgQOExITAfBgkghkiG 45 9yOBCOEWEmRhbGJ 1cnNAbWFOZXJuYSSKkZTCCASIwDOYJKoZIhvcNAQEBBQADGQgEP 46 ADCCAQoCggEBALnya7cKJJwOrm4 yc YuxerhUDTi1WdGJpuFmxvXGxHyFfpXZxy13 47 Ud5b 7KqaRh 4G6JKkB wr2dYEyZ2 QD7DHRdR6GA7pxMvjOHuAXp4L3nwZMdUwfBQMm 48 VRZOHOPoeCXylaTJ74 Q4AZUxseX vPuFgJNOimOEA yugILnl c 98Ek6kcvRKrmWhP 49 II6f X s1U4qHqogRMRLQDjzP5YJSsiZwgcduBTBKUCE3Hw6a2 ZLKK1bpifQ3hoF 50 8d1YUbhbHMRM CqigKwyvU5cjuX5JKIMSIbOCyOyu6ilWaAxivXBdOn94VYtoXYww 51rP8ZxuUvO6CaYgqghIShhjlPMETsBVNpLN4TGCAwEAAaOBqzCBqDAdBgNVHOAEFGgQU 52 mCO9qfOe5LLKAc rBQUWmqkKVzzowHwYDVROjBBgwFoAUZdRXyT5kzOo3GDdd68Fr 53 iftLibAwEgYDVROTAQH BAgwBgEB wIBADALBGgNVHOSEBANCAQYwEQYJYIZIAYb4 For Help press F1 Figure 17 File lt sammeldatei pem gt Copy the server certificate into a new text file lt server crt gt Enter this file in the Apache configuration under the following attribute SSLCertificateFile Copy the remaining certificates into a new text file lt ca cert ch
52. nnection setDefaultSSLSocketFactory sslfactory URL url new URL urlString HttpsURLConnection con HttpsURLConnection url openConnection con setSSLSocketFactory sslfactory HostnameVerifier hostnameVerifier new HostnameVerifier Here install own name check of the server Override public boolean verify String hostname SSLSession session return true D I con setHostnameVerifier hostnameVerifier con setDefaultUseCaches false return con catch Exception ex ex printStackTrace return null This function calls up DATEX2 data from platform A private void testClientPullHttpsDatexII String subscriptionId 123456 Server name under which the MDM platform is accessible String mdmHost service mac mdm portal de String url https mdmHost BASt MDM Interface srv subscriptionId clientPullService subscriptionId subscriptionId HttpsURLConnection con null try A Mobility Data Marketplace Page 63 Connect to server con getSecureConnection url con setRequestMethod GET con setRequestProperty Accept Encoding gzip con setUseCaches false con setDoInput true con setDoOutput true conoconnect h Connection status int responseCode con getResponseCode Data retrieved successfully HTTP Server Code if responseCode 200 System out println Get successful else if responseCode 400
53. nv Body gt lt env Envelope gt 7 3 1 2 Data order MVM In the field topic it is recommended to enter the MDM publication ID Request aSubscribe via sMsg via tSend tSendR Response is empty S Envelope xmlns S http schemas xmlsoap org soap envelope S Body Mobility Data Marketplace Page 55 7 3 1 3 AA tSend xmlns http opentrafficsystems org OTS2 xmlns ns22 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I OITD gt transportId lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt transportId gt data xmlns xsi http www w3 org 2001 XMLSchema instance xsi type sMsgType msg xsi type aSubscribeType lt subscriId gt 1322843092 lt subscrid gt lt subscrName gt OTS2TestClient lt subscrName gt lt subscription xsi type acSubscriptionAnyType gt lt topic gt 2035000 lt topic gt lt subscription gt lt msg gt lt data gt lt tSend gt lt S Body gt lt S Envelope gt Data delivery Request tGet tGetR Response see below lt S Envelope xmlns S http schemas xmlsoap org soap envelope gt lt S Body gt lt tGet xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I_OITD gt lt transportId gt lt clientPart gt 1 lt clientPart gt lt se
54. nv Envelope xmlns env http schemas xmlsoap org soap envelope gt env Header lt env Body gt lt tGetR xmlns http opentrafficsystems org OTS2 xmlns ns22 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I OITD ds tSend Mobility Data Marketplace Page 52 fa Ta Kaal lt transportId gt lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt transportId gt data xmlns xsi http www w3 org 2001 XMLSchema instance xsi type sOpenResponseType sessionId 266419a0 1d02 11e1 a7c2 000c294483b2 sessionId config version m configListServer S2A data tSend ds lt tGetR gt lt env Body gt lt env Envelope gt Request tGet tGetR Response see below lt S Envelope xmlns S http schemas xmlsoap org soap envelope gt lt S Body gt lt tGet xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I_OITD gt lt transportId gt lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt transportId gt lt tGet gt lt S Body gt lt S Envelope gt Request aTie via sMsg via tSend tSendR Response is empty lt S Envelope xmlns S http schemas xmlsoap org soap envelope gt lt S Body gt lt tSend xmlns http opentrafficsystems org OTS2 xmlns ns22 http da
55. of the MDM platform mediates between the data supplier or data client systems and the certificate issuer Therefore data suppliers and data clients apply when registering for one or multiple machine certificates via the administration GUI of the MDM platform The certificate is however sent to them by the certificate issuing organization and not by the operator of the MDM platform To request a machine certificate you must already be registered on the MDM platform with your organization How to apply for a machine certificate on the MDM platform is described in BHB Mobility Data Marketplace Page 42 5 4 5 5 fa Ta Kaal Installing a Machine Certificate and Issuer Certificate Note The installation for IIS is described in chapter 9 1 In the Apache Web server integrate the machine certificate as follows SSLCertificateFile usr local apache2 conf ssl crt server crt Enter the associated private key as follows SSLCertificateKeyFile usr local apache2 conf ssl crt server key In addition you must install the issuer certificate on the web server SSLCACertificateFile usr local apache2 conf ssl crt ca bundle client crt The certificate is encrypted by using the key with the password that has been sent to you via fax Use the password to decrypt For more information on these directives please see the mod ssl documentation http httpd apache org docs current mod mod ssl html
56. of the service endpoint is structured as follows soap tls BASt MDM Broker Server BASt MDM OTS2 DeliveryService sub subscriptionID Example soap tls service mac mdm portal de BASt MDM OTS2 DeliveryService sub 2035000 The connections are usually maintained as long as possible permanently and not rebuilt e g every minute The authentication takes place only when establishing a connection see below The following Figure 14 shows an example of a sequence with a connection establishment order by the client data delivery by the MDM here are just two deliveries indicated and a connection terminated by the client a disconnection in the reverse direction by the MDM would also be possible The data client client is located on the left side Mobility Data Marketplace Page 38 4 4 5 1 AA sd MDMSubscriber Meis xf Interne ommuni lon ikati Client Subscriber zwischen Client OTSAcitivity Kommunikation zwischen Server OT SAcitivity E MDM Server OT SActivity User Anwendung und Layer MDM Client und MDM Server Layer Rewenducciuad Distributor OTS 2 Stack OTS 2 we OT SActivity User ATie uri callbackObject config application E p Active Open z SA Fc onATied remoteUri sessionld config application onAAccepted uri rem
57. oint ZS getDatex2Data http Janbieter clientPullS linput Ql output body E d2LogicalModel Figure 4 Webservice Data supplier system MDM broker system DATEX II Client Pull Via the MDM administration component the data supplier must enter its URL in the publication configuration 4 3 1 1 2 Calling up a web service 4 3 1 2 AA The MDM broker system provides a web service client that is defined according to the DATEX II pull WSDL DatexIIPull to invoke web services This web service must return data according to the schema DatexIISchema The broker system identifies the data supplier systems that have subscribed to a pull method and the associated service endpoints in the metadata directory and periodically calls them up according to the configured publication frequency The data received after the call is cached in corresponding packet buffers for delivery to potential data clients A previous data packet if it still exists will be replaced Client Pull SOAP Container As with the Client Pull SOAP exchange process the MDM broker system requests the data supplier system periodically to deliver its Mobility Data Marketplace Page 26 data to the MDM platform The time interval used must be configured in the metadata directory when configuring the data services 4 3 1 2 1 Offering a web service The data supplier system has to offer a web service that expects as input the parameters publication ID and tim
58. org soap envelope gt 7 2 4 Data client Client Pull SOAP Container The subscription ID is included in the XML data lt xml version 1 0 encoding UTF 8 lt S Body gt ns3 pullContainerDataClientRequestEl ns http www w3 org 2000 09 xmldsig xmlns ns2 http schemas xmlsoap org ws 2002 07 utility p xm ns3 subscriptionId 2000000 ns3 subscriptionId ns3 pullContainerDataClientRequestEl 8 Body lt S Envelope gt lt S Envelope xmlns S http schemas xmlsoap org soap envelope gt xmlns ns3 http ws bast de container TrafficDataService gt 7 2 5 Data client Publisher Push SOAP DATEX II Expected response from the data client system D2LogicalModel d2LogicalModel modelBaseVersion 2 xsi schemaLocation http datex2 eu schema 2 2 0 DATEXIISchema 2 2 0 xsd xmlns D2LogicalModel http datex2 eu schema 2 2 0 xmlns xsi http www w3 0rg 2001 XMLSchema instance D2LogicalModel exchange D2LogicalModel exchange lt D2LogicalModel d2LogicalModel gt lt D2LogicalModel response gt acknowledge lt D2LogicalModel response gt AA Mobility Data Marketplace Page 50 7 3 OTS 2 Interface 7 3 1 Protocol example SOAP The procedure for using the OTS 2 protocol is exemplified in the communication protocol of a data client For a data supplier the process is essentially identical except that the ord
59. ors URL http www ietf org rfc rfci738 txt ITU T Recommendation X 509 1997 E Information Technology Open Systems X 509v3 Interconnection The Directory Authentication Framework June 1997 http www itu int rec T REC X 509 199708 S en Table 1 Referenced documents List of Abbreviations Abbreviation Explanation BASE64 BASE64 describes a method of encoding 8 bit binary data into a string that consists only of readable code page independent ASCII characters BASt Bundesanstalt fur StraBenwesen Federal Highway Research Institute German Greenwich Mean Time DE MT ui Mobility Data Marketplace Page 8 SWUM Table 2 List of abbreviations Mobility Data Marketplace Page 9 2 Overview of the MDM Platform The MDM platform consists of four components that fulfill different roles O MDM Platform D pen i I MDM Platform rae Data Metadata Directory Supplier Data Client o O ES k oa 5 5 MDM Platform e O z gt Broker System 5 Data Supplier A D System Data Client System Figure 1 Components of the MDM platform Component Description Security component Via the security component the data client system data supplier system can be authenticated to use the services Metadatenverzeichnis The metadata directory is used to manage all metadata directory information relevant to MDM platform and provides a number of organisational services
60. oteUri sessionld config application A ASubscribe sessionID subscrID subscrName subscription d D 1 onASubscribe sessionID subscrlD subscrName subscription 1 1 d d A i ggASnippets sessionID subsoriD data Subscribe bg SnippetsisessionlD subserID data T q ASnippets session D subscrlD data onASnippets session D subscriD data 4 p pi Li i i AUnsubscribe session D subscrlD reason sl i 7 onAUnsubscribe sessionID subscrID reason pi Unsubscribe H 1 1 AUntie sessionID reason 1 q i pret 7 d onAUntied sessionID reason Close 7 gt T i k 1 Figure 14 Sequence diagram OTS 2 communication between data clients and MDM Connection establishment By using its machine certificate the data client system has to establish a TLS connection in the direction of MDM with the OTS 2 protocol connection SOAP HTTP with TLS encryption OTS 2 method ATie soap tls is in the URL schema field For the implementation of the certificate transmission please refer to chapter 8 1 Use of Client Certificates for HTTPS Communication with Servers That Require a Certificate based Authentication The data client must set the following special configuration information features in the o a subscriber 1 indicates that it is a data client o a c datex any mdmz 1 encodes the specific conditions for the use of OTS 2 protocol in MDM o t targetURI with the complete target URI e g t targetURI soap tls ser
61. r Data Client Web Clients 44 Mobility Data Marketplace Page 2 6 1 6 2 6 3 6 4 6 4 1 6 4 2 6 4 3 6 4 4 7 1 7 1 1 7 1 2 7 1 3 7 1 4 7 2 7 2 1 7 2 2 7 2 3 7 2 4 7 2 5 7 3 7 3 1 SVM Exceptions and Error e EE 45 Exception Unchanged Data 45 Error Messages with SOAP Regueste ennn 45 Error Messages with HTTPS Requests cccccccesssssssssseeeeeeessssssseneees 45 Error Handling in the Context of OTS 2 Protocol 45 Klee TEE 45 ORG lets ee e eegen 46 Data delivery Se ten as vetet Oe oh eae dumis 46 G n ral cedo ote E EE 46 Eet ee PE 47 HTTPS EIERE 47 Data Supplier Client Pull HTTPS Container 47 Data Supplier Publisher Push HTTPS Container nennen 47 Data client Client Pull HTTPS DATEX Di 48 Data client Client Pull HTTPS Container 48 SOAP ae EE 48 Data Supplier Publisher Push SOAP DATEX II 48 Data Supplier Client Push SOAP Container 49 Data client Client Pull SOAP DATEX II 50 Data client Client Pull SOAP Container 50 Data client Publisher Push SOAP DATEX II 50 RTS EE 51 Protocol example SOAP seen 51 ANNEX EE EE 60 Use of Client Certificates for HTTPS Communication with Servers That Require a Certificate based Authentication 60 Use of Client Certificates for the Communication with SOAP Web Services That Require a Certificate based Authentication rn a a a a aiad 66 Annex EE 70 Processing the p12 File for Ap
62. rm and the data client system on the other hand must be ensured by an exclusive use of an SSL TLS transport encryption The security component requires standards compliant X 509v3 certificates for authentication see also PKI The certificates must be technically involved in the HTTPS connection to the data client and data supplier systems via a client side certificate based connection establishment The presented certificates are checked for validity and whether they are blocked or not Mobility Data Marketplace Page 41 5 2 5 3 AA MDM Infrastruktur MDM Plattform Zert Token SSL Modul SSL Modul Figure 15 Overview of the security architecture The SSL module 1 in Figure 15 sends a certificate request to the sender for predefined URLs checks the validity of the obtained certificate and then verifies whether it is blocked or not Afterwards it forwards the certificate to the security component of the MDM platform Note on Server Name Indication The SSL implementation JSSE in Java 6 used in the MDM platform supports no Server Name Indication SNI see http bugs sun com bugdatabase view bug do bug id 6985179 This means that data suppliers for the client pull method and data clients for the publisher push method cannot use any virtual server for M2M communication Each registered machine can represent only a unique IP address Applying for a Machine Certificate The operator
63. rovided for transmission With the so called container format any XML and binary data can be transmitted The validity of the data is checked and logged upon delivery of a data packet to the MDM broker interface For this purpose the schema file is based on the URL that is stored in the publication description For publications in DATEX II format it is the responsibility of the data supplier to provide the correct file schema For publications in container format the standard schema is already made available under a generally valid URL Please reference this URL in the schemaLocation attribute of your XML data packets to provide data clients with an automatic validation of the packets The MDM accepts the data packets independent of the validation result and delivers them to the data clients even if the result is negative Mobility Data Marketplace Page 12 3 1 AA DATEX II DATEX II is a European standard for exchanging mobility data Basic knowledge of DATEX II specification is required for this section DatexIISpec For the MDM interface the DATEX II specification is used in version 2 0 DATEX II defines XML structures for the exchange of mobility data The underlying scheme can be viewed under http www datex2 eu The payload must be defined on the basis of this scheme DATEX II determines not only a standard for the structure of the payload but also regulates the exchange process The latter is described in detail in chapt
64. rverPart gt 27 lt serverPart gt lt transportId gt lt tGet gt lt S Body gt lt S Envelope gt Response aSnippets via sMsg via tGetR tGet Request see above xsi type sMsgType gt envi Envelope xmlns env http schemas xmlsoap org soap envelope gt env Header lt env Body gt lt tGetR xmlns http opentrafficsystems org OTS2 xmlns ns2 http datex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I_OITD gt lt ds gt lt tSend gt lt transportId gt lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt transportId data xmlns xsi http www w3 org 2001 XMLSchema instance Mobility Data Marketplace Page 56 7 3 1 4 7 3 1 5 AA msg xsi type aSnippetsType lt subscriId gt 1322843092 lt subscrid gt data xsi type acDataAnyType gt dataAny xmlns xs http www w3 org 2001 XMLSchema xsi type xs string gt amp lt binary type amp quot base64BinaryDatex2Gzip amp quot id amp quot 0 amp quot amp gt HASIAAAAAAAAADTdCZYkOa5D0S3Z25Dbsf2PJ 4xTZ U qswIdx SkigQOB8H6f4 f 7Xfdz7dd3 159v87ffpzPfZy 69uft zvO dataAny data msg data tSend ds lt tGetR gt lt env Body gt lt env Envelope gt Cancellation Request aUnsubscribe via sMsg via tSend tSendR Response is empty S Envelope xmlns S http schemas xmlsoap org soap envelope
65. s defined according to DATEX II Push WSDL DatexIIPush to call up the web service The web service must deliver the data to the publication specific service endpoint of the MDM broker system The MDM broker system accepts this data and stores it in a packet buffer A previous data packet if it still exists will be replaced Publisher Push SOAP Container With the Publisher Push exchange process the data supplier system must deliver the data to the MDM platform on its own initiative In this process an appropriate SOAP interface must be used Whether the Mobility Data Marketplace Page 28 data is event based on occurrence or periodically generated and delivered to the MDM platform is irrelevant to the operation of the MDM broker system The mechanism for the exchange is the same in both cases 4 3 1 4 1 Offering a web service The MDM broker system provides a web service which expects as input the data structure of the container format filled with the publication ID in the header element and a data packet in the body element and returns a status message as output 4 amp TrafficDataService IO Obee 3i pushContainerData B containerReceiver http mdphost container Ppl input P containerdata containerdata Q output P containerdata e containerdata Figure 7 Webservice Data supplier system MDM broker system Container Publisher Push 4 3 1 4 2 Calling up the web service The data supplier system mus
66. s ns3 http otec konsortium de OCIT I_OITD gt lt rTransportId gt lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt lt rTransportId gt lt tDisconnectR gt lt env Body gt env Envelope AA Mobility Data Marketplace Page 59 8 Annex A 8 1 Use of Client Certificates for HTTPS Communication with Servers That Require a Certificate based Authentication package com ottensoftware bast http ssl import java io BufferedReader import java io FileInputStream import java io InputStream import java io InputStreamReader import java net URL import java security KeyStore import java security SecureRandom import java util List import java util Map import java util zip GZIPInputStream import java util zip Inflater import java util zip InflaterInputStream import javax net ssl HostnameVerifier import javax net ssl HttpsURLConnection import javax net ssl KeyManager import javax net ssl KeyManagerFactory import javax net ssl SSLContext import javax net ssl SSLSession import javax net ssl SSLSocketFactory import javax net ssl TrustManager import javax net ssl TrustManagerFactory This class demonstrates the use of client certificates for the communication via HTTPS with servers requesting a certificate based authentication Requirements The private key and the client certificate are available as PKCS12 file The password of the ke
67. sage in container format to the MDM broker system In this process the publication ID in the header element and the payload in the body element of the container message must be delivered The URL of the broker system is constructed as follows https lt BASt MDM Broker Server gt BASt MDM Interface srv container v1 0 Example https service mac mdm portal de BASt MDM Interface srv container v1 0 AA Mobility Data Marketplace Page 21 4 2 1 3 2 Request to data supplier 4 2 2 4 2 2 1 In response to the request the data supplier system receives an HTTPS response The message body is empty The standard HTTP status codes HTTP 1 1 may be used as status codes whereby the explanations described in Table 7 shall apply Description Request Request POST data delivery HTTP 1 1 Host mdmhost Content Type text xml Accept Encoding GZIP lt container gt lt container gt Response Response HTTP 1 1 200 OK Status Standard HTTP1 1 Status Codes HTTP 1 1 codes The following status codes have a particular meaning 400 No publication parameter or no data has been given 404 The publication parameter could not be assigned or the publication is no longer valid Table 7 Request Response between the data supplier system and the MDM platform with the Publisher Push HTTPS Data client Client Pull HTTPS DATEX IT With the client pull exchange process the data cl
68. sdl DatexIISchema DATEX II XML Schema 2 0 DatexIISDG Sg II v2 0 Software Developers Guide Version Includes the following documents which are available to all registered users for download under http www datex2 eu DatexIISpec DatexIIPSM DatexIISDG DatexIIUserGuide DatexIIUserGuide DATEX II v2 0 User Guide v 1 2 RFC 1952 Mai 1996 GZIP GZIP File Format Specification Version 4 3 http tools ietf org rfc rfc1952 txt RFC 2616 Juni 1999 HTTP 1 1 Hypertext Transfer Protocol HTTP 1 1 http www ietf org rfc rfc2616 txt RFC 2818 Mai 2000 HTTPS HTTP over TLS http www ietf org rfc rfc2818 txt MCS MDM Container format specification http www mdm portal de AA Mobility Data Marketplace Page 7 1 4 AA Source Publisher OTS 2 Specification OTS Communication OTS2 Version 02 02 09 http www opentrafficsystems org DIN SPEC 91213 1 Open Traffic Systems OTS 2 Interface Specification Part 1 Introductory remarks for decision makers January 2011 OTS2DIN DIN SPEC 91213 2 Open Traffic Systems OTS 2 Interface Specification Part 2 Technical specification for implementers February 2011 RFC 2459 January 1999 PKI Internet X 509 Public Key Infrastructure Certificate and CRL Profile http www ietf org rfc rfc2459 txt SOAP Version 1 2 SOAP http www w3 org TR soapi2 part1 RFC 1738 December 1994 URL Uniform Resource Locat
69. sh nennen a re nh rsen nnne nnns rrr Figure 7 Webservice Data supplier system MDM broker system Container Publisher Bebe EE ee eee edet eet Figure 8 Web service MDM broker system Data client system DATEX II En TUE Figure 9 Web service MDM broker system Data client system Container Client Pullz 3u ib E et th e C eo Rt ERO Roe RE doe weedy Figure 10 Web service MDM broker system Data client system DATEX II Publisher Push ciues EE Figure 11 Web service MDM broker system Data client system Container Publisher PUS cers tone atc Ge Ea Figure 12 Structure of a binary coded OTS 2 dataAny PDU ss AA Mobility Data Marketplace Page 4 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 SWUM Sequence diagram OTS 2 communication between data suppliers dad MDM 5 s he ot ee e eg 36 Sequence diagram OTS 2 communication between data clients and TR EE 39 Overview of the security architecture onnnneee ener eennnennenen 42 File lt sammeldatei peM gt quaerat t nae de am debct a 71 File sammieldatel PEM errans raten enten enne eden eer dle old 73 Mobility Data Marketplace Page 5 1 1 1 2 SWUM Introduction Preamble The Mobility Data Marketplace MDM aims at supporting the exchange of data between data suppliers and data clients using interfaces At the same time it is a central portal with collected information about available online traffic d
70. t provide a web service client in accordance with the container format specification MCS This client serves to launch the web service The SOAP endpoint of the broker system is as follows https BASt MDM Broker Server BASt MDM Interface srv container v1 0 Example https service mac mdm portal de BASt MDM Interface srv container v1 0 AA Mobility Data Marketplace Page 29 4 3 2 4 3 2 1 Data client Client Pull SOAP DATEX IT With the Client Pull SOAP exchange process the data client system must prompt the MDM platform to transfer the data to the data client system 4 3 2 1 1 Offering a web service The MDM broker system provides a web service that is defined based on the specification DatexIIPull As input the subscription ID is expected here in the URL as output the data client gets in return the requested data in DATEXII format Based on the transmitted subscription ID the MDM platform can identify the corresponding packet buffer and the data packet 4 clientPullService LI 3 dlientPullInterface E clientPullSoapEndPoint S getDatex2Data http qa macs 4 18080 Cl input output P body E d2LogicalModel Figure 8 Web service MDM broker system Data client system DATEX II Client Pull 4 3 2 1 2 Calling up the web service 4 3 2 2 AA The data client system must provide a web service client that is defined accordin
71. tem Data client system HTTPS SOAP OTS2 HTTPS SOAP OTS 2 DATEX II Client 4 2 1 1 4 3 1 1 4 2 2 1 4 3 2 1 SE Server Server Client Client Publisher 4 3 1 3 4 4 4 4 3 2 3 4 4 5 push Client Client Server Client Container Client 4 2 1 2 4 3 1 2 4 2 2 2 4 3 2 2 pull Server Server Client Client Publisher 4 2 1 3 4 3 1 4 4 2 2 3 4 3 2 4 SE Client Client Server Server Table 4 Overview of the interfaces of the MDM broker system If the SOAP method is used the WSDL of the broker service can generally be queried at the service endpoint that is specific to the relevant publication or subscription using the wsdl request Use of Interfaces When using the HTTPS or SOAP protocol there are three different modes of operation for the exchange of data all of which are supported by the MDM platform Mobility Data Marketplace Page 16 SWUM Mode Description Client Pull The communication is initiated by the client MDM broker system to data supplier or data client system to MDM platform and the data is sent as a response Publisher Push Periodic The communication is initiated by the publisher data supplier system to MDM platform at timed intervals Publisher Push on The communication will always be initiated by the Occurrence publisher data supplier system to MDM platform or MDM broker system to data client if the data changes T
72. tex2 eu schema 2 ORC2 2 0 xmlns ns3 http otec konsortium de OCIT I OITD lt transportId gt lt clientPart gt 1 lt clientPart gt lt serverPart gt 27 lt serverPart gt transportId data xmlns xsi http www w3 org 2001 XMLSchema instance xsi type sMsgType msg xsi type aTieType application xsi type acApplicationType gt appVersion OTS2TestClient V 1 0 0 appVersion lt application gt lt neededConfig version configListCounterPart gt lt cfgs gt cfg lt name gt s_layer lt name gt lt min gt 1 lt min gt Mobility Data Marketplace Page 53 lt max gt 1 lt max gt cfg cfg lt min gt 1 lt min gt lt max gt 1 lt max gt cfg cfg lt min gt 0 lt min gt lt max gt 0 lt max gt lt efg gt cfg min 0 min max 0 max cfg cfg lt name gt t_layer lt name gt min gt 1 lt min gt max gt 1 lt max gt cfg cfg lt name gt a_layer lt name gt lt min gt 1 lt min gt lt max gt 1 lt max gt cfg cfgs neededConfig msg data tSend lt S Body gt lt S Envelope gt A A A lt name gt a_distributor_sub lt name gt lt name gt a_subscriber lt name gt name a c datex any mdm lt name gt Response aTieResponse via sMsg via tGetR tGet Request see above lt env Header gt lt env Body gt konsortium de OCIT I OITD ds
73. ttp datex2 eu schema 2 2 0 modelBaseVersion 2 gt lt exchange gt lt subscriptionReference gt subscriptionReference lt subscriptionReference gt lt supplierIdentification gt lt country gt de lt country gt nationalldentifier TestClient nationalldentifier internationalldentifierExtension supplierIdentification exchange lt payloadPublication xmlns xsi http www w3 org 2001 XMLSchema instance xsi type SituationPublication lang DE gt AA Mobility Data Marketplace Page 48 lt feedDescription gt lt values gt value lang DE gt test test lt value gt lt values gt lt feedDescription gt lt feedType gt feedType lt feedType gt lt publicationTime gt 2011 03 02T10 36 34 336 01 00 lt publicationTime gt lt publicationCreator gt lt country gt de lt country gt nationalldentifier TestClient nationalldentifier internationalldentifierExtension lt publicationCreator gt situation version 0 1 id GUID Mattst 1299058594339 lt overallSeverity gt none lt overallSeverity gt lt headerInformation gt lt areaOfInterest gt regional lt areaOfInterest gt lt headerInformation gt lt situationRecord xsi type AnimalPresenceObstruction gt lt generalPublicComment gt lt comment gt lt values gt lt value lang DE gt lt value gt lt values gt lt comment gt lt generalPublicComment gt lt situationRecord gt lt si
74. tuation gt lt payloadPublication gt d2LogicalModel lt S Body gt lt S Envelope gt 7 2 2 Data Supplier Client Push SOAP Container The publication ID is included in the XML data lt xml version 1 0 encoding UTF 8 lt S Envelope xmlns S http schemas xmlsoap org soap envelope gt lt S Body gt ns3 containerRootElementEl xmlns http www w3 org 2000 09 xmldsigf xmlns ns2 http schemas xmlsoap org ws 2002 07 utility xmlns ns3 http ws bast de container TrafficDataService gt lt ns3 header gt lt ns3 Identifier gt lt ns3 publicationId gt 12345 lt ns3 publicationId gt lt ns3 Identifier gt lt ns3 header gt ns3 body ns3 binary id test id bin type hexBinary gt dGVzdC10ZXh0 amp xD lt ns3 binary gt ns3 xmlschema test schema id test id xml ns3 body AA Mobility Data Marketplace Page 49 lt ns3 containerRootElementEl gt lt S Body gt lt S Envelope gt 7 2 3 Data client Client Pull SOAP DATEX II The request must contain no more data The subscription ID must be provided in the path of the URL https service mac mdm portal de BASt MDM Interface srv 2000000 clientPullService lt xml version 1 0 encoding UTF 8 lt S Body gt lt S Envelope gt lt S Envelope xmlns S http schemas xmlsoap
75. vice mac mdm portal de BASt MDM OTS2 DeliveryService sub 2035000 is internally required by the MDM server OTS 2 To establish a connection see also OTS2 chapter 7 6 4 1 and 7 6 4 2 Mobility Data Marketplace Page 39 4 4 5 2 4 4 5 3 4 4 5 4 SWUM Order Pursuant to OTS 2 protocol the data client must place his order OTS 2 method call ASubscribe after a successful connection establishment OTS 2 method call onATied The order has the type acSubscriptionAnyType The required data is already determined by the selection of the service endpoint in MDM and it is therefore not specified in the order It is recommended to enter the MDM publication name into the field subscrName of the OTS 2 order and the MDM publication ID into the field topic All other optional fields in the OTS 2 order shall not apply For the order please see also OTS2 chapter 7 6 7 1 and 7 6 7 2 Data delivery After having placed the order the data client regularly receives the MDM data OTS 2 method call onASnippet MDM shall always provide new data packets in the context of a push method as soon as the data arrives to MDM from the data supplier The data packets are of the type acDataAnyType The data is supplied as BASE64 encoded and GZIP compressed DATEX II binary package see chapter 4 4 3 For the data delivery please see also OTS2 chapter 7 6 7 3 and 7 6 7 4 Connection termination An existing connection can be terminate
76. y User Anwendung und Layer MDM Client und MDM Server Layer Distributor OTS 2 Stack A OTSActivity User Stacl H i ATie uri callbackObject config application n Inteme Active Open z ER 1 onATied remoteUri sessionld config application onAAccepted uri remoteUri sessionld config application H H Gd Dees on D subsorlD subsorName subscription onASubscriBe sessionID subsorlD subsorName subscription ASnippets sessionID subscrlD data Subscribe i onASnippets sessionID subscriD data ASnippetstsesson Dt ate J onASnippets sessionID subscriD data En d Kc i i i ee ego er 7 1 hamke GA sbs d onAUnsubscribe session D subscriD reason im Ost Unsubscribe RER 1 i i i i i AUntie sessionID reason 1 i pret 7 d onAUntied sessionID reason 1 Close i gt T 1 Figure 13 Sequence diagram OTS 2 communication between data suppliers and MDM 4 4 4 1 Connection establishment AA By using its machine certificate the data supplier system has to establish a TLS connection in the direction of MDM with the OTS 2 protocol connection SOAP HTTP with TLS encryption OTS 2 method ATie soap tls is in the URL schema field For the implementation of the certificate transmission please refer to chapter 8 1 Use of Client Certificates for HTTPS Communication with Servers That
77. y file is known The certificate of the server s with which connections are to be established are available as Java keystore file 1 1 You can determine the certificates of the MDM platform using a browser or extract them from the PKCS 12 file using openssl You create your own truststore file using lt JAVA_HOME gt bin keytool import trustcacerts alias own alias for the holder of the certificate file Path to the certificate to be imported keystore file name of the trusstore file AA Mobility Data Marketplace Page 60 Example C Programme Java jdk1 6 0 22 bin keytool import trustcacerts alias BUCServiceManagementCertificateAuthority file trustcerts BUCServiceManagementCertificateAuthority crt keystore mytruststore jks Enter the keystore password With the first certificate set your own password Use this password for all subsequent imports Enter the password again Password repetition The following is the output of the certificate to be imported Owner EMAILADDRESS dalbers materna de CN BUC Service Management SSL CA OU BU C Service Management O MATERNA GmbH ST North Rhine Westphalia C DE Originator EMAILADDRESS dalbers materna de CN BUC Service Management Certificate Authority OU BUC Service Management O MATERNA GmbH L Dortmund ST North Rhine Westphalia C DE Serial number 9 Valid from Thu Feb 03 12 00 52 CET 2011 until S
78. ystem out printin response toString catch Exception ex ex printStackTrace finally if con null con disconnect iparam args S public static void main String args TestClientCertHttpDatex2 tc new TestClientCertHttpDatex2 tc testClientPullHttpsDatexII Mobility Data Marketplace Page 65 8 2 Use of Client Certificates for the Communication with SOAP Web Services That Require a Certificate based Authentication package com ottensoftware bast soap ssl import java net URL import javax xml namespace QName import eu datex2 schema 2 2 0 D2LogicalModel import eu datex2 wsdl clientpull 2 0 client ClientPullService import eu datex2 wsdl clientpull 2 0 client ClientPullService Service This class demonstrates the use of client certificates for the communication with SOAP web services that require a certificate based authentication Requirements The private key and the client certificate are available as PKCS12 file The password of the key file is known The certificate of the server s with which connections are to be established are available as Java keystore file l1 1 You can determine the certificates of the MDM platform using a browser or extract them from the PKCS 12 file using openssl You create your own truststore file using lt JAVA_HOME gt bin keytool import trustcacerts alias own alias for the holder o
79. zsslcertificate file http httpd apache org docs current mod mod_ssl html sslcacertifica tefile Note If you get the machine certificate and the issuer certificate within a common p12 file you must extract both certificates from this file and then install them The relevant instructions are provided in chapter 9 1 Authentication of the MDM Platform as Web Client If the MDM platform acts as a web client in the M2M communication it will then authenticate with its server certificate provided that the web server has enabled this option on the data supplier or data client side Data supplier and data client systems should enable this option and verify the certificate to determine that the requests were actually disposed of by the MDM platform The CA certificates required for verification can be downloaded from http hilfe mdm Mobility Data Marketplace Page 43 5 6 MVM portal de fileadmin user upload Dokumente Hilfeseite MDM CA Cert zip and must be stored in the data supplier or data client systems Note Do not use the MDM server certificate for verification It is changed on a regular basis Authentication of Data Supplier Data Client Web Clients If the data supplier or data client systems act as a web client in the M2M communication the web client must then authenticate to the MDM platform by using its machine certificate The platform will accept requests only from systems that are registered in the metadata d
Download Pdf Manuals
Related Search