Network Working Group Y. Kawatsura Request for Comments: 3867 Hitachi Category: Informational M. Hiroya Technoinfo Service H. Beykirch Atos Origin November 2004 Payment Application Programmers Interface (API) for v1.0 Internet Open Trading Protocol (IOTP) Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). Abstract The Internet Open Trading Protocol (IOTP) provides a data exchange format for trading purposes while integrating existing pure payment protocols seamlessly. This motivates the multiple layered system architecture which consists of at least some generic IOTP application core and multiple specific payment modules. This document addresses a common interface between the IOTP application core and the payment modules, enabling the interoperability between these kinds of modules. Furthermore, such an interface provides the foundations for a plug-in-mechanism in actual implementations of IOTP application cores. Such interfaces exist at the Consumers', the Merchants' and the Payment Handlers' installations connecting the IOTP application core and the payment software components/legacy systems. Hans, et al. Informational [Page 1] RFC 3867 Payment API for IOTP November 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. General payment phases . . . . . . . . . . . . . . . . . 5 1.2. Assumptions. . . . . . . . . . . . . . . . . . . . . . . 6 2. Message Flow . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.1. Authentication Documentation Exchange. . . . . . . . . . 15 2.2. Brand Compilation. . . . . . . . . . . . . . . . . . . . 17 2.3. Brand Selection. . . . . . . . . . . . . . . . . . . . . 21 2.4. Successful Payment . . . . . . . . . . . . . . . . . . . 24 2.5. Payment Inquiry. . . . . . . . . . . . . . . . . . . . . 29 2.6. Abnormal Transaction Processing. . . . . . . . . . . . . 30 2.6.1. Failures and Cancellations . . . . . . . . . . . 30 2.6.2. Resumption . . . . . . . . . . . . . . . . . . . 32 2.7. IOTP Wallet Initialization . . . . . . . . . . . . . . . 33 2.8. Payment Software Management. . . . . . . . . . . . . . . 34 3. Mutuality. . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.1. Error Codes. . . . . . . . . . . . . . . . . . . . . . . 38 3.2. Attributes and Elements. . . . . . . . . . . . . . . . . 48 3.3. Process States . . . . . . . . . . . . . . . . . . . . . 61 3.3.1. Merchant . . . . . . . . . . . . . . . . . . . . 61 3.3.2. Consumer . . . . . . . . . . . . . . . . . . . . 63 3.3.3. Payment Handler. . . . . . . . . . . . . . . . . 65 4. Payment API Calls. . . . . . . . . . . . . . . . . . . . . . . 66 4.1. Brand Compilation Related API Calls. . . . . . . . . . . 66 4.1.1. Find Accepted Payment Brand. . . . . . . . . . . 66 4.1.2. Find Accepted Payment Protocol . . . . . . . . . 68 4.1.3. Get Payment Initialization Data. . . . . . . . . 70 4.1.4. Inquire Authentication Challenge . . . . . . . . 72 4.1.5. Authenticate . . . . . . . . . . . . . . . . . . 73 4.1.6. Check Authentication Response. . . . . . . . . . 74 4.2. Brand Selection Related API Calls. . . . . . . . . . . . 76 4.2.1. Find Payment Instrument. . . . . . . . . . . . . 76 4.2.2. Check Payment Possibility. . . . . . . . . . . . 78 4.3. Payment Transaction Related API calls. . . . . . . . . . 80 4.3.1. Start Payment Consumer . . . . . . . . . . . . . 80 4.3.2. Start Payment Payment Handler. . . . . . . . . . 82 4.3.3. Resume Payment Consumer. . . . . . . . . . . . . 84 4.3.4. Resume Payment Payment Handler . . . . . . . . . 85 4.3.5. Continue Process . . . . . . . . . . . . . . . . 86 4.3.6. Change Process State . . . . . . . . . . . . . . 88 4.4. General Inquiry API Calls. . . . . . . . . . . . . . . . 89 4.4.1. Remove Payment Log . . . . . . . . . . . . . . . 90 4.4.2. Payment Instrument Inquiry . . . . . . . . . . . 90 4.4.3. Inquire Pending Payment. . . . . . . . . . . . . 92 4.5. Payment Related Inquiry API Calls. . . . . . . . . . . . 93 4.5.1. Check Payment Receipt. . . . . . . . . . . . . . 93 4.5.2. Expand Payment Receipt . . . . . . . . . . . . . 94 Hans, et al. Informational [Page 2] RFC 3867 Payment API for IOTP November 2004 4.5.3. Inquire Process State. . . . . . . . . . . . . . 96 4.5.4. Start Payment Inquiry. . . . . . . . . . . . . . 97 4.5.5. Inquire Payment Status . . . . . . . . . . . . . 98 4.6. Other API Calls. . . . . . . . . . . . . . . . . . . . . 99 4.6.1. Manage Payment Software. . . . . . . . . . . . . 99 5. Call Back Function . . . . . . . . . . . . . . . . . . . . . .101 6. Security Considerations. . . . . . . . . . . . . . . . . . . .103 7. References . . . . . . . . . . . . . . . . . . . . . . . . . .103 7.1. Normative References . . . . . . . . . . . . . . . . . .103 7.2. Informative References . . . . . . . . . . . . . . . . .104 Acknowledgement. . . . . . . . . . . . . . . . . . . . . . . . . .105 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .105 Full Copyright Statement . . . . . . . . . . . . . . . . . . . . .106 1. Introduction Common network technologies are based on standardized and established Internet technologies. The Internet technologies provide mechanisms and tools for presentation, application development, network infrastructure, security, and basic data exchange. Due to the presence of already installed trading roles' systems with their own interfaces (Internet shop, order management, payment, billing, and delivery management systems, or financial institute's legacy systems), IOTP has been limited to the common external interface over the Internet. However, some of these internal interfaces might be also standardized for better integration of IOTP aware components with of the existing infrastructure and its cost effective reuse. For more information on IOTP, see [IOTP] and [IOTPBOOK]. The typical Payment Handlers (i.e., financial institutes or near-bank organizations) as well as Merchants require an IOTP aware application that easily fits into their existing financial infrastructure. The Payment Handler might even insist on the reuse of special in-house solutions for some subtasks of the IOTP aware application, e.g., reflecting their cryptography modules, gateway interfaces, or physical environment. Therefore, their IOTP aware implementation really requires such clear internal interfaces. More important, consumers demand modularization and clear internal interfaces: Their IOTP application aims at the support of multiple payment methods. Consumers prefer the flexible use of different seamless integrating payment methods within one trading application with nearly identical behavior and user interface. The existence of a well-defined interface enables payment software developers to bolt on their components to other developer's general IOTP Application Core. Hans, et al. Informational [Page 3] RFC 3867 Payment API for IOTP November 2004 Initially, this consideration leads to the two-level layered view of the IOTP software for each role, consisting of: o some generic IOTP system component, the so-called IOTP application core - providing IOTP based gateway services and generic business logic and o the trading roles' specific back-end systems implementing the specific trading transaction types' functionality. In order to isolate the changes on the infrastructure, the IOTP trading application has been three-layered: o the IOTP Application Core processes the generic parts of the IOTP transaction and holds the connection to the Internet, o the Existing Legacy System or Existing Payment Software which processes the actual transaction type, and particular payment transaction, and o the IOTP Middle-ware or IOTP Payment Bridge which glues the other two possibly incompatible components. It brokers between the specific interface of the Existing Legacy System and the standardized interfaces of the IOTP Application Core. As IOTP extends payment schemes to a trading scheme, primarily, this document focuses on payment modules, i.e., the interface between the IOTP Payment Bridge and the IOTP Application Core. It provides a standard method for exchanging payment protocol messages between the parties involved in a payment. But, it does not specify any interface for order or delivery processing. Such a Payment Application Programmers Interface (API) must suit for a broad range of payment methods: (1) software based like Credit Card SET or CyberCoin, (2) chip card based like Mondex or GeldKarte, and (3) mimicries of typical and traditional payment methods like money transfer, direct debit, deposit, withdrawal, money exchange and value points. It should support both payments with explicit consumer acknowledge and automatic repeated payments, which have been consumer approved in advance. For more information on SET, see [SET]. The following discussion focuses on the Consumer's point of view and uses the associated terminology. When switching to Merchants' or Delivery Handlers' IOTP aware applications, the payment related components should be implicitly renamed by Existing Legacy Systems to the IOTP Middle-ware. Hans, et al. Informational [Page 4] RFC 3867 Payment API for IOTP November 2004 The next two sub-sections describe the general payment scenario and several assumptions about the coarsely sketched software components. Section 2 illustrates the payment transaction progress and message flow of different kinds of transaction behavior. Sections 3 to 4 provide the details of the API functions and Section 5 elaborates the call back interface. 1.1. General payment phases The following table sketches the four logical steps of many payment schemes. The preceding agreements about the goods, payment method, purchase amount, or delivery rules are omitted. Payment State Party Example Behavior ------------- ----- ---------------- Mutual Payment Handler Generation of identification Authentication request, solvency request, or and some nonce Initialization Consumer Responses to the requests and generation of own nonce Authorization Payment Handler Generation of the authorization request (for consumer) Consumer Agreement to payment (by reservation of the Consumer's e-money) Payment Handler Acceptance or rejection of the agreement (consumer's authorization response), generation of the authorization request (for issuer/acquirer), and processing of its response Capture Generation of the capture request (for issuer/acquirer) Consumer Is charged Payment Handler Acceptance or rejection of the e-money, close of the payment transaction Reversal On rejection (online/delayed): generation of the reversal data Consumer Receipt of the refund Hans, et al. Informational [Page 5] RFC 3867 Payment API for IOTP November 2004 However, some payment schemes: o limit themselves to one-sided authentication, o perform off-line authorization without any referral to any issuer/acquirer, o apply capture processing in batch mode, or o do not distinguish between authorization and capture, o lack an inbound mechanism for reversals or implement a limited variant. This model applies not only to payments at the typical points of sales but extends to refunds, deposits, withdrawals, electronic cheques, direct debits, and money transfers. 1.2. Assumptions In outline, the IOTP Payment Bridge processes some input sequence of payment protocol messages being forwarded by the IOTP Application Core. It (1) disassembles the messages, (2) maps them onto the formats of the Existing Payment Software, (3) assembles its responses, and (4) returns another sequence of payment protocol messages that is mostly intended for transparent transmission by the IOTP Application Core to some IOTP aware remote party. Normally, this process continues between the two parties until the Payment Handler's Payment API signals the payment termination. Exceptionally, each system component may signal failures. The relationship between the aforementioned components is illustrated in the following figure. These components might be related to each other in a flexible n-to-m-manner: o One IOTP Application Core may manage multiple IOTP Payment Bridges and the latter might be shared between multiple IOTP Application Cores. o Each Payment Bridge may manage multiple Existing Payment Software modules and the latter might be shared between multiple Payment Bridges. o Each Existing Payment Software may manage multiple payment schemes (e.g., SET) and the latter might be supported by multiple Existing Payment Software modules. For more information on SET see [SET]. o Each payment scheme may support multiple payment instruments (e.g., particular card) or methods (e.g., Visa via SET) and the latter might be shared by multiple Existing Payment Software Components. Hans, et al. Informational [Page 6] RFC 3867 Payment API for IOTP November 2004 *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* IOTP client (consumer) <---------------> IOTP server (merchant) ( contains Internet ( contains IOTP Application Core) IOTP Application Core) ^ ^ | IOTP Payment | IOTP Payment | API | API v v IOTP Payment Bridge IOTP Payment Bridge ^ ^ | Existing Payment APIs, e.g., | | SET, Mondex, etc. | v v Existing Payment Software Existing Payment Software *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Figure 1: Relationship of the Components The Payment API considers the following transaction types of Baseline IOTP: o Baseline Purchase, o Baseline Refund, o Baseline Value Exchange, o Baseline Withdrawal, and o Baseline (Payment) Inquiry. For more information on Baseline IOTP, see [IOTP] and [IOTPBOOK]. First, the authors' vision of the IOTP aware application's and its main components' capabilities are clarified: On the one hand, the Payment API should be quite powerful and flexible for sufficient connection of the generic and specific components. On the other hand, the Payment API should not be overloaded with nice-to-haves being unsupported by Existing Payment Software. Despite the strong similarities on the processing of successful payments, failure resolution and inquiry capabilities differ extremely among different payment schemes. These aspects may even vary between different payment instrument using the same payment schemes. Additionally, the specific requirements of Consumers, Merchants and Payment Handlers add variance and complexity. Therefore, it is envisioned that the IOTP Application Core provides only very basic inquiry mechanisms while complex and payment scheme specific inquiries, failure analysis, and failure resolution are fully deferred to the actual Existing Payment Software - including the user interface. Hans, et al. Informational [Page 7] RFC 3867 Payment API for IOTP November 2004 The IOTP Application Core processes payments transparently, i.e., it forwards the wrapped payment scheme specific messages to the associated IOTP Payment Bridge/Existing Payment Software. The Existing Payment Software might even use these messages for inbound failure resolution. It reports only the final payment status to the IOTP Application Core or some intermediate - might be also final - status on abnormal interruption. The IOTP Application Core implements the generic and payment scheme independent part of the IOTP transaction processing and provides the suitable user interface. Focusing on payment related tasks, it o manages the registered IOTP Payment Bridges and provides a mechanism for their registration - the latter is omitted by this document. o assumes that any IOTP Payment Bridge is a passive component, i.e., it strictly awaits input data and generates one response to each request, o supports the payment negotiation (Consumer: selection of the actual payment instrument or method; Merchant: selection of the payment methods being offered to the Consumer) preceding the payment request, o requests additional payment specific support from the Existing Payment Software via the selected and registered the IOTP Payment Bridge, o initializes and terminates the Existing Payment Software via the IOTP Payment Bridge, o inquires authentication data (for subsequent request or response) from the Existing Payment Software, specific authentication component - omitted in this document - or Consumer (by a suitable user interface), o supervises the online transaction process and traces its progress, o stores the transaction data being exchanged over the IOTP wire - payment scheme specific data is handled transparently, o relates each payment transaction with multiple payment parameters (IOTP Transaction Identifier, Trading Protocol Options, Payment Instrument/Method, Offer Response, IOTP Payment Bridge, and Wallet Identifier, associated remote Parties). The relation might be Hans, et al. Informational [Page 8] RFC 3867 Payment API for IOTP November 2004 lowered to the party's Payment Identifier, IOTP Payment Bridge, Wallet Identifier, and the remote parties when the actual payment transaction has been successfully started. o implements a payment transaction progress indicator, o enables the inquiry of pending and completed payment transactions, o implements generic dialogs, e.g., brand selection, payment acknowledge, payment suspension / cancellation, receipt visualization, basic transaction inquiry, balance inquiry, or receipt validation, o defers payment specific processing, supervision, validation, and error resolution to the Existing Payment Software. It is expected, that the Existing Payment Software will try to resolve many errors first by the extended exchange of Payment Exchange messages. The most significant and visible failures arise from sudden unavailability or lapses of the local or opposing payment component. o supports the invocation of any Existing Payment Software in an interactive mode, which might be used (1) for the payment scheme specific post-processing of a (set of) payment transactions, (2) for the analysis of a payment instrument, (3) for the registration of a new payment instrument/scheme, or (4) re-configuration of a payment instrument/scheme. o exports call back functions for use by the IOTP Payment Bridge or Existing Payment Software for progress indication. In addition, the IOTP Application Core o manages the IOTP message components and IOTP message blocks exchanged during the transaction which may be referenced and accessed during the processing of subsequent messages, e.g., for signature verification. In particular, it stores named Packaged Content elements exchanged during payments. o manages several kinds of identifiers, i.e., transaction, message, component, and block identifiers, o implements a message caching mechanism, o detects time-outs at the protocol and API level reflecting the communication with both the IOTP aware remote party and the Payment API aware local periphery, e.g., chip card (reader) may raise time-outs. Hans, et al. Informational [Page 9] RFC 3867 Payment API for IOTP November 2004 However, the IOTP Payment Bridge and Existing Payment Software do not have to rely on all of these IOTP Application Core's capabilities. E.g., some Consumer's Existing Payment Software may refuse the disclosure of specific payment instruments at brand selection time and may delay this selection to the "Check Payment Possibility" invocation using its own user interface. The IOTP Payment Bridge's capabilities do not only deal with actual payments between the Consumer and the Payment Handler but extend to the following: o translation and (dis)assemblage of messages between the formats of the IOTP Payment API and those of the Existing Payment Software. Payment API requests and response are strictly 1-to-1 related. o Consumer's payment instrument selection by the means of an unsecured/public export of the relationship of payment brands, payment protocols, and payment instruments (identifiers). Generally, this includes not just the brand (Mondex, GeldKarte, etc.) but also which specific instance of the instrument and currency to use (e.g., which specific Mondex card and which currency of all those available). However, some Existing Payment Software may defer the selection of the payment instrument to the actual payment carrying-out or it may even lack any management of payment instruments. E.g., chip card based payment methods may offer - Point of Sale like - implicit selection of the payment instrument by simple insertion of the chip card into the chip card reader or it interrogates the inserted card and requests an acknowledge (or selection) of the detected payment instrument(s). o payment progress checks, e.g., is there enough funds available to carry out the purchase, or enough funds left for the refund, o IOTP Payment Receipt checks which might be performed over its Packaged Content or by other means. o recoding of payment scheme specific receipts into a format which can be displayed to the user or printed, o cancellation of payment, even though it is not complete, o suspension and resumption of payment transactions. Two kinds of failures the Existing Payment Software might deal with are (1) the time-out of the network connection and (2) lack of funds. For resolution, the IOTP Application Core may try the suspension with a view to later possible resumption. Hans, et al. Informational [Page 10] RFC 3867 Payment API for IOTP November 2004 o recording the payment progress and status on a database. E.g., information about pending payments might be used to assist their continuation when the next payment protocol message is received. o payment transaction status inquiry, so that the inquirer - IOTP Application Core or User - can determine the appropriate next step. o balance inquiry or transaction history, e.g., consumers may interrogate their chip card based payment instrument or remotely administer some account in advance of a payment transaction acknowledge, o inquiry on abnormal interrupted payment transactions, which might be used by the IOTP Application Core to resolve these pending transactions at startup (after power failure). o payment progress indication. This could be used to inform the end user of details on what is happening with the payment. o payment method specific authentication methods. Existing Payment Software may not provide full support of these capabilities. E.g., some payment schemes may not support or may even prevent the explicit transaction cancellation at arbitrary phases of the payment process. In this case, the IOTP Payment Bridge has to implement at least skeletons that signal such lack of support by the use of specific error codes (see below). The Existing Payment Software's capabilities vary extremely. It o supports payment scheme specific processing, supervision, validation, and error resolution. It is expected, that many errors are tried to be resolved first by the extended exchange of Payment Exchange messages. o provides hints for out-of-band failure resolution on failed inbound resolution - inbound resolution is invisible to the IOTP Application Core. o may implement arbitrary transaction data management and inquiry mechanisms ranging from no transaction recording, last transaction recording, chip card deferred transaction recording, simple transaction history to sophisticated persistent data management with flexible user inquiry capabilities. The latter is required by Payment Handlers for easy and cost effective failure resolution. Hans, et al. Informational [Page 11] RFC 3867 Payment API for IOTP November 2004 o implements the payment scheme specific dialog boxes. Even the generic dialog boxes of the IOTP Application Core might be unsuitable: Particular (business or scheme) rules may require some dedicated appearance / structure / content or the dialog boxes, may prohibit the unsecured export of payment instruments, or may prescribe the pass phrase input under its own control. 2. Message Flow The following lists all functions of the IOTP Payment API: o Brand Compilation Related API Functions "Find Accepted Payment Brand" identifies the accepted payment brands for any indicated currency amount. "Find Accepted Payment Protocol" identifies the accepted payment protocols for any indicated currency amount (and brand) and returns payment scheme specific packaged content for brand selection purposes. This function might be used in conjunction with the aforementioned function or called without any brand identifier. "Get Payment Initialization Data" returns additional payment scheme specific packaged content for payment processing by the payment handler. "Inquire Authentication Challenge" returns the payment scheme specific authentication challenge value. "Check Authentication Response" verifies the returned payment scheme specific authentication response value. "Change Process State" is used (here only) for abnormal termination. (cf. Payment Processing Related API Functions). o Brand Selection Related API Functions "Find Payment Instrument" identifies which instances of a payment instrument of a particular payment brand are available for use in a payment. "Check Payment Possibility" checks whether a specific payment instrument is able to perform a payment. Hans, et al. Informational [Page 12] RFC 3867 Payment API for IOTP November 2004 "Authenticate" forwards any payment scheme specific authentication data to the IOTP Payment Bridge for processing. "Change Process State" is used (here only) for abnormal termination. (cf. Payment Processing Related API Functions). o Payment Processing Related API Functions "Start or Resume Payment Consumer/Payment Handler" initiate or resume a payment transaction. There exist specific API functions for the two trading roles Consumer and Payment Handler. "Continue Process" forwards payment scheme specific data to the Existing Payment Software and returns more payment scheme specific data for transmission to the counter party. "Change Process State" changes the current status of payment transactions. Typically, this call is used for termination or suspension without success. o General Inquiry API Functions "Remove Payment Log" notifies the IOTP Payment Bridge that a particular entry has been removed from the Payment Log of the IOTP Application Core. "Payment Instrument Inquiry" retrieves the properties of Payment Instruments. "Inquire Pending Payment" reports any abnormal interrupted payment transaction known by the IOTP Payment Bridge. Payment Processing Related Inquiry API Functions "Check Payment Receipt" checks the consistency and validity of IOTP Payment Receipts, received from the Payment Handler or returned by "Inquire Process State" API calls. Typically, this function is called by the Consumer during the final processing of payment transactions. Nevertheless, this check might be advantageous both for Consumers and Payment Handlers on failure resolution. "Expand Payment Receipt" expands the Packaged Content of IOTP Payment Receipts as well as payment scheme specific payment receipts into a form which can be used for display or printing purposes. "Inquire Process State" responds with the payment state and the IOTP Payment Receipt Component. Normally, this function is called by the Payment Handler for final processing of the payment transaction. Hans, et al. Informational [Page 13] RFC 3867 Payment API for IOTP November 2004 "Start Payment Inquiry" prepares the remote inquiry of the payment transaction status and responds with payment scheme specific data that might be needed by the Payment Handler for the Consumer initiated inquiry processing. "Inquire Payment Status" is called by the Payment Handler on Consumer initiated inquiry requests. This function returns the payment scheme specific content of the Inquiry Response Block. "Continue Process" and "Change Process State" (cf. Payment Processing Related API Calls) o Other API Functions "Manage Payment Software" enables the immediate activation of the Existing Payment Software. Further user input is under control of the Existing Payment Software. "Call Back" provides a general interface for the visualization of transaction progress by the IOTP Application Core. The following table shows which API functions must (+), should (#), or might (?) be implemented by which Trading Roles. API function Consumer Payment Handler Merchant ------------ -------- --------------- -------- Find Accepted Payment Brand + Find Accepted Payment Protocol # Find Payment Instrument + Get Payment Initialization Data + Check Payment Possibility + Start Payment Consumer + Start Payment Payment Handler + Resume Payment Consumer # Resume Payment Payment Handler # Continue Process + + Inquire Process State + + ? Change Process State + + ? Check Payment Receipt + ? Expand Payment Receipt # ? Remove Payment Log ? ? ? Inquire Authentication Challenge ? Hans, et al. Informational [Page 14] RFC 3867 Payment API for IOTP November 2004 Authenticate + Check Authentication Response ? Payment Instrument Inquiry ? Inquire Pending Payment # # Start Payment Inquiry ? Inquire Payment Status ? Manage Payment Software # ? ? Call Back # Table 1: Requirements on API Functions by the Trading Roles The next sections sketch the relationships and the dependencies between the API functions. They provide the informal description of the progress alternatives and depict the communication and synchronization between the general IOTP Application Core and the payment scheme specific modules. 2.1. Authentication Documentation Exchange This section describes how the functions in this document are used together to process authentication. *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Authenticator Inquire Authentication Challenge(Alg1*) -> IPB Inq. Auth. Challenge Response(Alg1,Ch1) <- IPB . . . Inquire Authentication Challenge(Algn*) -> IPB Inq. Auth. Challenge Response(Algn,Chn) <- IPB Create and transmit Authentication Request Block Authenticatee Authenticate(Alg1, Ch1) -> IPB AuthenticateResponse(...) <- IPB . . . Authenticate(Algm, Chm) -> IPB AuthenticateResponse(Res) <- IPB Create and transmit Authentication Response Block Authenticator Check Authentication Response(Algm,Chm,Res)->IPB Check Auth. Response() <-IPB Create and transmit Authentication Status Block *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Figure 2. Authentication Message Flows Hans, et al. Informational [Page 15] RFC 3867 Payment API for IOTP November 2004 1. (Authenticator Process) None, one or multiple IOTP Payment Bridges (IPB) are requested for one or multiple authentication challenge values ("Inquire Authentication Challenge"). Each value is encapsulated in an IOTP Authentication Request Component. In addition, the IOTP Application Core may add payment scheme independent authentication methods. All of them form the final IOTP Authentication Request Block, which describes the set of authentication methods being supported by the authenticator and from which the Authenticatee has to choose one method. Note that the interface of the API function is limited to the response of exactly one algorithm per call. If the IOTP Application Core provides a choice of algorithms for input, this choice should be reduced successively by the returned algorithm ({Alg(i+1)*} is subset of {Algi*}). During the registration of new Payment Instruments, the IOTP Payment Bridge notifies the IOTP Application Core about the supported authentication algorithms. 2. On the presence of an IOTP Authentication Block within the received IOTP message, the Authenticatee's IOTP Application Core checks whether the IOTP transaction type in the current phase actually supports the authentication process. For each provided Authentication Request Component, the IOTP Application Core analyzes the algorithms' names, the transaction context, and optionally user preferences in order to determine the system components which are capable to process the authentication request items. Such system components might be the IOTP Application Core itself or any of the registered IOTP Payment Bridges. Subsequently, the IOTP Application Core requests the responses to the supplied challenges from the determined system components in any order. The authentication trials stop with the first successful response, which is included in the IOTP Authentication Response Block. Alternatively, the IOTP Application might ask for a user selection. This might be appropriate, if two or more authentication algorithms are received that require explicit user interaction, like PIN or chip card insertion. The Authenticatee's organizational data is requested by an IOTP Authentication Request Block without any content element. On failure, the authentication (sequence) might be retried, or the whole transaction might be suspended or cancelled. Hans, et al. Informational [Page 16] RFC 3867 Payment API for IOTP November 2004 3. (Authenticator Process) The IOTP Application Core checks the presence of the IOTP Authentication Response Component in the Authentication Response Block and forwards its content to the generator of the associated authentication challenge for verification ("Check Authentication Response"). On sole organizational data request, its presence is checked. Any verification must succeed in order to proceed with the transaction. 2.2. Brand Compilation The following shows how the API functions are used together so that the Merchant can (1) compile the Brand List Component, (2) generate the Payment Component, and (3) adjust the Order Component with payment scheme specific packaged content. Hans, et al. Informational [Page 17] RFC 3867 Payment API for IOTP November 2004 *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Merchant For each registered IOTP Payment Bridge | Find Accepted Payment Brand() -> IPB | Find Accepted Payment Brand Response (B*) <- IPB | Find Accepted Payment Protocol(B1) -> IPB | Find Accepted Payment Protocol Res.(P1*) <- IPB | . . . | Find Accepted Payment Protocol(Bn) -> IPB | Find Accepted Payment Protocol Res.(Pn*) <- IPB Create one Brand List Component, ideally sharing common Brand, Protocol Amount, Currency Amount, and Pay Protocol Elements Create Trading Protocol Options Block On brand independent transactions | Create Brand Selection Component, implicitly | Get Payment Initialization Data(B1,P1) -> IPB | Get Payment Initialization Data Res.() <- IPB | Optionally | | Inquire Process State() -> IPB | | Inquire Process State Response(State) <- IPB | Create Offer Response Block Transmit newly created Block(s) Consumer Consumer selects Brand (Bi)/Currency/Protocol (Pj) from those that will work and generates Brand Selection Component - at least logically On brand dependent transaction | Transmit Brand Selection Component Merchant On brand dependent transaction | Get Payment Initialization Data(Bi,Pj) -> IPB | Get Payment Initialization Data Res.() <- IPB | Optionally | | Inquire Process State() -> IPB | | Inquire Process State Response(State) <- IPB | Create Offer Response Block | Transmit newly created Block *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Figure 3. Brand Compilation Message Flows 1. The Merchant's commerce server controls the shopping dialog with its own mechanisms until the Consumer checks out the shopping cart and indicates the payment intention. The notion shopping subsumes any non-IOTP based visit of the Merchant Trading Role's (which subsumes Financial Institutes) web site in order to negotiate the content of the IOTP Order Component. The subsequent processing switches to the IOTP based form by the activation of the Merchant's IOTP aware application. Hans, et al. Informational [Page 18] RFC 3867 Payment API for IOTP November 2004 2. The IOTP Application Core inquires for the IOTP level trading parameters (Consumer's shopping identifier, payment direction, initial currency amounts, discount rates, Merchant's and Delivery Handler's Net Locations, Non-Payment Handler's Organizational Data, initial order information, ....). 3. The registered IOTP Payment Bridges are inquired by the IOTP Application Core about the accepted payment brands ("Find Accepted Payment Brand"). Their responses provide most of the attribute values for the compilation of the Brand List Component's Brand Elements. The IOTP Application Core might optionally match the returned payment brands with Merchant's general preferences. The IOTP Application Core must provide any wallet identifiers, if they are required by the IOTP Payment Bridges which signal their need by specific error codes (see below). Any signaled error that could not be immediately solved by the IOTP Application Core should be logged - this applies also to the subsequent API calls of this section. In this case, the IOTP Application Core creates an IOTP Error Block (hard error), transmits it to the Consumer, and terminates the current transaction. 4. The IOTP Application Core interrogates the IOTP Payment Bridges for each accepted payment brand about the supported payment protocols ("Find Accepted Payment Protocol"). These responses provide the remaining attribute values of the Brand Elements as well as all attribute values for the compilation of the Brand List Component's Protocol Amount and Pay Protocol Elements. Furthermore, the organisational data about the Payment Handler is returned. The IOTP Application Core might optionally match the returned payment brands with Merchant's general preferences. Alternatively, the IOTP Application Core might skip the calls of "Find Accepted Payment Brands" (cf. Step 3) and issue the "Find Accepted Payment Protocol" call without any Brand given on the input parameter list. In this case, the IOTP Payment Bridge responds to the latter call with the whole set of payment schemes supported w.r.t. the other input parameters. 5. The steps 3 and 4 are repeated during IOTP Value Exchange transactions - these steps are omitted in the previous figure. 6. The IOTP Application Core compiles the Brand List Component(s) and the IOTP Trading Protocol Options Block. It is recommended that the "equal" items returned by IOTP Payment Bridge function calls are shared due to the extensive linking capabilities within Hans, et al. Informational [Page 19] RFC 3867 Payment API for IOTP November 2004 the Brand List Component. However, the compilation must consider several aspects in order to prevent conflicts - sharing detection might be textual matching (after normalization): o Packaged Content Elements contained in the Brand List Component (and subsequently generated Payment and Order Components) might be payment scheme specific and might depend on each other. o Currently, IOTP lacks precise rules for the content of the Packaged Content Element. Therefore, transaction / brand / protocol / currency amount (in)dependent data might share the same Packaged Content Element or might spread across multiple Packaged Content Elements. o The Consumer's IOTP Application Core transparently passes the Packaged Content Elements to the IOTP Payment Bridges which might not be able to handle payment scheme data of other payment schemes, accurately. The rules and mechanisms of how this could be accomplished are out of the scope of this document. Furthermore, this document does not define any further restriction to the IOTP specification. 7. The IOTP Application Core determines whether the IOTP message can be enriched with an Offer Response Block. This is valid under the following conditions: o All payment alternatives share the attribute values and Packaged Content Elements of the subsequently generated IOTP Payment and Order Components. o The subsequently generated data does not depend on any IOTP BrandSelInfo Elements that might be reported by the consumer within the TPO Selection Block in the brand dependent variant. If both conditions are fulfilled, the IOTP Application Core might request the remaining payment scheme specific payment initialization data from the IOTP Payment Bridge ("Get Payment Initialization Data") and compile the IOTP Offer Response Block. Optionally, the IOTP Application Core might request the current process state from the IOTP Payment Bridge and add the inferred order status to the IOTP Offer Response Block. Alternatively, IOTP Application might determine the order status on its own. As in step 6, the rules and mechanisms of how this could be accomplished are out of the scope of this document. Hans, et al. Informational [Page 20] RFC 3867 Payment API for IOTP November 2004 8. The IOTP Application Core compiles the IOTP TPO Message including all compiled IOTP Blocks and transmits the message to the Consumer. The IOTP Application Core terminates if an IOTP Offer Response Block has been created. 9. The Consumer performs the Brand Selection Steps (cf. Section 2.3) and responds with a TPO Selection Block if no IOTP Offer Response Block has been received. Otherwise, the following step is skipped. 10. On brand dependent transactions, the IOTP Application Core requests the remaining payment scheme specific payment initialization data from the IOTP Payment Bridge ("Get Payment Initialization Data"), compiles the IOTP Offer Response Block, transmits it to the Consumer, and terminates. Like Step 7, the IOTP Application Core might access the current process state of the IOTP Payment Bridge for the compilation of the order status. Any error during this process raises an IOTP Error Block. 2.3. Brand Selection This section describes the steps that happen mainly after the Merchant's Brand Compilation (in a brand independent transaction). However, these steps might partially interlace the previous process (in a brand dependent transaction). *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Merchant Merchant generates Brand List(s) containing Brands, Payment Protocols and Currency Amounts On brand independent transactions | Merchant generates Offer Response Block Consumer Compile set(s) of Brands B/Protocols P for each set | Find Payment Instrument(B, P, C) -> IPB | Find Payment Instrument Response (PI*) <- IPB Consumer selects Brand/Currency/Payment Instrument from those that will work and generates Brand Selection Component For the Selection | Get Payment Initialization Data(B,C,PI,P) -> IPB | Get Payment Initialization Data Response()<- IPB On brand dependent transaction | Generate and transmit TPO Selection Block Merchant On brand dependent transaction | Merchant checks Brand Selection and generates | and transmits Offer Response Block *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Hans, et al. Informational [Page 21] RFC 3867 Payment API for IOTP November 2004 Figure 4. Brand Selection Message Flows 1. The Merchant's commerce server controls the shopping dialog with its own mechanisms until the Consumer checks out the shopping cart and indicates his payment intention. The subsequent processing switches to the IOTP based form by the activation of the Merchant's IOTP aware application. 2. The IOTP Application Core compiles the IOTP Trading Protocol Options Block which contains the IOTP Brand List Component(s) enumerating Merchant's accepted payment brands and payment protocols and initiates the Brand Selection process. 3. This first IOTP message activates the Consumer's IOTP aware application, e.g., the Web browser invokes a helper application (e.g., Java applet or external application). Its IOTP Application Core o infers the accepted payment brands, payment protocols, payment direction, currencies, payment amounts, any descriptions etc., and their relationships from the IOTP message, o determines the registered IOTP Payment Bridges, o compiles one or multiple sets of brand and protocol such that the join of all sets describes exactly the payment alternatives being offered by the Merchant. o inquires payment (protocol) support and the known payment instruments from each registered IOTP Payment Bridge for each compiled set ("Find Payment Instrument"). However, some IOTP Payment Bridges may refuse payment instrument distinction. The payment protocol support may differ between payment instruments if the IOTP Payment Bridge supports payment instrument distinction. These API calls are used to infer the payment alternatives at the startup of any payment transaction (without user unfriendly explicit user interaction). The IOTP Application Core must provide wallet identifiers, if they are requested by the IOTP Payment Bridges which signal their need by specific error codes (see below). It is recommended that the IOTP Application Core manages wallet identifiers. But for security reasons, it should store pass phrases in plain text only in runtime memory. Developers of IOTP Hans, et al. Informational [Page 22] RFC 3867 Payment API for IOTP November 2004 Payment Bridges and payment software modules should provide a thin and fast implementation - without lengthy initialization processes - for this initial inquiry step. 4. The IOTP Application Core verifies the Consumer's payment capabilities with the Merchant's accepted payment brands and currencies, o displays the valid payment instruments and payment instrument independent payment brands (brand and protocol) together with their purchase parameters (payment direction, currency, amount), and o requests the Consumer's choice or derives it automatically from any configured preferences. Any selection ties one IOTP Payment Bridge with the following payment transaction. The handling and resolution of unavailable IOTP Payment Bridges during the inquiry in Step 3 is up to the IOTP Application Core. It may skip these IOTP Payment Bridges or may allow user supported resolution. Furthermore, it may offer the registration of new payment instruments when the Consumer is asked for payment instrument selection. 5. The IOTP Application Core interrogates the fixed IOTP Payment Bridge whether the payment might complete with success ("Check Payment Possibility"). At this step, the IOTP Payment Bridge may issue several signals, e.g., o payment can proceed immediately, o required peripheral inclusive of some required physical payment instrument (chip card) is unavailable, o (non-IOTP) remote party (e.g., issuer, server wallet) is not available, o wallet identifier or pass phrase is required, o expired payment instrument (or certificate), insufficient funds, or o physical payment instrument unreadable. In any erroneous case, the user should be notified and offered accurate alternatives. Most probably, the user might be offered o to resolve the problem, e.g., to insert another payment instrument or to verify the periphery, o to proceed (assuming its success), o to cancel the whole transaction, or Hans, et al. Informational [Page 23] RFC 3867 Payment API for IOTP November 2004 o to suspend the transaction, e.g., initiating a nested transaction for uploading an electronic purse. If the payment software implements payment instrument selection on its own, it may request the Consumer's choice at this step. If the check succeeds, it returns several IOTP Brand Selection Info Elements. 6. The Steps 2 to 5 are repeated and possibly interlaced for the selection of the second payment instrument during IOTP Value Exchange transactions - this is omitted in the figure above. 7. The IOTP Brand Selection Component is generated and enriched with the Brand Selection Info elements. This component is transmitted to the Merchant inside a TPO Selection Block if the received IOTP message lacks the IOTP Offer Response Block. The Merchant will then respond with an IOTP Offer Response Block (following the aforementioned compilation rules). 2.4. Successful Payment An example of how the functions in this document are used together to effect a successful payment is illustrated in the Figure 5. In the figure 5, PS0, PS1, ..., and PSn indicate the nth PayScheme Packaged Content data, and [ ] indicates optional. (Technically, two payments happen during IOTP Value Exchange transactions.) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Consumer Start Payment Consumer(Amount,[PS0]...) -> IPB Start Payment Cons. Res.([PS1], CS=Cont.) <- IPB Create and transmit Payment Request Block Payment Handler Start Payment Pay. Handler(Amount, [PS1]) -> IPB Start Payment PH Response(PS2, CS=Cont.) <- IPB Create and transmit Payment Exchange Block Consumer Continue Process(PS2) -> IPB Continue Process Response(PS3, CS=Cont.) <- IPB ... CONTINUE SWAPPING PAYMENT EXCHANGES UNTIL ... Payment Handler Continue Process Response([PSn], CS=End) <- IPB Request any local payment receipt | Inquire Process State() -> IPB | Inquire Proc. State Resp.(State, [Rcp.])<- IPB Create and transmit Payment Response Block Terminate transaction, actively Hans, et al. Informational [Page 24] RFC 3867 Payment API for IOTP November 2004 | Change Process State(State) -> IPB | Change PS Response(State=CompletedOK) <- IPB Consumer On receipt of final payment scheme data | Continue Process(PSn) -> IPB | Continue Process Response(CS=End) <- IPB Check Payment Receipt(Receipt) -> IPB Check Payment Receipt Response() <- IPB Request any local payment receipt | Inquire Process State() -> IPB | Inquire Proc. State Resp.(State, [Rcp.])<- IPB Terminate transaction, actively | Change Process State(State) -> IPB | Change PS Response(State=CompletedOk) <- IPB *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Figure 5. Example Payment Message Flows 1. After Brand Selection and receipt of the IOTP Offer Response Block, the Consumer switches from communicating with the Merchant to communicating with the Payment Handler. This might be a milestone requiring the renewed Consumer's agreement about the payment transaction's continuation. Particularly, this is a good moment for payment suspension (and even cancellation), which will be most probably supported by all payment schemes. Simply, because the actual payment legacy systems have not yet been involved in the current transaction. Such an agreement might be explicit per transaction or automatic based on configured preferences, e.g., early acknowledgments for specific payment limits. It is assumed, that the transaction proceeds with minimal user (Consumer and Payment Handler) interaction and that its progress is controlled by the IOTP Application Core and IOTP Payment Bridge. 2. In order to open the actual payment transaction, the IOTP Application Core issues the "Start Payment Consumer" request towards the IOTP Payment Bridge. This request carries the whole initialization data of the payment transaction being referred to by the IOTP Payment Bridge for subsequent consistency checks: o payment brand and its description from the selected Brand Element of the IOTP Brand List Component, o payment instrument from preceding inquiry step, Hans, et al. Informational [Page 25] RFC 3867 Payment API for IOTP November 2004 o further payment parameters (currency, amount, direction, expiration) from the selected Currency Amount element, Brand List Component, and Payment Component of the IOTP Offer Response Block, o payment protocol from the selected IOTP Pay Protocol Element, o order details contained in the IOTP Order Component which might be payment scheme specific, o payment scheme specific data inclusive of the payment protocol descriptions from the IOTP Protocol Amount Element, and IOTP Pay Protocol Element, and o payment scheme specific data inclusive of the payment protocol descriptions, in which the name attribute includes the prefix as "Payment:" from the Trading Role Data Component. Generally, the called API function re-does most checks of the "Check Payment Possibility" call due to lack of strong dependencies between both requests: There might be a significant delay between both API requests. The called API function may return further payment scheme specific data being considered as payment specific initialization data for the Payment Handler's IOTP Payment Bridge. If the fixed Existing Payment Software implements payment instrument selection on its own, it may request the Consumer's choice at this step. The IOTP Payment Bridge reports lack of capability quite similarly to the "Check Payment Possibility" request to the IOTP Application Core. The Consumer may decide to resolve the problem, to suspend, or to cancel the transaction, but this function call must succeed in order to proceed with the transaction. Developers of payment modules may decide to omit payment instrument related checks like expiration date or refunds sufficiency, if such checks are part of the specific payment protocol. If the IOTP Payment Bridge requests wallet identifiers or pass phrases anywhere during the payment process, they should be requested by this API function, too. It is recommended that the IOTP Application Core stores plain text pass phrases only in runtime memory. Finally, the IOTP Application Core generates the IOTP Payment Request Block, inserts any returned payment scheme data, and submits it to the Payment Handler's system. Hans, et al. Informational [Page 26] RFC 3867 Payment API for IOTP November 2004 3. The Payment Handler's IOTP Application Core opens the payment transaction calling the "Start Payment Payment Handler" API function. The payment brand, its description, payment protocol, payment specific data, payment direction, currency and payment amount are determined quite similar to the Consumer's IOTP Application Core. Furthermore, the content of the IOTP Payment Scheme Component and the IOTP Brand Selection Info Elements are passed to this function. On success, the Payment Handler's IOTP Payment Bridge responds with payment scheme specific data. On failures, this non- interactive server application has to resolve any problems on its own or to give up aborting the payment transaction. However, the Consumer may restart the whole payment transaction. Anyway, the payment log file should reflect any trials of payments. Eventually, the Payment Handler informs the Consumer about the current IOTP Process State using the IOTP Payment Response or IOTP Error Block. Note that the "Start Payment Payment Handler" call might return the Continuation Status "End" such that payment processing proceeds with Step 7. 4. The IOTP Application Core verifies the presence of the Payment Exchange Block in the IOTP message and passes the contained payment scheme specific data to the fixed IOTP Payment Bridge ("Continue Process") which returns the next IOTP Payment Scheme Component. This Payment Scheme Component is encapsulated in an IOTP Payment Exchange Block and transmitted to the Payment Handler. 5. The Payment Handler's IOTP Application Core verifies the presence of the Payment Exchange Block and passes the contained payment scheme specific data to the fixed IOTP Payment Bridge ("Continue Process") which returns the next IOTP Payment Scheme Component for encapsulation and transmission to the Consumer. 6. The payment process continues with IOTP Payment Exchange Block exchanges, carrying the payment scheme specific data. Each party (1) submits the embedded payment scheme specific data transparently to the appropriate IOTP Payment Bridge calling the "Continue Process" API function, (2) wraps the returned payment scheme specific data into an IOTP Payment Exchange Block, and (3) transmits this block to the counter party. Hans, et al. Informational [Page 27] RFC 3867 Payment API for IOTP November 2004 However, the processing of the payment scheme specific data may fail for several reasons. These are signaled by specific error codes which are transformed to IOTP Payment Response Blocks (generated by Payment Handler) or IOTP Error Blocks (both parties may generate them) and transmitted to the counter party. 7. Eventually, the Payment Handler's IOTP Payment Bridge recognizes the termination of the payment transaction and reports this by the continuation status "End" on the output parameter of "Continue Process" (or "Start Payment Payment Handler"). Then, the IOTP Application Core issues the "Inquire Process State" API call and verifies whether an IOTP Payment Receipt Component has been returned. The IOTP Application Core wraps the payment receipt, the status response, and the optional payment scheme specific data in an IOTP Payment Response Block and transmits this block to the Consumer. However, any of these API calls may fail or any response might be incomplete (e.g., lack of payment receipt). Then, the Consumer has to be notified about the failed processing by an IOTP Error Block. Finally, the Payment Handler terminates the payment transaction with the "Change Process State" API call without awaiting any further response from the Consumer. Further failures are not reported to the Consumer. Note that it might be possible that the Consumer's IOTP Payment Bridge has returned the previous payment scheme specific data with the continuation status "End". Even in the absence of this knowledge - this status is not exchanged between the Consumer and the Payment Handler - the Payment Handler must not supply any further payment scheme specific data. Such data will be rejected by the Consumer's IOTP Payment Bridge. 8. The Consumer passes the optional payment scheme specific data and the payment receipt to the fixed IOTP Payment Bridge by "Continue Process" and "Check Payment Receipt" API calls. Afterwards, the IOTP Application Core issues the "Inquire Process State" API call and verifies whether extensions to the payment receipt have been returned. Finally, the transaction is terminated by calling the "Change Process State" API function which verifies and synchronizes the reported payment status with the local one and signals any inconsistencies. Any Inconsistency and returned status text should be displayed to the Consumer. Hans, et al. Informational [Page 28] RFC 3867 Payment API for IOTP November 2004 At this point, the payment transaction has already been closed by the Payment Handler. Therefore, any failure has to be resolved locally or out-of-band. 2.5. Payment Inquiry In Baseline IOTP, Payment inquiries are initiated by the Consumer in order to verify the current payment progress and process state at the remote Payment Handler. In the figure 6, PS1 and PS2 indicate the first and second PayScheme Packaged Content data, and [ ] indicates optional. *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Consumer Start Payment Inquiry() -> IPB Start Payment Inquiry Response([PS1]) <- IPB Create and transmit Inquiry Request Trading Block Payment Handler Inquire Payment Status([PS1]) -> IPB Inquire Payment Status Res.(State, [PS2]) -> IPB Create and transmit Inquiry Response Trading Block Consumer If Payment Scheme Data present | Continue Process(PS2) -> IPB | Continue Process Response(CS=End) <- IPB Change Process State(State) -> IPB Change Process State Response(State) <- IPB *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Figure 6. Remote Process State Inquiry 1. The Consumer might initiate a payment inquiry once the payment transaction has been opened by the IOTP Application Core, i.e., at any time after the initial submission of the IOTP Payment Request Block. The IOTP Application Core requests any additional specific payment scheme data from the IOTP Payment Bridge which has been fixed during brand selection (cf. Section 2.3) using the "Start Payment Inquiry" API request. Erroneous API responses should be reported to the Consumer and valid alternatives (typically retry and cancellation) should be presented by the IOTP Application Core. This request might perform the complete initialization, e.g., availability check of periphery or pass phrase supplement, and the IOTP Payment Bridge reports lack of capability quite similarly to the "Check Payment Possibility" request to the IOTP Application Core. Hans, et al. Informational [Page 29] RFC 3867 Payment API for IOTP November 2004 If the IOTP Payment Bridge requests wallet identifiers or pass phrases anywhere during the payment process, they should be requested by this API function, too. It is recommended that the IOTP Application Core store plain text pass phrases only in runtime memory. The IOTP Application Core encapsulates any Payment Scheme Component in an IOTP Inquiry Request Block and submits the block to the Payment Handler. 2. The Payment Handler analyses the IOTP Inquire Request Block, maps the Transaction Identifier to payment related attributes (brand, consumer and payment identifiers), determines the appropriate IOTP Payment Bridge, and forwards the request to the this IOTP Payment Bridge ("Inquire Payment Status"). The IOTP Application Core transforms the response to an IOTP Inquiry Response Block and transmits it to the Consumer. 3. On receipt of the respective IOTP Inquiry Response Block the Consumer's IOTP Application Core submits any encapsulated payment scheme specific data to the IOTP Payment Bridge for verification ("Continue Process"). 4. The IOTP Application Core passes the reported payment status (except textual descriptions) to the IOTP Payment Bridge ("Change Process State") for verification purposes and payment status change. The IOTP Payment Bridge reports any inconsistencies as well as the final payment status to the IOTP Application Core. Any additional information that might be of interest to the Consumer has to be displayed by the IOTP Payment Bridge or Existing Payment Software on their own. 2.6. Abnormal Transaction Processing 2.6.1. Failures and Cancellations The IOTP specification distinguishes between several classes of failures: o Business and technical errors o Error depths of transport, message and block level o Transient errors, warnings, and hard errors. Any IOTP Payment API has to deal with the receipt of failure notifications by and failure responses. This proposal has borrowed the basic mechanisms for error reporting between the IOTP Application Core and the IOTP Payment Bridge from the actual protocol: Business Hans, et al. Informational [Page 30] RFC 3867 Payment API for IOTP November 2004 errors are reported by Status Components within IOTP Response Blocks while technical errors are signaled by Error Components within IOTP Error Blocks. Cancellations are mimicked as specific business errors which might be initiated by each trading party. Preferring slim interfaces, this IOTP Payment API introduces one additional Error Code value for business error indication - errors can be raised on every API call. On receipt of this value, the IOTP Application Core has to infer further details by the issuance of the API function call "Inquire Process State". *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Any Party Issue some API request -> IPB Error Response(Error Code) <- IPB On "Business Error" response | Inquire Process State() -> IPB | Inquire P.S. Resp.(State, Receipt) <- IPB Analyze local process state and try to resolve with optional user interaction If Process State Change needed | Change Process State (State) -> IPB | Change Process State Response(State) <- IPB If counter party's notification required | Create Error or Cancel Block (, add to next | message, ) and transmit it to counter party *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Figure 7. Error Response from IPB The specific Completion Codes "ConsCancelled", "MerchCancelled", and "PaymCancelled" - returned by "Inquire Process State" - determine that the IOTP Cancel Block has to be created instead of an IOTP Error Block. The rules for determining the required behavior of the IOTP Application Core are given in the IOTP specification. Note that any payment (intermediate) termination, i.e., failures, cancellations, and even successes are always reported to the IOTP Payment Bridge by the API function "Change Process State". This API function does both status changes and consistency checking / synchronization. Any suspicion of inconsistency should be reported by the IOTP Payment Bridge for display by the IOTP Application Core. Hans, et al. Informational [Page 31] RFC 3867 Payment API for IOTP November 2004 *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Any Party Error Block or Cancel Block Received If Change Process State required | Change Process State (State) -> IPB | Change Process State Response(State) <- IPB *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Figure 8. Error Notification from counter party Not every failure might be visible at the IOTP layer, e.g., the processing of payment transactions might temporarily be hampered by intermediate failures at the payment scheme or protocol transport layer which might be resolved by the actual components. However, final failures or cancellations have to be reported at the IOTP layer. E.g., communication time-outs and heavily faulty communication channels may disable the transaction. Any system component may implement time-out recognition and use the aforementioned API mechanisms for the notification of process state changes. But, time-outs may happens while communicating with both the counter party and local system components, like chip card readers or IOTP Payment Bridges. Anyway, the Consumer's IOTP Application Core should notify the Consumer about the resolution alternatives, i.e., retry, suspension, and cancellation. 2.6.2. Resumption Payment transaction resumption may apply at different steps of a payment transaction: o The Consumer's and Payment Handler's view of the transaction might not be synchronized: Due to different time-out values the payment transaction may not have been suspended by the counter party. Any "Resume Payment ..." API function responds with an Error Code on non-suspended payment transaction that signals a business error. Afterwards the IOTP Application Core has to issue the "Inquire Process State" API call for further analysis of the process state. o One IOTP message sent by one party might not be processed successfully or even received by the counter party. This needs to be handled by the actual payment scheme. It is expected that the IOTP Application Core will not recognize anything. Hans, et al. Informational [Page 32] RFC 3867 Payment API for IOTP November 2004 o IOTP does not provide any specific signal for payment resumption. On receipt of every IOTP Payment Exchange Block, the IOTP Application Core has to decide whether this Block belongs to a pending transaction or to a suspended transaction that should be resumed. The IOTP Application Core might call the "Inquire Process State" API function to update any lack of knowledge. Any "Resume Payment" API function responds with an Error Code on non-suspended payment transaction that signals a business error. Similar, the "Continue Process" API function should report business errors on non-pending payment transactions. o The payment transaction may not have been created at the Payment Handler (early suspension and failed data transmission). In that case, the IOTP Application Core should respond with a business error that signals the repetition of the payment transaction (by the Consumer). Any "Resume Payment", "Continue Process" or "Inquire Process State" API function should return with an Error Code "AttValIllegal" on non-existent payment transaction whereby the further Error Attribute "Names" denote the payment identifier. o The IOTP Application Core should always request fresh payment scheme specific data on resumption - for synchronization purposes with the Existing Payment Software. Old data in the cache that has not been sent to the counter party should not be accessed. If the Consumer does not reconnect within an acceptable amount of time, the Payment Handler's system may perform local failure resolution in order to close the transaction and to retain resources for other transactions ("Change Process State"). If the Consumer reconnect afterwards, an IOTP Payment Response or IOTP Error Block could be generated. 2.7. IOTP Wallet Initialization At startup or on explicit user request the IOTP Application Core should check its IOTP Payment Bridges' internal status by searching for pending payment transactions. 1. The IOTP Application Core interrogates the registered IOTP Payment Bridges about pending payment transactions. The IOTP Application Core may store indicators for pending transactions and use them for driving any subsequent inquiry ("Inquire Pending Payment"). Hans, et al. Informational [Page 33] RFC 3867 Payment API for IOTP November 2004 2. If one or more IOTP Payment Bridges report the presence of pending transactions, the IOTP Application Core may try to suspend ("Change Process State") or resume (only Consumer: "Resume Payment Consumer") the pending transactions (on user request). The IOTP Payment Bridge may deny the processing of any new payment transactions until the pending transactions have been processed. Such denials are signaled by the error code "Business Error". 2.8. Payment Software Management The IOTP Application Core provides only a simple and generic interface for the registration of new payment methods / instruments ("Manage Payment Software"). It receives the initial user request and defers the actual registration to the corresponding IOTP Payment Bridge. The IOTP Application Core may also activate the Existing Payment Software for further payment instrument and wallet administration. 3. Mutuality The Payment API is formalized using the eXtensible Markup Language (XML). It defines wrapper elements for both the input parameters and the API function's response. In particular, the response wrapper provides common locations for Error Codes and Error Descriptions. It is anticipated that this description reflects the logical structure of the API parameter and might be used to derive implementation language specific API definitions. XML definition: Hans, et al. Informational [Page 35] RFC 3867 Payment API for IOTP November 2004 Most of the attribute items are intended for immediate insertion in the IOTP Error Block. The attribute values of the Error Location elements attribute have to enriched and transformed into Error Location Elements of the Error Component (cf. IOTP Specification). Attributes (cf. IOTP Specification): xml:lang Defines the language used by attributes or child elements within this component, unless overridden by an xml:lang attribute on a child element. ContentSoftwareId Contains information which identifies the software that generated the content of the element. Its purpose is to help resolve interoperability problems that might occur as a result of incompatibilities between messages produced by different software. It is a single text string in the language defined by "xml:lang". It must contain, as a minimum problems that might occur as a result of o the name of the software manufacturer, o the name of the software, o the version of the software, and o the build of the software. ErrorCode Contains an error code which indicates the nature of the error in the message in error. Valid values for the Error Code are given in the following section. This mnemonic enables the automatic failure resolution of the IOTP Application Core which analyzes the error code value in order to determine the continuation alternatives. Hans, et al. Informational [Page 36] RFC 3867 Payment API for IOTP November 2004 ErrorDesc Contains a description of the error in the language defined by xml:lang. The content of this attribute is defined by the vendor/developer of the software that generated the Error Response Element. It is intended for user display and provides detailed explanations about the failure and its (out-of-band) resolution alternatives. Severity Indicates the severity of the error. Valid values are: o Warning. This indicates that although there is a message in error the IOTP Transaction can still continue. o TransientError. This indicates that the error in the message in error may be recovered if the message in error that is referred to by the "Names" attribute is resent. o HardError. This indicates that there is an unrecoverable error in the message in error and the IOTP Transaction must stop. MinRetrySecs This attribute should be present if "Severity" is set to "TransientError". It is the minimum number of whole seconds which the IOTP aware application which received the message reporting the error should wait before resending the message in error identified by the "ErrorLocation" attribute. If Severity is not set to "TransientError" then the value of this attribute is ignored. SwVendorErrorRef This attribute is a reference whose value is set by the vendor/developer of the software that generated the Error Element. It should contain data that enables the vendor to identify the precise location in their software and the set of circumstances that caused the software to generate a message reporting the error. Hans, et al. Informational [Page 37] RFC 3867 Payment API for IOTP November 2004 Content: ErrorLocation This identifies, where possible, the element and attribute in the message in error that caused the Error Element to be generated. If the "Severity" of the error is not "TransientError", more that one "ErrorLocation" may be specified as appropriate depending on the nature of the error and at the discretion of the vendor/developer of the IOTP Payment Bridge. Its definition coincides with the IOTP specification whereby the attributes "IotpMsgRef", "BlkRef" and "CompRef" are left blank, intentionally. PaySchemePackagedContent cf. Table 5 3.1. Error Codes The following table lists the valid values for the ErrorCode attribute of the Error Response Element. The first sentence of the error description contains the default text that can be used to describe the error when displayed or otherwise reported. Individual implementations may translate this into alternative languages at their discretion. However, not every error code may apply to every API call. An Error Code must not be more than 14 characters long. The Error Codes have been taken from the IOTP Specification and extended by some additional codes which are highlighted by a preceding asterisk. Generally, if the corrupt values have been user supplied, the IOTP Application Core might prompt for their correction. If the renewal fails or if the IOTP Application Core skips any renewals and some notification has to be send to the counter-party, the error code is encapsulated within an IOTP Error Block. However, the IOTP server application reports business errors - visible at the IOTP layer - in the Status Component of the respective Response Block. The IOTP Application Core may add the attributes (and values) within the ErrorLocation elements that are omitted by the IOTP Payment Bridge. Hans, et al. Informational [Page 38] RFC 3867 Payment API for IOTP November 2004 The following table mentions any modification from this general processing for particular error values. Furthermore, it contains hints for developers of IOTP Application Core software components about the processing of error codes. Conversely, developers of IOTP Payment Bridges get impressions about the expected behavior of the IOTP Application Core. The IOTP Payment API assumes that the IOTP Application Core implements the dialog boxes needed for error resolution. But it does not assume, that the IOTP Payment Bridge actually relies on them. Instead, the IOTP Payment Bridge may try resolution on its own, may implement specific dialog boxes, and may signal only final failures. Note: This abstract document assumes that the API parameters are exchanged XML encoded. Therefore, several error values might disappear in lower level language specific derivations. Error Value Error Description ----------- ----------------- Reserved Reserved. This error is reserved by the vendor/developer of the software. Contact the vendor/developer of the software for more information (see the SoftwareId attribute of the Message Id element in the Transaction Reference Block [IOTP]). XmlNotWellFrmd XML not well formed. The XML document is not well formed. See [XML] for the meaning of "well formed". XmlNotValid XML not valid. The XML document is well formed but the document is not valid. See [XML] for the meaning of "valid". Specifically: o the XML document does not comply with the constraints defined in the IOTP document type declaration, and o the XML document does not comply with the constraints defined in the document type declaration of any additional [XML-NS] that are declared. The Names attribute might refer some attributes and elements of the input parameter list. Hans, et al. Informational [Page 39] RFC 3867 Payment API for IOTP November 2004 (*)ElNotValid Element not valid. Invalid element in terms of prescribed syntactical characteristics. The ElementRef attributes of ErrorLocation elements might refer to the corresponding elements (if they have ID attributes). The IOTP Application Core has to replace the error code with "XmlNotValid" before transmission to the counterparty. ElUnexpected Unexpected element. Although the XML document is well formed and valid, an element is present that is not expected in the particular context according to the rules and constraints contained in this specification. The ElementRef attributes of ErrorLocation elements might refer to the corresponding elements (if they have ID attributes). ElNotSupp Element not supported. Although the document is well formed and valid, an element is present that o is consistent with the rules and constraints contained in this specification, but o is not supported by the IOTP Aware Application which is processing the IOTP Message. The ElementRef attributes of ErrorLocation elements might refer to the corresponding elements (if they have ID attributes). ElMissing Element missing. Although the document is well formed and valid, an element is missing that should have been present if the rules and constraints contained in this specification are followed. The ElementRef attributes of ErrorLocation elements might refer to the corresponding elements (if they have ID attributes). Hans, et al. Informational [Page 40] RFC 3867 Payment API for IOTP November 2004 ElContIllegal Element content illegal. Although the document is well formed and valid, the element contains values which do not conform the rules and constraints contained in this specification. The ElementRef attributes of ErrorLocation elements might refer to the corresponding element (if they have ID attributes). The IOTP Application Core has to replace the Error Code with "ElNotSupp" before transmission to the counter party, if the ErrorLocation elements refer to non-PackagedContent element. EncapProtErr Encapsulated protocol error. Although the document is well formed and valid, the Packaged Content of an element contains data from an encapsulated protocol which contains errors. The ElementRef attributes of ErrorLocation elements might refer to the corresponding element (if they have ID attributes). AttUnexpected Unexpected attribute. Although the XML document is well formed and valid, the presence of the attribute is not expected in the particular context according to the rules and constraints contained in this specification. The AttName attributes of ErrorLocation elements might refer to the corresponding attribute tags. (*)AttNotValid Attribute not valid. Invalid attribute value in terms of prescribed syntactical characteristics. The AttName attributes of ErrorLocation elements might refer to the corresponding attribute tags. The IOTP Application Core has to replace the error code with "XmlNotValid" before transmission to the counter party. Hans, et al. Informational [Page 41] RFC 3867 Payment API for IOTP November 2004 AttNotSupp Attribute not supported. Although the XML document is well formed and valid, and the presence of the attribute in an element is consistent with the rules and constraints contained in this specification, it is not supported by the IOTP Aware Application which is processing the IOTP Message. AttMissing Attribute missing. Although the document is well formed and valid, an attribute is missing that should have been present if the rules and constraints contained in this specification are followed. The AttName attributes of ErrorLocation elements might refer to the corresponding attribute tags. If the attribute is required by the IOTP Document Type Declaration (#REQUIRED) the hints for non-valid attributes should be adopted, otherwise these for illegal attribute values. AttValIllegal Attribute value illegal. The attribute contains a value which does not conform to the rules and constraints contained in this specification. The AttName attributes of ErrorLocation elements might refer to the corresponding attribute tags - valid values are: BrandId: illegal/unknown Brand Identifier - If the brand is not recognized/known by any IOTP Payment Bridge, the IOTP Application Core may offer the registration of a new Payment Instrument. PaymentInstrumentId: illegal/unknown Payment Instrument Identifier - This indicates a serious communication problem if the attribute value has been reported by the same "wallet" on a previous inquiry requests. The IOTP Application Core has to replace the error code with "UnknownError" before transmission to the counter party. Hans, et al. Informational [Page 42] RFC 3867 Payment API for IOTP November 2004 WalletId: illegal/unknown Wallet Identifier - It is assumed that the wallet identifier is checked before the pass phrase. On invalid wallet identifiers, the IOTP Application Core may open the dialog in order to request the correct wallet identifier. In addition, any pass phrase may be supplied by the user. The dialog should indicate the respective payment brand(s). The IOTP Application Core has to replace the error code with "UnknownError" before transmission to the counter party. Passphrase: illegal/unknown Pass Phrase - The IOTP Application Core may open the dialog in order to request the correct pass phrase. If the pass phrase is wallet identifier specific the dialog should display the wallet identifier. The IOTP Application Core has to replace the error code with "TransportError" before transmission to the counter party. Action: illegal / unknown / unsupported Action PropertyTypeList: lists contains illegal / unknown / unsupported Property Types - The IOTP Application Core tries only the local resolution but does never transmit any IOTP Error Block to the counter party. CurrCode: illegal/unknown/unsupported Currency Code CurrCodeType: illegal/unknown/unsupported Currency Code Type Amount: illegal/unknown/unsupported Payment Amount PayDirection: illegal/unknown/unsupported Payment Direction ProtocolId: illegal/unknown/unsupported Protocol Identifier Hans, et al. Informational [Page 43] RFC 3867 Payment API for IOTP November 2004 OkFrom: illegal/unknown/unsupported OkFrom Timestamp OkTo: illegal/unknown/unsupported OkTo Timestamp ConsumerPayId: illegal/unknown Consumer Payment Identifier PaymentHandlerPayId: illegal/unknown Payment Handler Payment Identifier PayId: illegal/unknown Payment Identifier AttValNotRecog Attribute Value Not Recognized. The attribute contains a value which the IOTP Aware Application generating the message reporting the error could not recognize. The AttName attributes of ErrorLocation elements might refer to the corresponding attribute tags. MsgTooLarge Message too large. The message is too large to be processed by the IOTP Payment Bridge (or IOTP Application Core). ElTooLarge Element too large. The element is too large to be processed by the IOTP Payment Bridge (or IOTP Application Core). The ElementRef attributes of ErrorLocation elements might refer to the corresponding elements. ValueTooSmall Value too small or early. The value of all or part of an element content or an attribute, although valid, is too small. The ErrorLocation elements might refer to the corresponding attribute tags or elements. ValueTooLarge Value too large or in the future. The value of all or part of an element content or an attribute, although valid, is too large. Hans, et al. Informational [Page 44] RFC 3867 Payment API for IOTP November 2004 The ErrorLocation elements might refer to the corresponding attribute tags or elements. ElInconsistent Element Inconsistent. Although the document is well formed and valid, according to the rules and constraints contained in this specification: o the content of an element is inconsistent with the content of other elements or their attributes, or o the value of an attribute is inconsistent with the value of one or more other attributes. The Error Description may contain further explanations. The ErrorLocation elements might refer to the corresponding attribute tags or elements that are inconsistent. TransportError Transport Error. This error code is used to indicate that there is a problem with the transport mechanism that is preventing the message from being received. It is typically associated with a "Transient Error". The connection to some periphery or the counter party could not be established, is erroneous, or has been lost. The Error Description may contain further narrative explanations, e.g., "chip card does not respond", "remote account manager unreachable", "Internet connection to xyz lost", "no Internet connection available", "no modem connected", or "serial port to modem used by another application". This text should be shown to the end user. If timeout has occurred at the Consumer this text should be shown and the Consumer may decide how to proceed - alternatives are retry, payment transaction suspension, and cancellation. Hans, et al. Informational [Page 45] RFC 3867 Payment API for IOTP November 2004 MsgBeingProc Message Being Processed. This error code is only used with a Severity of Transient Error. It indicates that the previous message, which may be an exchange message or a request message, is being processed and, if no response is received by the time indicated by the "MinRetrySecs" attribute, then the original message should be resent. SystemBusy System Busy. This error code is only used with a Severity of Transient Error. It indicates that the IOTP Payment Bridge or Existing Payment Software that received the API request is currently too busy to handle it. If no response is received by the time indicated by the "MinRetrySecs" attribute, then the original message should be resent. The Error Description may provide further explanations, e.g., "wallet / chip card reader is unavailable or locked by another payment transaction", "payment gateway is overloaded", "unknown chip card reader", or "unrecognized chip card inserted, change chip card". The Consumer's IOTP Application Core may display the error description and ask the Consumer about the continuation - alternatives are retry, payment transaction suspension, and cancellation. UnknownError Unknown Error. Indicates that the transaction cannot complete for some reason that is not covered explicitly by any of the other errors. The Error description attribute should be used to indicate the nature of the problem. The ErrorLocation elements might refer to the corresponding attribute tags or elements that are inconsistent. (*)SyntaxError Syntax Error. An (unknown) syntax error has occurred. Hans, et al. Informational [Page 46] RFC 3867 Payment API for IOTP November 2004 The ErrorLocation elements might refer to the corresponding attribute tags or elements that are inconsistent. The IOTP Application Core has to replace the error code with "XmlNotValid" or "UnknownError" before transmission to the counter party. (*)ReqRefused Request refused. The API request is (currently) refused by the IOTP Payment Bridge. The error description may provide further explanations, e.g., "wallet / chip card reader is unavailable or locked by another payment transaction", "payment gateway is overloaded", "unknown chip card reader", or "unrecognized chip card inserted, change chip card". The Consumer's IOTP Application Core may display the error description and ask the Consumer about the continuation - alternatives are retry, payment transaction suspension, and cancellation. Denials due to invalid Process States should be signaled by "BusinessError". Typically, this kind of error is not passed to the counter party's IOTP Application Core. Otherwise, it maps to "TransportError" or "UnknownError". (*)ReqNotSupp Request not supported. The API function(ality) has not been implemented in the IOTP Payment Bridge. Typically, this kind of error is not passed to the counter party's IOTP Application Core. Otherwise, it maps to "TransportError" or "UnknownError". (*)BusError Business Error. The API request has been rejected because some payment transaction has an illegal payment status. Particularly, this error code is used to signal any raise of payment business layered failures. The ErrorLocation elements may refer to payment transactions using the party's Payment Identifier - it defaults to the Hans, et al. Informational [Page 47] RFC 3867 Payment API for IOTP November 2004 current transaction or might contain the current payment transaction party's Payment Identifier - identified by the ElementRef attribute while the AttName attribute is fixed with "PayId". The IOTP Application Core must inquire the IOTP Payment Bridge about the actual Process State which actually encodes the business error ("Inquire Process State"). This error code must not be passed to the counter party's IOTP Application Core. Table 2: Common Error Codes The IOTP Payment Bridge may also use the error description in order to notify the Consumer about further necessary steps for failure resolution, e.g., "Sorry, your payment transaction failed. Unfortunately, you have been charged, please contact your issuer." 3.2. Attributes and Elements The following table explains the XML attributes in alphabetical order - any parenthesized number after the attribute tag is a recommended maximal length of the attribute value in characters: Attribute Description --------- ----------- Amount (11) Indicates the payment amount to be paid in AmountFrom(11) whole and fractional units of the currency. AmountTo (11) For example $245.35 would be expressed "245.35". Note that values smaller than the smallest denomination are allowed. For example one tenth of a cent would be "0.001". AuthenticationId An identifier specified by the authenticator which, if returned by the organization that receives the authentication request, will enable the authenticator to identify which authentication is being referred to. Hans, et al. Informational [Page 48] RFC 3867 Payment API for IOTP November 2004 BrandId (128) This contains a unique identifier for the brand (or promotional brand). It is used to match against a list of Payment Instruments which the Consumer holds to determine whether or not the Consumer can pay with the Brand. Values of BrandId are managed under procedure being described in the IOTP protocol specification. BrandLogoNetLocn The net location which can be used to download the logo for the organization (cf. IOTP Specification). The content of this attribute must conform to [URL]. BrandName This contains the name of the brand, for example "MasterCard Credit". This is the description of the Brand which is displayed to the consumer in the Consumer's language defined by "xml:lang". For example it might be "American Airlines Advantage Visa". Note that this attribute is not used for matching against the payment instruments held by the Consumer. BrandNarrative This optional attribute is used by the Merchant to indicate some special conditions or benefit which would apply if the Consumer selected that brand. For example "5% discount", "free shipping and handling", "free breakage insurance for 1 year", "double air miles apply", etc. CallBackFunction A function which is called whenever there is a change of Process State or payment progress, e.g., for display updates. However, the IOTP Payment Bridge may use its own mechanisms and dialog boxes. CallBackLanguageList A list of language codes which contain, in order of preference, the languages in which the text passed to the Call Back function will be encoded. Hans, et al. Informational [Page 49] RFC 3867 Payment API for IOTP November 2004 CompletionCode (14) Indicates how the process completed. It is required if ProcessState is set to "Failed" otherwise it is ignored. Valid values as well as recovery options are given in the IOTP specification. The IOTP Payment Bridge may also use the Status Description to notify the Consumer about further necessary steps in order to resolve some kind of business failures, e.g., o "sorry, your payment transaction failed. Unfortunately, you have been charged, please contact your issuer." o "insufficient capacity left (on your stored value card) for refund", o "payment failed/chip card error/internal error, please contact your payment instrument's issuer" ConsumerDesc A narrative description of the Consumer. ConsumerPayId (14) An unique identifier specified by the Consumer that, if returned by the Payment Handler in another Payment Scheme Component or by other means, enables the Consumer to identify which payment is being referred to. This unique identifier is generated by the IOTP Application Core and submitted to the IOTP Payment Bridge on every API call. It may equal the Payment Handler Payment Identifiers but need not necessarily be so. The uniqueness extends to multiple payment instruments, payment brands, payment protocols, wallet identifiers, and even multiple IOTP Payment Bridges. ContStatus During payment progress, this status value indicates whether the payment needs to be continued with further IOTP Payment Scheme Component exchanges with the remote party. "End" indicates that the reported payment scheme data is the last data to be exchanged with the counter party. Hans, et al. Informational [Page 50] RFC 3867 Payment API for IOTP November 2004 ContentSoftwareId This contains information that identifies the software that generated the content of the element. Its purpose is to help resolve interoperability problems that might occur as a result of incompatibilities between messages produced by different software. It is a single text string in the language defined by xml:lang. It must contain, as a minimum: o the name of the software manufacturer, o the name of the software, o the version of the software, and o the build of the software. CurrCodeType (14) Indicates the domain of the CurrCode. This attribute is included so that the currency code may support nonstandard currencies such as frequent flyer point, trading stamps, etc. Its values may be o ISO-4217-A, the default, indicates the currency code is the three-letter alphabetic code that conform to ISO-4217 [ISO4217]. o IOTP indicates that the values of CurrCode are managed under the procedure described in [IOTP]. CurrCode (14) A code which identifies the currency to be used in the payment. The domain of valid currency codes is defined by "CurrCodeType" MerchantPayId (14) An private identifier specified by the Merchant which will enable the Merchant to identify which payment is being referred to. It is a pure private item and is never sent to any other party. It is provided by the IOTP Payment Bridge on payment preparation during brand compilation. Cf. To "ConsumerPayId" for note about uniqueness. Hans, et al. Informational [Page 51] RFC 3867 Payment API for IOTP November 2004 MerchantOrgId (64) A local item that might refer to some specific shop in a multi shop environment. This item is optional and might enrich the Wallet Identifier which itself can be used for the same purpose. Name Distinguishes between multiple occurrences of Packaged Content Elements at the same point in IOTP. For example: snroasdfnas934k dvdsjnl5poidsdsflkjnw45 The "Name" attribute may be omitted, for example if there is only one Packaged Content element. OkFrom (30) The date and time in UTC Format range OkTo (30) indicated by the merchant in which the Payment Handler may accept the payment. For more information, see [UTC]. Passphrase (32) Payment wallets may use pass phrase protection for transaction data and payment instruments' data. However, it is assumed that there exists a public and customizable payment instrument identifier such that these identifiers together with their relationship to payment brands, payment protocols, payment directions, and currency amounts can be queried by the IOTP application without any pass phrase knowledge. PayDirection Indicates the direction in which the payment for which a Brand is being selected is to be made. Its values may be: o Debit: The sender of the Payment Request Block (e.g., the Consumer) to which this Brand List relates will make the payment to the Payment Handler, or Hans, et al. Informational [Page 52] RFC 3867 Payment API for IOTP November 2004 o Credit: The sender of the Payment Request Block to which this Brand List relates will receive a payment from the Payment Handler. PayId (14) This attribute is introduced for API simplification: o The Consumer has to identify PayId and ConsumerPayId. o The Merchant has to identify PayId and MerchantPayId. o The Payment Handler has to identify PayId and Payment Handler Pay Id. PayInstId This contains the unique identifier used internally by the IOTP Payment Bridge/Existing Payment Software. PayInstName This contains the user-defined name of the payment instrument. There exist no (technical) constraints like uniqueness. The "xml:lang" attribute denotes the language encoding of its value. PaymentHandlerDesc A narrative description of the Payment Handler. PaymentHandlerPayId An unique identifier specified by the (14) Payment Handler that, if returned by the Consumer in another Payment Scheme Component or by other means, enables the Payment Handler to identify which payment is being referred to. It is required whenever it is known. Cf. To "ConsumerPayId" for note about uniqueness. PaymentInstrumentId An identifier for a specific payment (32) instrument, e.g., "credit card", "Mondex card for English Pounds". This identifier is fully customizable. It is assumed, that it does not contain confidential information or even an indication of it. The payment Hans, et al. Informational [Page 53] RFC 3867 Payment API for IOTP November 2004 instrument identifier is unique within each payment brand. It is displayed to the Consumer during brand selection. PayReceiptNameRefs Optionally contains element references to (32) other elements (containing payment scheme specific data) that together make up the receipt. Note that each payment scheme defines in its supplement the elements that must be referenced The IOTP Application Core should save all the components referenced so that the payment receipt can be reconstructed when required. PayReqNetLocn The Net Location indicating where an unsecured Payment Request message should be sent if this protocol choice is used. The content of this attribute must conform to [URL] and depends on the Transport Mechanism. PercentComplete (3) A number between 0 and 100 which indicates the progress of the payment transaction. The values range between 0 and 99 for pending and suspended transactions. ProcessState Contains a Process State Code that indicates the current state of the process being carried out. Valid values are: o NotYetStarted. The Payment Request Block has been received but processing of the Payment Request has not yet started o InProgress. The payment transaction is pending. The processing of the (Payment) Request Block has started but it is not yet complete. o (*)Suspended: The payment transaction has been suspended and can be resumed. This process state is mapped to "InProgress", if it is passed to the counter party's IOTP Application Core. Hans, et al. Informational [Page 54] RFC 3867 Payment API for IOTP November 2004 o CompletedOk. The processing of the (Payment) Request Block and any following Payment Exchange Blocks has completed successfully. o Failed. The payment processing has finally failed for a Business Error. o ProcessError. This value is only used when the Status Component is being used in connection with an Inquiry Request Trading Block. It indicates there was a Technical Error in the Request Block which is being processed or some internal processing error. Each party's IOTP Payment Bridge uses this value in order to notify the IOTP Application Core about the presence of technical errors. PropertyType (14) The property type defines codes used for interrogation of specific properties about a payment instrument. They are unique for each payment brand. The predefined property "all" is used on general inquiries. However, these property types are not used during normal payment processing. E.g., they may apply to payment brand specific transactions or out-of-band failure resolution. PropertyDesc The property description carries the respective human readable property (value)'s description. PropertyValue The actual property value intends automatic post processing. ProtocolBrandId (64)This is an identifier to be used with a particular payment protocol. For example, SET and EMV have their own well defined, yet different, values for the Brand identifier to be used with each protocol. The valid values of this attribute are defined in the supplement for the payment protocol identified by "ProtocolId" that describes how the payment protocol works with IOTP. Identifier maps to at most one Protocol Brand Identifier. Hans, et al. Informational [Page 55] RFC 3867 Payment API for IOTP November 2004 ProtocolId (64) An identifier for a specific payment protocol and version, e.g., "SETv1.0", "ecash". Valid values are defined by supplements to the IOTP specification and they are unique within each payment brand. ProtocolIds A sequence of Protocol Identifiers ProtocolName A narrative description of the payment protocol and its version in the language identified by "xml:lang". For example "Secure Electronic Transaction Version 1.0". Its purpose is to help provide information on the payment protocol being used if problems arise. SecPayReqNetLocn The Net Location indicating where a secured Payment Request message should be sent if this protocol choice is used. A secured payment involves the use of a secure channel such as [TLS] in order to communicate with the Payment Handler. The content of this attribute must conform to [URL]. ReceiverOrgId The Organization Identification which receives the payment bridge processing Trading Role Data PackagedContent. StatusDesc (256) An optional textual description of the current process state in the language identified by "xml:lang" that should be displayed to the Consumer. The usage of this attribute is defined in the payment supplement for the payment method being used. Particularly, it provides hints for out-of-band failure resolution. Its length is limited to 256 characters. StyleSheetNetLocn This contains the net location to a style sheet with visualisation rules for XML encoded data. TimeStamp (30) The date and time in UTC Format when the payment transaction has been started. For more information on UTC, see [UTC]. Hans, et al. Informational [Page 56] RFC 3867 Payment API for IOTP November 2004 WalletId (32) Many existing payment wallet software are multiple wallet capable. The Wallet Identifier selects the actual wallet. It is assumed, that the wallet identifier is a public item, that might be stored by the IOTP Application Core. xml:lang Defines the language used by the Process State Description attribute (cf. IOTP Specification) Table 3: Attributes The following table explains the XML elements in alphabetical order: Element Description ------- ----------- Algorithm This contains information which describes an Algorithm that may be used to generate the Authentication response. The algorithm that may be used is identified by the Name attribute (cf. IOTP Specification). AuthReqPackagedContent The Authentication Request Packaged Content originates from a Authentication (Data/Response) Component's content whereby the outermost element tags are prefixed with "AuthReq". Its declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). It encapsulates the authentication challenge value. The content of this information is defined in the supplement for a payment protocol. AuthResPackagedContent The Authentication Response Packaged Content originates from a Authentication Response Component's content whereby the outermost element tags are prefixed with "AuthRes". Its declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). It encapsulates the Hans, et al. Informational [Page 57] RFC 3867 Payment API for IOTP November 2004 authentication response value. The content of this information is defined in the supplement for a payment protocol. BrandPackagedContent Container for further payment brand description. Its content originates from a Brand Element content whose outermost element tags are prefixed with "Brand". Its declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). BrandSelBrandInfoPackagedContent This contains any additional data that may be required by a particular payment brand. It forms the content of the Brand Selection Brand Info Element. BrandSelProtocolAmountInfoPackagedContent This contains any additional data that may be required by a particular payment brand in the format. It forms the content of the Brand Selection Protocol Amount Info Element. BrandSelCurrencyAmountInfoPackagedContent This contains any additional data that is payment brand and currency specific in the format. It forms the content of the Brand Selection Currency Amount Info Element. MerchantData Any merchant related data that might be used by the IOTP Payment Bridge for different purposes, e.g., it might contain IDs to access some mall data, but not cryptographic keys. Its Packaged declaration coincides with the Content's declaration (cf. IOTP Specification). PackagedContent Generic Container for non-IOTP data (cf. IOTP Specification). PayProtocolPackagedContent The Pay Protocol Packaged Content originates from a Pay Protocol Element's content whereby the outermost element tags are prefixed with Hans, et al. Informational [Page 58] RFC 3867 Payment API for IOTP November 2004 "PayProtocol". It contains information about the protocol which is used by the payment protocol. The content of this information is defined in the supplement for a payment protocol. Its declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). PaySchemePackagedContent The PayScheme Packaged Content originates from a Payment Scheme Component's content whereby the outermost element tags are prefixed with "PayScheme". Its declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). It carries the payment specific data. The content of this information is defined in the supplement for a payment protocol. ProtocolAmountPackagedContent The Protocol Amount Packaged Content originates from a Protocol Amount Element's content whereby the outermost element tags are prefixed with "Amount". Its declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). It contains information about the protocol which is used by the payment protocol. The content of this information is defined in the supplement for a payment protocol. ProtocolBrandPackagedContent The Protocol Brand Packaged Content originates from a Protocol Brand Element's content whereby the outermost element tags are prefixed with "ProtocolBrand". Its declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). It contains information about the brand which might be used by the payment protocol. The content of this information is defined in the supplement for a payment protocol. Hans, et al. Informational [Page 59] RFC 3867 Payment API for IOTP November 2004 ResponsePackagedContent Container for authentication response data. Its content originates from a Authentication Response Component's Packaged Content whose outermost element tags are prefixed with "Response". Its declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). TradingRoleDataPackagedContent The TradingRoleData Packaged Content originates from a TradingRoleData Component's content whereby the outermost element tags are prefixed with "TradingRoleData". Its declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). It contains information from Merchant to Payment Handler via Consumer about the protocol which is used by the payment. The content of this information is defined in the supplement for a payment protocol. The Name attribute in this packaged contents must include prefix as "Payment:" to indicate that the payment bridge processes this, for example "Payment:SET-OD". See [SET/IOTP] for more information. The element's declaration coincides with the Packaged Content's declaration (cf. IOTP Specification). Table 4: Elements XML definition: 3.3. Process States The IOTP Payment API supports six different attribute values that encode the transaction status from the IOTP's point of view, i.e., the appropriate point of view at the interface between the IOTP Application Core and IOTP Payment Bridge. This point of view does not completely mimic the more detailed view on the actual payment by the actual Existing Payment Software or IOTP Payment Bridge. The following three tables distinguish between the Merchant's, Consumer's, and Payment Handlers' environment. They extend the aforementioned explanations towards the mapping between IOTP process states and the internal payment scheme related states of the Existing Payment Software/IOTP Payment Bridge. 3.3.1. Merchant The Merchant's point of view of payment is limited to the local payment initiation being interlaced with order processing because IOTP assigns the actual payment processing to the Payment Handler. ProcessState Description ------------ ----------- NotYetStarted The Payment Transaction exists within the IOTP Application Core, i.e., the Merchant's shop has already signaled to the IOTP Application Core that an IOTP transaction has been initiated by the Consumer. However, neither any API call has been issued to the IOTP Payment Bridge nor has the IOTP Order Request has been created. InProgress The IOTP Application changes the process state to this value when it issues the first API call to the Payment Bridge during Brand List compilation. Hans, et al. Informational [Page 61] RFC 3867 Payment API for IOTP November 2004 This value indicates that the Payment Bridge might have some knowledge about the expected payment or might have performed some preparatory tasks (even with the Payment Handler out-of-band to IOTP). However, this value does not indicate that any IOTP Order Request has been created and transmitted to the Consumer. Suspended The IOTP transaction has been suspended before the order request block has been transmitted to the Consumer. Implicitly, the payment is also deferred. CompletedOk The IOTP Order Request has been successfully created and transmitted to the Consumer. Actually, this process state indicates only that the order processing has been finished. But it contains no indication about the status of the actual payment, which is accepted by the Payment Handler. However, successful order processing signals the IOTP Application Core that a payment with some specific parameters is expected within the near future. And this signal might be used by the Existing Payment Software for similar purposes. This attribute might be interpreted as successful preparation of the payment system. Particularly, it is expected that the Existing Payment Software maps this IOTP status value to some other internal value, e.g., "NotYetStarted", that is more accurate from its point of view. As IOTP provides no communication channel between the Merchant and Payment Handler, any change of payment process state will Hans, et al. Informational [Page 62] RFC 3867 Payment API for IOTP November 2004 be initiated out-of-band to IOTP, e.g., by electronic statements of account or payment scheme specific mechanisms. Failed The IOTP transaction, i.e., order processing, has failed for some (business) reason and it is known that no payment will occur. This indication might be used to clear all data about this transaction within the Existing Payment Bridge (by "RemovePaymentLog" or "ChangeProcessState") or to reverse any preparation (with the Payment Handler out-of-band to IOTP). However, the ideal point of view of IOTP suspects that the actual payment transaction has been neither started nor initiated. ProcessError The IOTP transaction, i.e., order processing, has failed for some (technical) reason and it is known that no payment will occur. This indication might be used to clear all data about this transaction within the Existing Payment Bridge (by "RemovePaymentLog" or "ChangeProcessState") or to reverse any preparation (with the Payment Handler out-of-band to IOTP). However, the ideal point of view of IOTP suspects that the actual payment transaction has been neither started nor initiated. Table 5: Merchant 3.3.2. Consumer The Consumer's IOTP Application Core restricts its point of view to the payment transaction. It is assumed that the IOTP Payment Bridge handles the preceding brand selection process in a stateless manner. Hans, et al. Informational [Page 63] RFC 3867 Payment API for IOTP November 2004 ProcessState Description ------------ ----------- NotYetStarted This encodes the initial process state of any IOTP payment transaction. This value is set during brand selection but it normally will not change during the whole brand selection process. InProgress With the issuance of the Start Payment Consumer API call, the IOTP Application Core changes the process state to this value. Suspended The payment transaction has been suspended. Suspension may occur anywhere during brand selection (with the Merchant) or payment processing (with the Payment Handler). On resumption, the IOTP Application Core and the IOTP Payment Bridge have to use other internal data to decide whether brand selection or actual payment processing needs to be continued, i.e., whether the process state needs to be reset to "NotYetStarted" or "InProgress". Note that the Payment API assumes stateless brand selection by the IOTP Payment Bridge. Typically, any suspension during brand selection requires the repetition of the whole process. Hereby, the IOTP Application Core might need to consider any already negotiated conditions in a brand depended purchase (brand, protocol). CompletedOk The successful payment has been acknowledged by the Payment Handler, i.e., the successful IOTP Payment Response has been received. Implicitly, this implies successful order processing. Hans, et al. Informational [Page 64] RFC 3867 Payment API for IOTP November 2004 Failed The IOTP transaction, i.e., order or payment processing, has failed for some (business) reason. In either case it is known that the payment will not succeed. ProcessError The IOTP transaction, i.e., order or payment processing, has failed for some (technical) reason. However, the local process state might be different from that of Payment Handler. Table 6: Consumer 3.3.3. Payment Handler The Payment Handler is responsible for the actual payment processing. New payment transactions are reported by the Consumer with the transmission of new IOTP Payment Request Blocks. IOTP Payment Exchange Block are send by the Consumer for payment transaction continuation and resumption. ProcessState Description ------------ ----------- NotYetStarted This encodes the initial process state of any payment transaction. Typically, this value will last for a short amount of time. InProgress The IOTP Application Core changes the process state changes to "InProgress" when the Payment Handler starts with the actual processing of the IOTP Payment Request Block. Note that this does not assume that the "StartPaymentPaymentHandler" API function has been called. Suspended The payment transaction has been suspended. CompletedOk The payment has been processed, successfully, i.e., the IOTP Payment Response Block was created and transmitted to the Consumer. Hans, et al. Informational [Page 65] RFC 3867 Payment API for IOTP November 2004 Failed The payment transaction, has finally failed for some (business) reason. Note that this value encodes the payment state reported by the IOTP Payment Bridge on "InquireProcessState". It neither reflects whether the payment receipt has been inquired nor whether the IOTP Payment Response Block has been created and submitted to the Consumer. ProcessError The payment transaction, has finally failed for some (technical) reason. Note that this value encodes the payment state reported by the IOTP Payment Bridge. It does not reflect whether some IOTP Error Block has been created and submitted to the Consumer. Table 7: Consumer 4. Payment API Calls 4.1. Brand Compilation Related API Calls 4.1.1. Find Accepted Payment Brand This API function determines the payment brands being accepted by the Payment Handler on behalf of the Merchant. Input Parameters o Payment Direction - provided by the IOTP Application Core o Currency Code and Currency - provided by the IOTP Application Core o Payment Amount - provided by the IOTP Application Core o Merchant Payment Identifier - Merchant's unique private reference to the payment transaction o Merchant Organisation Identifier - used for distinction between multiple merchants that share the some IOTP merchant system o Wallet Identifier - managed by the IOTP Application Core o Merchant Data - specific data used by the IOTP Payment Bridge which is managed in the IOTP Application Core. Hans, et al. Informational [Page 66] RFC 3867 Payment API for IOTP November 2004 XML definition: Output Parameters o Payment Brand Identifier - for insertion in the Brand List Component's Brand Element o Payment Brand Name and language annotation - for insertion in the Brand List Component's Brand Element o Payment Brand Logo Net Location - for insertion in the Brand List Component's Brand Element o Payment Brand Narrative Description - for insertion in the Brand List Component's Brand Element o (Brand) Packaged Content - further payment brand description for insertion in the Brand List Component's Brand Element The Existing Payment Software returns an empty list of brand items, if it does not support any payment brand/payment protocol combination for the given payment parameters. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. Hans, et al. Informational [Page 67] RFC 3867 Payment API for IOTP November 2004 4.1.2. Find Accepted Payment Protocol This API function determines the instances of payment protocols (and optionally the payment brands) being accepted by the Payment Handler on behalf of the Merchant. The function might be called in two variants: o With the Brand Identifier set on the input parameter list: The function responds with the payment protocols that fits to the submitted brand. o Without any Brand Identifier - that allows the omission of the "Find Accepted Payment Brand" API call (cf. Section 4.1.1): This function responds with both the supported brand identifiers and the payment protocols being specified by the Brand Elements. Input Parameters o Brand Identifier - returned by "Find Accepted Payment Brand" o Payment Direction o Currency Code and Currency o Payment Amount o Merchant Payment Identifier - Merchant's unique private reference to the payment transaction o Merchant Organisation Identifier - used for distinction between multiple merchants that share the some IOTP merchant system o Wallet Identifier - managed by the IOTP Application Core o (Brand) Packaged Content - further payment brand description; returned by "Find Accepted Payment Brand"; this elements are only provided if the Brand Identifier is set o Merchant Data - specific data used by the IOTP Payment Bridge which is managed in the IOTP Application Core. XML definition: Hans, et al. Informational [Page 68] RFC 3867 Payment API for IOTP November 2004 Output Parameters o Payment Protocol Identifier - for insertion in the Brand List Component's Pay Protocol Element o Protocol Brand Identifier - for insertion in the Protocol Brand Element of the Brand List Component's Brand Element o Payment Protocol Name and language annotation- for insertion in the Brand List Component's Pay Protocol Element o Payment Request Net Location - for insertion in the Brand List Component's Pay Protocol Element o Secured Payment Request Net Location - for insertion in the Brand List Component's Pay Protocol Element o Brand Item List (cf. Section 4.1.1) - there must be at least one element if no brand identifier has been provided on the input parameter list. o (Protocol Amount) Packaged Content - for insertion in the Brand List Component's Protocol Amount Element o (Pay Protocol) Packaged Content - for insertion in the Brand List Component's Pay Protocol Element o Currency Amount element - quite similar to the definition in [IOTP], that contain - refined Currency Code and Currency - for insertion in the Brand List Component's Currency Amount Element - refined Payment Amount - for insertion in the Brand List Component's Currency Amount Element o Brand - there must be at least one element in each Protocol Item if no brand identifier has been provided on the input parameter list. XML definition: Hans, et al. Informational [Page 69] RFC 3867 Payment API for IOTP November 2004 Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.1.3. Get Payment Initialization Data This API function provides the remaining initialization data being required by the Consumer's or Payment Handler's Existing Payment Software. This function might be called both for "brand dependent" and "brand independent" transaction types. In either case, this function is called with one particular brand. Input Parameters o Brand Identifier - returned by "Find Accepted Payment Brand" o Merchant Payment Identifier - Merchant's unique private reference to the payment transaction o Payment Direction o Currency Code and Currency - from the Brand List Component's Currency Amount Element o Payment Amount - from the Brand List Component's Currency Amount Element o Payment Protocol Identifier - from the Brand List Component's Pay Protocol Element o Protocol Brand Identifier - from the Protocol Brand Element which relates to the selected Brand Element, if any o (TradingRoleData) Receiver Organization Identifier o OkFrom, OkTo - identical to the entries of the Order Component Merchant Payment Identifier o Merchant Organisation Identifier - used for distinction between multiple merchants that share the some IOTP merchant system o Wallet Identifier and/or Pass Phrase Protocol Brand Element o (Brand) Packaged Content - further payment brand description, from the Brand List Component's Brand Element o (Protocol Amount) Packaged Content - further payment protocol description, from the Brand List Component's Protocol Amount Element Hans, et al. Informational [Page 70] RFC 3867 Payment API for IOTP November 2004 o (Pay Protocol) Packaged Content - further payment protocol description, from the Brand List Component's Pay Protocol Element o (Protocol Brand) Packaged Content - further brand information, from the Protocol Brand Element of the Brand List Component which relates to the selected Brand Element, if any o (Order) Packaged Content - further order description, from the Order Element o three Brand Selection Info Packaged Content elements - copied from the Brand Selection Component on brand dependent purchases o Brand - additional data about the payment brand o Protocol Amount - additional data about the payment protocol o Currency Amount - additional payment brand and currency specific data o Merchant Data - specific data used by the IOTP Payment Bridge which is managed in the IOTP Application Core. XML definition: Hans, et al. Informational [Page 71] RFC 3867 Payment API for IOTP November 2004 Output Parameters o OkFrom, OkTo - for insertion in the Payment Component o (TradingRoleData) Packaged Content - further payment protocol description; the Name Attribute of the packaged Content element must include "Payment:" as the prefix, for example "Payment:SET-OD". For more information, see [SET/IOTP]. o (Order) Packaged Content - defaults to the supplied order packaged content if omitted. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.1.4. Inquire Authentication Challenge This API function inquires any payment protocol specific authentication challenge value from the IOTP Payment Bridge. In Baseline IOTP this API function is called by the Merchant (or Financial Institution). The IOTP Application Core may propose a choice of algorithms to the IOTP Payment Bridge. However, the IOTP Payment Bridge may ignore the proposal and select some other algorithm. The inquiry is assumed to be stateless. E.g., the IOTP Application Core may check the returned algorithm and stop transaction processing without notifying the IOTP Payment Bridge. The IOTP Application Core may issue several API calls to the IOTP Payment Bridge to build up the IOTP Authentication Request Block. Any subsequently submitted choice of algorithms should be constrained by the accepted algorithms from earlier API responses. The IOTP Payment Bridge responds with the Business Error Code if it does not provide any (more) authentication algorithms and challenges. Hans, et al. Informational [Page 72] RFC 3867 Payment API for IOTP November 2004 Input Parameters o Authentication Identifier - the authenticator may provide its payment identifier, i.e., Payment Handler or Merchant Payment Identifier. o Wallet Identifier and/or Pass Phrase o set of pre-selected algorithms for authentication XML definition: Output Parameters o list of Authentication Challenge Packaged Contents - for insertion into the IOTP Authentication Request Component o Algorithm Element - for insertion into the IOTP Authentication Request Component XML definition: 4.1.5. Authenticate The Consumer's IOTP Application Core defers payment protocol specific authentication processing and the current challenge value to the active IOTP Payment Bridge. Alternative authentication algorithms might be tried sequentially or offered to the user for selection. Note that the IOTP Application Core has to consider both the current context and the algorithm in order to determine the responsible IOTP Payment Bridge. Failed authentication is reported by the Business Error Code which might trigger the inquiry of the details ("Inquire Process State"). Final failures might be encoded by the process state "Failed". Hans, et al. Informational [Page 73] RFC 3867 Payment API for IOTP November 2004 Input Parameters o Authentication Identifier o Wallet Identifier and/or Pass Phrase o Authentication Challenge Packaged Content - copied from the IOTP Authentication Request Component o Algorithm Element - copied from the IOTP Authentication Request Component XML definition: Output Parameters o Authentication Response Packaged Content - for insertion into the IOTP Authentication Response Component XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.1.6. Check Authentication Response This API function verifies the Consumer's payment protocol specific authentication response. In Baseline IOTP this API function is called by the Merchant (or the Financial Institution). It is called only if the counter party has responded with an IOTP Authentication Response Component within the Authentication Response Block. Of course, the IOTP Application Core traces the need of such an response. Due to the authentication's statelessness, all parameters (algorithm, challenge and response) are submitted to the IOTP Payment Bridge. Authentication failure is reported by a Process State different from "CompletedOK". Hans, et al. Informational [Page 74] RFC 3867 Payment API for IOTP November 2004 Input Parameters o Authentication Identifier o Wallet Identifier and/or Pass Phrase o Authentication Challenge Packaged Content - generated by previous "Inquire Authentication Challenge" API call o Algorithm Element o Authentication Response Packaged Content - copied from the Authentication Response Component XML definition: Output Parameters o Current Process (Authentication) State o Completion Code o Status Description and its language annotation XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. Hans, et al. Informational [Page 75] RFC 3867 Payment API for IOTP November 2004 4.2. Brand Selection Related API Calls 4.2.1. Find Payment Instrument This API function determines which instances of a Payment Brand, e.g., two Mondex cards, are present. The same physical card may even represent multiple payment instruments. The IOTP Application Core supplies possible payment brand and payment protocol to the IOTP Payment Bridge that has to be considered when the IOTP Payment Bridge searches for appropriate payment instruments. This set represents the (sub)set of payment alternatives being supported by the Merchant. If the IOTP Application Cote has multiple possible payment brand/protocol, it can call this function in turn. The Existing Payment Software responds with PayInstrument Elements with empty PayInstId attributes if it does not distinguish between different payment instruments for the particular payment alternatives. Note that the Payment API assumes that the values of the attributes BrandId, ProtocolId, ProtocolBrandId and the currency amount suffice for the determination of the appropriate Packaged Content Element that will be transmitted to the Payment Handler later on. Input Parameters o Brand Identifier - copied from the Brand List Component's Brand Element o Payment Protocol Identifier and associated Protocol Brand Identifier o Payment Direction - copied from the Brand List Component o Currency Code and Currency - copied from the Currency Amount Element o Payment Amount - copied from the Currency Amount Element o Consumer Payment Identifier - Consumer's unique reference to the current payment transaction o Wallet Identifier - managed by the IOTP Application Core o (Brand) Packaged Content - further payment brand description; copied from the Brand List Component's Brand Element o (Protocol Brand) Element - further information; copied from the Protocol Brand Element of the Brand List Component which relates to the Consumer selected Brand Element, if any. o (Protocol Amount) Packaged Content - further payment protocol description, copied from the Brand List Component's Protocol Amount Element Hans, et al. Informational [Page 76] RFC 3867 Payment API for IOTP November 2004 o Element (Protocol) Packaged Content - further payment protocol description, copied from the Brand List Component's Pay Protocol Element XML definition: Output Parameters o The known Payment Instrument Identifiers, these are internal values o The user-defined names of the payment instrument and their language encoding The Existing Payment Software responds with an empty list of identifiers, either if it does not distinguish between different payment instruments or if there are no registered payment instruments available despite brand support for at least one (unspecified) payment protocol. In the latter case, the IOTP Payment Bridge has to request the registration of a suitable payment instrument at a subsequent step of the payment process. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. Hans, et al. Informational [Page 77] RFC 3867 Payment API for IOTP November 2004 4.2.2. Check Payment Possibility This API function checks whether a payment (both debit and credit) can go ahead. It can be used, for example, to check o if there are sufficient funds available in a particular currency for an electronic cash payment brand, o whether there is sufficient value space left on the payment instrument for payment refund, o whether required system resources are available and properly configured, e.g., serial ports or baud rate, o whether environment requirements are fulfilled, e.g., chip card reader presence or Internet connection. If the payment method is based on external components, e.g., magnetic stripe or chip cards, and the check accesses the medium, the existing payment method should not mutually exclusive lock system resources, e.g., serial port or modem, that may also be required by other Existing Payment Software, e.g., multiple payment software components may share the same card reader. If this happens for API internal request processing, the function has to unlock these components prior to return. Otherwise, the payment may not proceed if the Consumer cancels immediately and decides to use another payment instrument. In this event the previous IOTP Payment Bridge is not notified about the change. This function call happens immediately after the Consumer's payment instrument selection. For example, if the payment instrument is a chip card, that is not inserted in the chip card reader, the Consumer may be prompted for its insertion. However, the Consumer should be able to hit some 'skip' button, if the payment check is part of the actual payment protocol, too. Finally, the IOTP Payment Bridge may provide only a subset of these capabilities or may even directly generate a successful response without any checks. Input Parameters o Brand Identifier - user selection o Payment Instrument Identifier - user selection o Currency Code and Currency Code Type - copied from the selected Currency Amount Element o Payment Amount - copied from the selected Currency Amount Element o Payment Direction - copied from the selected Trading Protocol Option Block o Protocol Identifier - copied from the selected Pay Protocol Element Hans, et al. Informational [Page 78] RFC 3867 Payment API for IOTP November 2004 o Protocol Brand Identifier - copied from the selected Protocol Brand Element of the Brand List Component which relates to the selected Brand Element, if any o Consumer Payment Identifier - Consumer's unique reference to the current payment transaction o Wallet Identifier and/or Pass Phrase o (Brand) Packaged Content - copied from the selected Brand Element o (Protocol Amount) Packaged Content - copied from the selected Protocol Amount Element o (Protocol) Packaged Content - copied from the selected Pay Protocol Element o (Protocol Brand) Packaged Content - copied from the selected Protocol Brand Element of the Brand List Component which relates to the selected Brand Element, if any XML definition: Output Parameters o three Brand Selection Info Packaged Content elements - for insertion into the Brand Selection component o Brand - additional data about the payment brand o Protocol Amount - additional data about the payment protocol o Currency Amount - additional payment brand and currency specific data Hans, et al. Informational [Page 79] RFC 3867 Payment API for IOTP November 2004 XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.3. Payment Transaction Related API calls These Payment API calls may be made either by the Consumer's or Payment Handler's IOTP Application Core. 4.3.1. Start Payment Consumer This API function initiates the actual payment transaction at the Consumer side. The IOTP Payment Bridge and the Existing Payment Software perform all necessary initialization and preparation for payment transaction processing. This includes the reservation of external periphery. E.g., 1) the Consumer's chip card reader needs to be protected against access from other software components, 2) the insertion of the chip card may be requested, 3) the Internet connection may be re-established, or 4) the Payment Handler may open a mutual exclusive session to the security hardware. The IOTP Payment Bridge monitors the payment progress and stores the current payment states such that resumption - even after power failures - remains possible. Note that the IOTP Application Core supplies only a subset of the following input parameter to the associated resumption API function and refers to the payment transaction through the party's payment identifier. Input Parameters o Brand Identifier - copied from the selected Brand Element o Payment Instrument Identifier - the user selection o Currency Code and Currency - copied from the selected Currency Amount Element o Payment Amount - copied from the selected Currency Amount Element o Payment Direction - copied from the Brand List Component o Protocol Identifier - copied from the selected Payment Protocol Element Hans, et al. Informational [Page 80] RFC 3867 Payment API for IOTP November 2004 o Protocol Brand Element - further information; copied from the Protocol Brand Element of the Brand List Component which relates to the selected Brand Element, if any o OkFrom, OkTo - copied from the Payment Component o Consumer Payment Identifier - Consumer's unique reference to the current payment transaction o Wallet Identifier and/or Pass Phrase o Call Back Function - used for end user notification/logging purposes o Call Back Language List. This list is required if the Call Back Function is set o (Brand) Packaged Content - further payment brand description; copied from the selected Brand Element's content o (Protocol Amount) Packaged Content - further payment protocol description; copied from the selected Protocol Amount Element's content o (Payment Protocol) Packaged Content - further payment protocol description; copied from the selected Pay Protocol Element's content o (Order) Packaged Content - further order description, copied from the Order Component XML definition: Hans, et al. Informational [Page 81] RFC 3867 Payment API for IOTP November 2004 Output Parameters o Continuation Status o (Payment Scheme) Packaged Content - for insertion into the Payment Scheme Component of the IOTP Payment Request Block The IOTP Application Core is allowed to reissue this request several times on failed analyses of the response. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.3.2. Start Payment Payment Handler This API function initializes the Consumer initiated payment transaction at the Payment Handler's side. Similar to the Consumer's system, the IOTP Payment Bridge and the Existing Payment Software perform all necessary initialization and preparation for payment transaction processing. Input Parameters o Brand Identifier - copied from the Consumer selected Brand Element o Consumer Payment Identifier - copied from the Payment Scheme Component o Currency Code and Currency - copied from the Consumer selected Currency Amount Element o Payment Amount - copied from the Consumer selected Currency Amount Element o Payment Direction - copied from the Brand List Component o Protocol Identifier - copied from the Consumer selected Payment Protocol Element o Protocol Brand Identifier - copied from the Brand Protocol Element of the Brand List Component which relates to the Consumer selected Brand Element, if any o OkFrom, OkTo - copied from the Payment Component o Payment Handler Payment Identifier - Payment Handler's unique reference to the current payment transaction o Merchant Organisation Identifier - copied from the Merchant's Organisation Element Hans, et al. Informational [Page 82] RFC 3867 Payment API for IOTP November 2004 o Wallet Identifier - renaming to till identifier neglected - and/or Pass Phrase o Call Back Function - used for end user notification/logging purposes o Call Back Language List. This list is required if the call back function is set o (Brand) Packaged Content - further payment brand description; copied from the Consumer selected Brand Element's content o (Protocol Brand) Packaged Content - further information; copied from the Protocol Brand Element of the Brand List Component which relates to the Consumer selected Brand Element, if any. o (Protocol Amount) Packaged Content - further payment protocol description; copied from the Consumer selected Protocol Amount Element's content o (Protocol) Packaged Content - further payment protocol description; copied from the Consumer selected Pay Protocol Element's content o (TradingRoleData) Packaged Content - further payment protocol description; the Name Attribute of the packaged contents must include "Payment:" as the prefix, for example "Payment:SET-OD". For more information, see [SET/IOTP]. o Three Brand Selection Info Packaged Content Elements - copied from the Brand Selection Component o Brand - additional data about the payment brand o Protocol Amount - additional data about the payment protocol o Currency Amount - additional payment brand and currency specific data o (Payment Scheme) Packaged Content. XML definition: Output Parameters o Continuation Status o (Payment Scheme) Packaged Content - for insertion into the Payment Scheme Component of the IOTP Payment Exchange Block The response message must contain payment schema data if the continuation status signals "Continue". The IOTP Application Core is allowed to reissue this request several times on failed analyses of the response. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.3.3. Resume Payment Consumer This API function resumes a previously suspended payment at the Consumer side. Resumption includes the internal inquiry of the payment transaction data, e.g., payment amount, protocol identifier, and the whole initialization as it has been applied on the "Start Payment Consumer" API request. It is up to the IOTP Application Core to decide whether an IOTP Payment Request Block or a IOTP Payment Exchange Block needs to be generated. One indicator might be the receipt of a previous IOTP Payment Exchange Block from the Payment Handler, e.g., the knowledge of the Payment Handler Payment Identifier. Input Parameters o Consumer Payment Identifier o Wallet Identifier and/or Pass Phrase Hans, et al. Informational [Page 84] RFC 3867 Payment API for IOTP November 2004 o Call Back Function - used for end user notification/logging purposes XML definition: Output Parameters o Continuation Status o (Payment Scheme) Packaged Content - for insertion in the Payment Scheme Component of the next IOTP message (Payment Exchange or Request Block). The IOTP Application Core is allowed to reissue this request several times on failed analyses of the response. However, the IOTP Payment Bridge might reject the resumption request by using the "AttNotSupp" Error Code "naming" the Consumer Payment Identifier attribute. Then the Consumer has to apply normal error processing to the current (sub-)transaction and to issue a new Payment Request Block to the Payment Handler. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.3.4. Resume Payment Payment Handler This API function resumes a payment at the Payment Handler side. Input Parameters o Payment Handler Payment Identifier o Wallet Identifier - renaming to till identifier neglected - and Pass Phrase Hans, et al. Informational [Page 85] RFC 3867 Payment API for IOTP November 2004 o Call Back Function - used for end user notification/logging purposes o Call Back Language List. This list is required if the Call Back Function is set o (Payment Scheme) Packaged Content - copied from the Payment Scheme Component of the received IOTP message (Payment Exchange or Request Block). XML definition: Output Parameters o Continuation Status o (Payment Scheme) Packaged Content - for insertion in the Payment Scheme Component of the next Payment Exchange Block. The response message contains payment schema specific data if the continuation status signals "Continue". The IOTP Application Core is allowed to reissue this request several times on failed analyses of the response. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.3.5. Continue Process This API function passes one specific IOTP Payment Scheme Component, i.e., the encapsulated Packaged Content elements, received from the counter party (e.g., Consumer) to the IOTP Payment Bridge and responds with the next IOTP Payment Scheme Component for submission to the counter party. Hans, et al. Informational [Page 86] RFC 3867 Payment API for IOTP November 2004 Input Parameters o Payty's Payment Identifier o Process (Transaction) Type which distinguishes between Payments and Inquiries. o Wallet Identifier and/or Pass Phrase o (Payment Scheme) Packaged Content - copied from the Payment Scheme Component of the received Payment Exchange Block or from the Error Block. Each party should set the payment identifier with the local identifier (Consumer: ConsumerPayId; Merchant: MerchantPayId; Payment Handler: PaymentHandlerPayId). XML definition: Output Parameters o Continuation Status o (Payment Scheme) Packaged Content - for insertion in the Payment Scheme Component of the next Payment Exchange Block or final Payment Response Block The response message contains payment schema data if the continuation status signals "Continue". The IOTP Payment Bridge must signal "End", if the payment scheme data was received within an IOTP Error Block containing an Error Component with severity HardError. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. Hans, et al. Informational [Page 87] RFC 3867 Payment API for IOTP November 2004 4.3.6. Change Process State The IOTP Application Core changes the current payment status by this request. The IOTP Payment Bridge may be notified about business level normal termination, cancellation, suspension, and processing errors. Notification happens by requesting the intended process state. The IOTP Payment Bridge processes the status change and reports the result. The IOTP Application Core has to analyze any returned process status in order to check whether the IOTP Payment Bridge has agreed to or declined the status switch. E.g., the submitted Process State "CompleteOk" may lead to the Payment Status "Failed" if the payment transaction has already failed. Transaction Suspension is notified by the newly introduced Process State "Suspended". The other attribute values have been taken from the IOTP specification. This API function might be called by the Consumer, Merchant, or Payment Handler for each payment transaction anytime after the issuance of "FindPaymentInstrument" to the IOTP Payment Bridge by the Consumer, the issuance of "FindAcceptedPaymentBrand" by the Merchant, or the issuance of "StartPaymentPaymentHandler" by the Payment Handler. The Process States "CompletedOk", "Failed", and "ProcessError" are final in the sense that they can not be changed on subsequent calls. However, the API function should not return with an error code if such an incompatible call has been issued. Instead it should report the old unchanged Process State. Unknown payment transactions are reported by the Error Code "AttValInvalid" pointing to the PayId attribute. Input Parameters o Party's Payment Identifier o intended Payment Status o intended Completion Code o Process (Transaction) Type which distinguishes between Payments and Inquiries. o Wallet Identifier and/or Pass Phrase Hans, et al. Informational [Page 88] RFC 3867 Payment API for IOTP November 2004 XML definition: Output Parameters o Process State and Percent Complete o Completion Code o Status Description and its language annotation XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.4. General Inquiry API Calls The following calls are not necessarily assigned to a payment transaction and may be issued at any time. There are no dependencies on any other calls. Hans, et al. Informational [Page 89] RFC 3867 Payment API for IOTP November 2004 4.4.1. Remove Payment Log The IOTP Application Core notifies the IOTP Payment Bridge and/or the corresponding Existing Payment Software via IOTP Payment Bridge that any record in the Payment Log file, that deals with the listed payment transaction, might be removed. Input Parameters o Party's Payment Identifier o Wallet Identifier and/or Pass Phrase XML definition: Output Parameters XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.4.2. Payment Instrument Inquiry This API function retrieves the properties of the Payment Instrument. The Payment Instrument Identifier could be omitted if this identifier is derived by other means, e.g., by analysis of the currently inserted chip card. If the Payment instrument could not uniquely determined, the IOTP Payment Bridge may provide suitable dialogs for user input. E.g., this API function might be used during problem resolution with the Customer Care Provider of the issuer of the payment instrument, in order to inquire payment instrument specific values. Input parameters o Brand Identifier o Payment Instrument Identifier o Protocol Identifier Hans, et al. Informational [Page 90] RFC 3867 Payment API for IOTP November 2004 o Wallet Identifier and/or Pass Phrase o Property Type List - sequence of values whose language is identified by xml:lang o (Brand) PackagedContent Content - further payment brand description o Protocol Brand Content - further payment brand information o (Protocol Amount) PackagedContent Content - further payment protocol description o (Pay Protocol) PackagedContent Content - further payment protocol description The codes in the property type list are of two types: o generic codes which apply to all payment methods but might be unavailable o Payment Brand specific codes. Generic codes for the Property Type List are: Property Type Meaning Balance Current balance Limit Maximum balance PaymentLimit Maximum payment transaction limit Expiration Expiration date Identifier Issuer assigned identifier of the payment instrument. Usually, it does not match with the API's payment instrument identifier. LogEntries Number of stored payment transaction entries. The entries are numbered from 0 (the most recent) to some non-negative value for the oldest entry. PayAmountn Payment Amount of the n-th recorded payment transaction, n may negative PayPartyn Remote party of the n-th payment recorded transaction, n may negative PayTimen Time of the n-th payment recorded transaction, n may negative XML definition: Output parameters o a list of zero or more unavailable property values whose language are identified by xml:lang. o a list of zero or more sets of "Properties Types", "Property Values" and "Property Descriptions" XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.4.3. Inquire Pending Payment This API function reports the party's payment identifiers of any pending payment transactions that the IOTP Payment Bridge/Existing Payment Software recommends be completed or suspended prior to the processing of new payment transactions. It does not respond with further transaction details. These have to be requested with "Inquire Process State". Note that the IOTP Payment Bridge has to respond without the benefit of any pass phrase if there exist no pending payment transaction. But if there are some pending payment transactions, the IOTP Payment Bridge may refuse the immediate response and may instead request the appropriate pass phase from the IOTP Application Core. Input Parameters o Wallet Identifier and/or Passphrase Hans, et al. Informational [Page 92] RFC 3867 Payment API for IOTP November 2004 XML definition: Output Parameters o Party's Payment Identifier XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.5. Payment Related Inquiry API Calls 4.5.1. Check Payment Receipt This function is used by the Consumer and might be used by the Payment Handler to check the consistency, validity, and integrity of IOTP payment receipts which might consist of Packaged Content Elements o from the IOTP Payment Receipt Component - provided by the Payment Handler's "Inquire Process State" API call shortly before payment completion, o from Payment Scheme Components being exchanged during the actual payment, or o being returned by the Consumer's "Inquire Process State" API call shortly before payment completion The IOTP Application Core has to check the PayReceiptNameRefs attribute of the IOTP Payment Receipt Component and to supply exactly the Packaged Content Elements being referred to. Failed verification is returns a business error. Hans, et al. Informational [Page 93] RFC 3867 Payment API for IOTP November 2004 Note that this Payment API assumes that any payment receipt builds upon a subset of elements with reference to [IOTP]. Furthermore, the Packaged Content Element have to be distinguishable by their Name attribute. Input Parameters o Party's Payment Identifier o Wallet Identifier and/or Pass Phrase o All Packaged Content Elements in the payment receipt XML definition: Output Parameters XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.5.2. Expand Payment Receipt This API function expands any IOTP payment receipt into a form which may be used for display or printing purposes. "Check Payment Receipt" should be used first if there is any question of the payment receipt containing errors. The same conventions apply to the input parameter as for "Check Payment Receipt" (cf. Section 4.5.1). Input Parameters o Party's Payment Identifier o Wallet Identifier and/or Pass Phrase o All Packaged Content Elements that build the payment receipt Hans, et al. Informational [Page 94] RFC 3867 Payment API for IOTP November 2004 XML definition: Output Parameters o Brand Identifier o Protocol specific Brand Identifier o Payment Instrument Identifier o Currency Code and Currency Code Type o Payment Amount o Payment Direction o Time Stamp - issuance of the receipt o Protocol Identifier o Protocol specific Transaction Identifier - this is an internal reference number which identifies the payment o Consumer Description, Payment Handler Description, and a language annotation o Style Sheet Net Location o Payment Property List. A list of type/value/description triples which contains additional information about the payment which is not covered by any of the other output parameters; property descriptions have to consider the language annotation. The Style Sheet Net Location refers to a Style Sheet (e.g., [XSLT]) that contains presentation information about the reported XML encoded data. XML definition: The Existing Payment Software should return as many attributes as possible from the supplied IOTP Payment Receipt. The payment supplement defines the attribute values for the payment properties. Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.5.3. Inquire Process State This API function returns the current payment state and optionally further Packaged Content Elements that form the payment receipt. Called by the Payment Handler, the IOTP Payment Bridge might respond with data intended for inclusion in the IOTP Payment Receipt Component's Packaged Content. When the Consumer calls this function shortly before payment completion, it may respond with further items of the payment receipt. Such items might be created by a chip card. Input Parameters o Party's Payment Identifier o Wallet Identifier and/or Pass Phrase XML definition: Output Parameters o Current Process State and Percent Complete o Completion Code o Status Description and its language annotation o Payment Receipt Name References to all Packaged Content Elements that build the payment receipt (cf. Section 4.5.1), even if they have not been created so far (Consumer's share) Hans, et al. Informational [Page 96] RFC 3867 Payment API for IOTP November 2004 o Any Packaged Content Element being available that form the payment receipt The IOTP provides a linking capability to the payment receipt delivery. Instead of encapsulating the whole payment specific data into the packaged content of the payment receipt, other Payment Scheme Components' Packaged Content might be referred to. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.5.4. Start Payment Inquiry This API function responds with any additional payment scheme specific data that is needed by the Payment Handler for Consumer initiated payment transaction inquiry processing. Probably, the IOTP Payment Bridge (or the corresponding Existing Payment Software) has to determine the payment related items that were provided with the "Start Payment Consumer" API function call. Input Parameters o Consumer Payment Identifier o Wallet Identifier and/or Pass Phrase Hans, et al. Informational [Page 97] RFC 3867 Payment API for IOTP November 2004 XML definition: Output Parameters o (Payment Scheme) Packaged Content - intended for insertion in the Payment Scheme Component of the Inquiry Request Block XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.5.5. Inquire Payment Status The Payment Handler calls this API function for Consumer initiated inquiry processing. It differs from the previous "Inquire Process State" API function by the optional inclusion of payment scheme specific data. The response may encapsulate further details about the payment transaction. Input Parameters o Payment Handler Payment Identifier o Wallet Identifier and/or Pass Phrase o (Payment Scheme) Packaged Content - copied from the Inquiry Request Block's Payment Scheme Component XML definition: Output Parameters o Current Process State o Completion Code Hans, et al. Informational [Page 98] RFC 3867 Payment API for IOTP November 2004 o Status Description and its language annotation o (Payment Scheme) Packaged Content - intended for insertion in the Payment Scheme Component of the Inquiry Response Block XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 4.6. Other API Calls 4.6.1. Manage Payment Software The following API function notifies the IOTP Payment Bridge about the intended registration, modification, or deletion of a payment instrument. The actual processing is up to the IOTP Payment Bridge. This API request may also be used to activate the IOTP Payment Bridge (and the corresponding Existing Payment Software) for general administration purposes. Input Parameters o Brand Identifier o Protocol Identifier o Any action code: o New - add new payment method / instrument o Update - change the payment method's / instrument's data o Delete - delete a payment method / instrument o Wallet Identifier and/or Pass Phrase o (Brand) Packaged Content - further payment brand description o (Pay Protocol) Packaged Content - further payment protocol description Hans, et al. Informational [Page 99] RFC 3867 Payment API for IOTP November 2004 o (Protocol Amount) Packaged Content - further payment protocol description If the Action attribute is set, the Brand and Protocol Identifier have to also be set. The IOTP Payment Bridge has to provide the required user dialogs and selection mechanisms. E.g., updates and deletions may require the selection of the payment instrument. A new wallet might be silently generated on the supplement of a new Wallet Identifier or after an additional end user acknowledge. The IOTP Application Core should not provide any pass phrases for new wallets. Instead, the IOTP Payment Bridge has to request and verify them, which may return their value to the IOTP Application Core in plain text. In addition, the IOTP Payment Bridge returns the supported authentication algorithms when a new brand and protocol pair has been registered. If the "Action" attribute is omitted, the IOTP Payment Bridge which is responsible for the Existing Payment Software pops up in a general interactive mode. XML definition: Output Parameters o An action code: o New - added new wallet o Update - changed wallet's configuration o Delete - removed a wallet o Wallet Identifier and/or Pass Phrase The IOTP Payment Bridge does not return any information about the set of registered payment instruments because these data items are dynamically inferred during the brand selection process at the beginning of each IOTP transaction. However, the IOTP Application Core has to be notified about new wallets and should be notified about updated and removed wallets (identifier). Alternatively, Hans, et al. Informational [Page 100] RFC 3867 Payment API for IOTP November 2004 removed wallets can be implicitly detected during the next brand selection phase. Updated wallets do no affect the processing of the IOTP Application Core. The IOTP Payment Bridge should only support the addition of at most one wallet because it is not able to report multiple additions at once back to the IOTP Application Core. XML definition: Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. 5. Call Back Function This API function, called by the IOTP Payment Bridge, is used to provide information for Consumer or Payment Handler notification about the progress of the payment transaction. Its use is illustrated in the diagram below. *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* IOTP Application ----calls---- | Core | | display | | v to <---------- Call Back <--calls--- Payment user | | Software ---------------- *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+* Figure 9. Call Back Function Whenever this function is called, the content of the status description should be made available to the user. For example on a status bar, a pop up window, etc. A reference to the Call Back function is passed as an input parameter to the "Start Payment X" and "Resume Payment X" API function. Afterwards, this function might be called whenever the status changes or progress needs to be reported. Hans, et al. Informational [Page 101] RFC 3867 Payment API for IOTP November 2004 Input Parameters o the software identifier of the caller o Party's Payment Identifier o Process State and Percent Complete o Completion Code o Status Description and its language annotation, text which provides information about the progress of the call. It should be displayed or made available to, for example, the Consumer. Examples of Status Description could be: o "Paying 12.30 USD to XYZ Inc" o "Payment completed" o "Payment aborted" The valid languages are announced in the Call Back Language List attribute in "Start Payment X" and "Resume Payment X" API function calls. XML definition: Output Parameters XML definition: > Tables 4 and 5 explain the attributes and elements; Table 3 introduces the Error Codes. Hans, et al. Informational [Page 102] RFC 3867 Payment API for IOTP November 2004 Basically, the call back function accepts all input arguments or rejects the whole request. It may even accept malformed requests. Some payment schemes may support or require that the Consumer might be able to cancel the payment at any time. The Call Back function can be used to facilitate this by returning the cancellation request on the next call (using the Business Error Code and Completion Code "ConsCancelled"). Vice versa the Payment Handler's Application Core might use the similar mechanism to signal its IOTP Payment Bridges any exceptional need for a fast shutdown. These IOTP Payment Bridges may initiate the appropriate steps for terminating/cancelling all pending payment transactions. Note that the "Change Process State" API function provides the second mechanism for such kind of notification. Therefore, the IOTP Payment Bridge or Existing Payment Software may ignore the details of the "Call Back" response. 6. Security Consideration The IOTP Payment APIs only supports security using pass phrase to access to payment Wallet. These can be protected over TLS, which provides stronger security at the transport layer, but implementations are out the scope of this document. See also security consideration section of [IOTP]. 7. References 7.1. Normative References [IOTP] Burdett, D., "Internet Open Trading Protocol - IOTP version 1.0", RFC 2801, April 2000. [ISO4217] ISO 4217: Codes for the Representation of Currencies. Available from ANSI or ISO. [URL] Berners-Lee, T., Masinter, L. and M. McCahill, "Uniform Resource Locators (URL)", RFC 1738, December 1994. [UTC] Universal Time Coordinated. A method of defining time absolutely relative to Greenwich Mean Time (GMT). Typically of the form: "CCYY-MM- DDTHH:MM:SS.sssZ+n" where the "+n" defines the number of hours from GMT. See ISO DIS8601. Hans, et al. Informational [Page 103] RFC 3867 Payment API for IOTP November 2004 [XML] Extensible Mark Up Language (XML) 1.0 (Third Edition). A W3C recommendation. See http://www.w3.org/TR/REC-xml [XML-NS] Namespaces in XML Recommendation. T. Bray, D. Hollander, A. Layman. Janaury 1999. http://www.w3.org/TR/REC-xml- names [XSLT] Extensible Style Language Transformations 1.0, November 1999, See http://www.w3.org/TR/xslt 7.2. Informative References [IOTPBOOK] D. Burdett, D.E. Eastlake III, and M. Goncalves, Internet Open Trading Protocol, McGraw-Hill, 2000. ISBN 0-07- 135501-4. [SET] SET Secure Electronic Transaction(TM) , Version 1.0, May 31, 1997 Book 1: Business Description Book 2: Programmer's Guide Book 3: Formal Protocol Definition [SET/IOTP] Kawatsura, Y., "Secure Electronic Transaction (SET) Supplement for the v1.0 Internet Open Trading Protocol (IOTP)", RFC 3538, June 2003. [TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999. Hans, et al. Informational [Page 104] RFC 3867 Payment API for IOTP November 2004 Acknowledgement The contributions of Werner Hans of Atos Origin are gratefully acknowledged. Authors' Addresses Hans-Bernhard Beykirch EMail: hbbeykirch@web.de Yoshiaki Kawatsura Hitachi, Ltd. 890 Kashimada Saiwai-ku Kawasaki-shi Kanagawa, Japan 212-8567 EMail: ykawatsu@itg.hitachi.co.jp Masaaki Hiroya Technoinfo Service, Inc. 333-2-718 Uchikoshi-machi Hachioji-shi Tokyo 192-0911 JAPAN EMail: hiroya@st.rim.or.jp Hans, et al. Informational [Page 105] RFC 3867 Payment API for IOTP November 2004 Full Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Hans, et al. Informational [Page 106]