Extensible Supply-chain Discovery Service (ESDS) Chair(s): Mark Harrison Applications Area Director(s): Lisa Dusseault Chris Newman Applications Area Advisor: Lisa Dusseault Mailing List(s): esds at ietf.org General information about the mailing list is at: https://www1.ietf.org/mailman/listinfo/esds Purpose of Working Group: The use of Supply chain Tracking Systems is rising at an unprecedented rate, particularly as various industry sectors are increasingly adopting automatic identification technologies such as Radio-Frequency Identification (RFID) to automatically track individual physical objects as they move through a supply chain. Rather than tracking at batch or lot level, the ultimate goal of this technology is that each individual physical object will have its own unique ID, which can be used to gather and retrieve complete lifecycle information about the object, which is fragmented across the supply chain. Deployment of these systems has grown to a point where they can no longer operate effectively in isolation from other systems. There is a need to share data among these disparate systems, which are owned and operated by separate organizations. ESDS has been chartered to architect and define the protocol of a Discovery Service for global supply chains. ESDS's goal is to enable searching for information on physical objects flowing in a supply chain, by authorized and authenticated users. Economic and technical factors dictate that Discovery Services and their protocol ESDS must be designed for deployment on the Internet. Access control, data protection and security are of utmost importance, due to sensitivity and value of the information generated by the supply chain. Work Items: The work group will address to the following work items: 1.Initial Conventions a)Define common vocabulary and terminology b)Define core data sets for sharing on Discovery Service, including required data fields, optional data fields, and extensible data fields (e.g. who, what, when, where, why, links, identifier, lifecycle, class, etc.) c)Define handling for time zones (e.g. accepting only UTC timestamps vs. accepting timestamps with any timezone) 2.Security a)Considerations for access control policies and their impact on Work Items 3 and 4 b)Define security architecture and mechanisms for authorization, authentication , encryption (e.g. integrating security certificates into the protocol vs. relying on a security layer such as SSL) c)Define a common interface and roles for access control configuration (e.g. supply chain, partner, user ) 3.Publishing Interface a)Define mechanism for uniquely identifying objects in a supply chain without requiring a global unique identifier for each and all objects that enter a supply chain b)Define a protocol for advertising/publishing data resources (Resource Discovery) c)Define a protocol and policy for retracting or voiding published data d)Define policies for updating stale and broken links (e.g. for records with a long retention period, it is vital that links can be updated, when required) 4.Query Interface a)Define a protocol for querying published data, facilitating both one-time queries and standing queries (e.g. pull vs. push queries) b)Determine how aggregation and disaggregation events should be handled including policies for access control and visibility of these events (e.g. a pallet is broken down into boxes and each box has its own destination supply chain and access policy) c)Determine if multilayer information visibility is required (e.g. a query with limited access can be informed of the existence of information for a particular object, but to view the actual information, full access privileges would be required. This has particular implications for peer-to-peer searching across multiple Discovery Services) 5.DS-DS Peer Communications Interface a)Architect a bootstrapping policy for objects while ensuring security and confidentiality (e.g. locating one or more Discovery Services for a product which is mis-delivered) b)Define a peer-to-peer protocol to enable linking Discovery Service servers together (e.g. retrieving information about the entire lifecycle of a product as it moves through various supply chains) c)Determine if Discovery Services should facilitate peer-to-peer access negotiation process (e.g. a query client negotiates for access to information from an organization in the situation where the information-providing organization does not have an established business (trust) relationship with the client and therefore chooses initially not to reveal its identity to the client) Goals and Milestones: Done Submit a draft problem statement April 2008 Submit a document outlining the Initial Conventions July 2008 Submit a draft on requirements for Security September 2008 Submit a draft requirements for Publishing Interface November 2008 Submit a draft proposed protocol for Publishing Interface January 2008 Submit a draft on requirements for Query Interface March 2009 Submit a draft proposed protocol for Query Interface May 2009 Submit a draft on requirements for DS-DS peer Communications Interface July 2009 Submit a draft proposed protocol for DS-DS peer Communications Interface Current Internet-Drafts: http://www.ietf.org/internet-drafts/draft-rezafard-esds-problem-statement-00.txt http://www.ietf.org/internet-drafts/draft-young-esds-concepts-03.txt http://www.ietf.org/internet-drafts/draft-thompson-esds-commands-02.txt http://www.ietf.org/internet-drafts/draft-thompson-esds-schema-02.txt Further Background Reading: BRIDGE project - Requirements for Discovery Services http://www.bridge-project.eu/data/File/BRIDGE%20WP02%20Serial%20level%20lookup%20Requirements.pdf BRIDGE project - high-level design for Discovery Services http://www.bridge-project.eu/data/File/BRIDGE%20WP02%20High%20level%20design%20Discovery%20Services.pdf