C.3. Related Standards and Profiles

C.3. Related Standards and Profiles

C.3.1. Communication Services

270. Communications Services interconnect systems and mechanisms for the opaque transfer of selected data between or among access points, in accordance with agreed quality parameters and without change in the form or content of the data as sent and received. Internet Protocol (IP) technology is the enabler of adaptive and flexible connectivity. Its connectionless structure, with its logical connectivity, provides scalability and manageability and is also future-proof by insulating services above from the diverse transport technologies below.

271. tactESB instances are using a converged IP network applying open standards and industry best practices. For the tactESB architecture the interconnection between autonomous systems will be based both on IPv4/IPv6 dual stack.

C.3.1.1. Edge Transport Services

272. Tactical systems will have in principle a limited network interconnection with other networks, especially fixed or deployed ones. The is based on the operational nature of mobile elements.

Table C.1. Edge Transport Services and Communications Equipment Standards

ID:Service/Purpose	Standards	Implementation Guidance
2: Inter-Autonomous System (AS) routing	Mandatory: Border Gateway Protocol V4 IETF RFC 1997:1996, BGP Communities Attribute. IETF RFC 3392: 2002, Capabilities Advertisement with BGP-4. IETF RFC 4271: 2006, A Border Gateway Protocol 4 (BGP-4). IETF RFC 4760: 2007, Multiprotocol Extensions for BGP-4. IETF RFC 2545: 1999, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing. IETF RFC 6793: 2012, BGP Support for Four-Octet Autonomous System (AS) Number Space. IETF RFC 4360: 2006, BGP Extended Communities Attribute. IETF RFC 5668: 2009, 4-Octet AS Specific BGP Extended Community.	BGP deployment guidance in IETF RFC 1772: 1995, Application of the Border Gateway Protocol in the Internet. BGP sessions must be authenticated, through a TCP message authentication code (MAC) using a one-way hash function (MD5), as described in IETF RFC 4271.
3. Inter-Autonomous System (AS) multicast routing	IPv4 (Mandatory): IETF RFC 3618: 2003, Multicast Source Discovery Protocol (MSDP) IETF RFC 3376: 2002, Internet Group Management Protocol, Version 3 (IGMPv3). IETF RFC 4601, Protocol Independent Multicast version 2 (PIMv2) Sparse Mode (SM). IETF RFC 4760 “Multiprotocol Extensions for BGP (MBGP)” IETF RFC 4604: 2006, Using Internet Group Management Protocol Version 3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific Multicast. Note on IPv6: No standard solution for IPv6 multicast routing has yet been widely accepted. More research and experimentation is required in this area.
4: unicast routing	Mandatory: Classless Inter Domain Routing (IETF RFC 4632)
5: multicast routing	Mandatory: IETF RFC 1112: 1989, Host Extensions for IP Multicasting. IETF RFC 2908: 2000, The Internet Multicast Address Allocation Architecture IETF RFC 3171: 2001, IANA Guidelines for IPv4 Multicast Address Assignments. IETF RFC 2365: 1998, Administratively Scoped IP Multicast.

C.3.1.2. Communications Access Services

273. Communications Access Services provide end-to-end connectivity of communications or computing devices. Communications Access Services can be interfaced directly to Transmission Services (e.g. in the case of personal communications systems) or to Transport Services, which in turn interact with Transmission Services for the actual physical transport. Communications Access Services correspond to customer-facing communications services. As such, they can also be referred to as Subscriber Services, or Customer-Edge (CE) Services.

Table C.2. Packet-based Communications Access Services Standards

ID:Service/Purpose	Standards	Implementation Guidance
1: Host-to-host transport services	Mandatory: IETF STD 6: 1980 /IETF RFC 768: 1980, User Datagram Protocol. IETF STD 7: 1981 / RFC 793: 1981, Transmission Control Protocol.
2: host-to-host datagram services	Internet Protocol (Mandatory): IETF RFC 791: 1981, Internet Protocol. IETF RFC 792: 1981, Internet Control Message Protocol IETF RFC 919: 1994, Broadcasting Internet Datagrams. IETF RFC 922: 1984, Broadcasting Internet Datagrams in the Presence of Subnets. IETF RFC 950: 1985, Internet Standard Subnetting Procedure. IETF RFC 1112: 1989, Host Extensions for IP Multicasting. IETF RFC 1812: 1995, Requirements for IP Version 4 Routers. IETF RFC 2644: 1999, Changing the Default for Directed Broadcasts in Routers. IETF RFC 2460: 1998, Internet Protocol, Version 6 (IPv6) Specification. IETF RFC 3484: 2003, Default Address Selection for Internet Protocol version 6 (IPv6). IETF RFC 3810: 2004, Multicast Listener Discovery Version 2 (MLDv2) for IPv6. IETF RFC 4291: 2006, IP Version 6 Addressing Architecture. IETF RFC 4443: 2006, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification. IETF RFC 4861: 2007, Neighbor Discovery for IP version 6 (IPv6). IETF RFC 5095: 2007, Deprecation of Type 0 Routing Headers in IPv6.	IP networking. Accommodate both IPv4 and IPv6 addressing. MTU reduced to 1300 bytes, MSS set to 1260 bytes in order to accommodate IP crypto tunnelling within autonomous systems
3. Differentiated host-to-host datagram services (IP Quality of Service)	Mandatory: IETF RFC 2474: 1998, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers. updated by IETF RFC 3260: 2002, New Terminology and Clarifications for DiffServ. IETF RFC 4594: 2006, Configuration Guidelines for DiffServ Service Classes. ITU-T Y.1540 (03/2011), Internet protocol data communication service – IP packet transfer and availability performance parameters. ITU-T Y.1541 (12/2011), Network performance objectives for IP-based services. ITU-T Y.1542 (06/2010), Framework for achieving end-to-end IP performance objectives. ITU-T M.2301 (07/2002), Performance objectives and procedures for provisioning and maintenance of IP-based networks . ITU-T J.241 (04/2005), Quality of service ranking and measurement methods for digital video services delivered over broadband IP networks.	Utilize Quality of Service capabilities of the network (Diffserve, no military precedence on IP)

C.3.2. Core Enterprise Services

274. Core Enterprise Services (CES) provide generic, domain independent, technical functionality that enables or facilitates the operation and use of Information Technology (IT) resources. CES will be broken up further into:

Infrastructure Services (incl. Information Assurance (IA) services)
Service Oriented Architecture (SOA) Platform Services
Enterprise Support Services

C.3.2.1. Infrastructure Services

275. Infrastructure Services provide software resources required to host services in a distributed and federated environment. They include computing, storage and high-level networking capabilities.

Table C.3. Infrastructure Services Standards

ID:Service/Purpose	Standard	Implementation Guidance
1:Distributed Time Services: Time synchronization	Mandatory: IETF RFC 5905: 2010, Network Time Protocol version 4 (NTPv4). Mission Network Contributing Participants must be able to provide a time server on their network element either directly connected to a stratum-0 device or over a network path to a stratum-1 time server of another Mission Network Contributing Participant. Other mission participants must use the time service of their host.	A stratum-1 time server is directly linked (not over a network path) to a reliable source of UTC time (Universal Time Coordinate) such as GPS, WWV, or CDMA transmissions through a modem connection, satellite, or radio. Stratum-1 devices must implement IPv4 and IPv6 so that they can be used as timeservers for IPv4 and IPv6 Mission Network Elements. The W32Time service on all Windows Domain Controllers is synchronizing time through the Domain hierarchy (NT5DS type).
2:Domain Name Services: Naming and Addressing on a mission network instance	Mandatory: IETF STD 13: 1987 /IETF RFC 1034: 1987, Domain Names – Concepts and Facilities. IETF RFC 1035: 1987, Domain Names – Implementation and specification.
3:Identification and addressing of objects on the network.	Mandatory: RFC 1738, Uniform Resource Locators (URL), 1994 IETF RFC 3986: 2005, Uniform Resource Identifiers (URI), Generic Syntax.(updates IETF RFC 1738)	Namespaces within XML documents shall use unique URLs or URIs for the namespace designation.
4: Infrastructure Storage Services: storing and accessing information about the time of events and transactions	Mandatory: ISO/IEC 9075 (Parts 1 to-14):2011, Information technology - Database languages - SQL Databases shall stores date and time values everything in TIMESTAMP WITH TIME ZONE or TIMESTAMPTZ	Missions might conduct transactions across different time zones. Timestamps are essential for auditing purposes. It is important that the integrity of timestamps is maintained across all Mission Network Elements. From Oracle 9i, PostgreSQL 7.3 and MS SQL Server 2008 onwards, the time zone can be stored with the time directly by using the TIMESTAMP WITH TIME ZONE (Oracle, PostgreSQL) or datetimeoffset (MS-SQL) data types.
5:Infrastructure IA Services: Facilitate the access and authorization between mission network users and services.	Mandatory: Directory access and management service: IETF RFC 4510: 2006, Lightweight Directory Access Protocol (LDAP) Technical Specification Road Map (LDAPv3). IETF RFC 4511-4519:2006, LDAP Technical Specification IETF RFC 2849: 2000, The LDAP Interchange Format 9 (LDIF).	Options available to mission network members when joining their network element to an mission network instance: Establish a separate forest. Join Forest of another Mission Network Contributing Participant For cross application/service authentication between separate forests claims based authentication mechanisms (SAML 2.0 or WS-trust/WS-Authentication) shall be used. Whilst LDAP is a vendor independent standard, in practice Microsoft Active Directory (AD) is a common product providing directory services on national and NATO owned Mission Network elements. AD provides additional services aside from LDAP like functionality.
6: Infrastructure IA Services: Digital Certificate Services	Mandatory: ITU-T X.509 (11/2008), Information technology - Open systems interconnection - The Directory: Public-key and attribute certificate frameworks the version of the encoded public-key certificate shall be v3. the version of the encoded certificate revocation list (CRL) shall be v2.

C.3.2.2. SOA Platform Services

276. SOA Platform Services provide a foundation to implement web-based services in a loosely coupled environment, where flexible and agile service orchestration is a requirement. They offer generic building blocks for SOA implementation (e.g. discovery, message busses, orchestration, information abstraction and access, etc.) and can be used as a capability integration platform in a heterogeneous service-provisioning ecosystem.

Table C.4. SOA Platform Services and Data Standards

ID:Service/Purpose	Standard	Implementation Guidance
1: Web Platform Services	Mandatory: IETF RFC 2616: 1999, Hypertext Transfer Protocol HTTP/1.1 IETF RFC 3986: 2005, Uniform Resource Identifier (URI): Generic Syntax.	HTTP shall be used as the transport protocol for information without 'need-to-know' caveats between all service providers and consumers (unsecured HTTP traffic). HTTPS shall be used as the transport protocol between all service providers and consumers to ensure confidentiality requirements (secured HTTP traffic). Unsecured and secured HTTP traffic shall share the same port.
2:Publishing information including text, multimedia, hyperlink features, scripting languages and style sheets on the network	Mandatory: HyperText Markup Language (HTML) 4.01 (strict) ISO/IEC 15445:2000, Information technology -- Document description and processing languages -- HyperText Markup Language (HTML). IETF RFC2854:2000, The 'text/html' Media Type.
4:General formatting of information for sharing or exchange	Mandatory: Extensible Markup Language (XML), v1.0 5th Edition, W3C Recommendation, 26 November 2008. XML Schema Part 1: Structures Second Edition, W3C Recommendation, 28 October 2004. Second Edition, W3C Recommendation, 28 October 2004	XML shall be used for data exchange to satisfy those IERs within a mission network instance that are not addressed by a specific information exchange standard. XML Schemas and namespaces are required for all XML documents.
7: Message Security for web services	Mandatory: WS-Security: SOAP Message Security 1.1 XML Encryption Syntax and Processing W3C Recommendation, 10 December2002. XML Signature Syntax and Processing 1.0 (Second Edition)W3C Recommendation, 10 June 2008. OASIS WS-I Basic Security Profile Version 1.1, 24 January 2010.	Specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as SAML, Kerberos, and X.509v3. Its main focus is the use of XML Sig nature and XML Encryption to provide end-to-end security. Specifies a process for encrypting data and representing the result in XML. Referenced by WS-Security specification. Specifies XML digital signature processing rules and syntax. Referenced by WS-Security specification.
8:Security token format	Mandatory: OASIS Standard, Security Assertion Markup Language (SAML) 2.0), March 2005.	Provides XML-based syntax to describe uses security tokens containing assertions to pass information about a principal (usually an end-user) between an identity provider and a web service. Describes how to use SAML security tokens with WS-Security specification.
9: Security token issuing	Mandatory: OASIS Standard, WS-Trust 1.4, incorporating Approved Errata 01, 25 April 2012. Web Services Federation Language (WS-Federation) Version 1.1, December 2006^[a] Web Services Policy 1.5 – Framework, W3C Recommendation, 04 September 2007. WS-Security Policy 1.3, OASIS Standard incorporating Approved Errata 01, 25 April 2012.	Uses WS-Security base mechanisms and defines additional primitives and extensions for security token exchange to enable the issuance and dissemination of credentials within different trust domains. Extends WS-Trust to allow federation of different security realms. Used to describe what aspects of the federation framework are required/supported by federation participants and that this information is used to determine the appropriate communication options.
10:Transforming XML documents into other XML documents	XSL Transformations (XSLT) Version 2.0, W3C Recommendation 23 Jan 2007	Developer best practice for the translation of XML based documents into other formats or schemas.
12:Exchanging structured information in a decentralized, distributed environment via web services	Mandatory: Simple Object Access Protocol (SOAP) 1.1, W3C Note, 8 May 2000 WSDL v1.1: Web Services Description Language (WSDL) 1.1, W3C Note, 15 March 2001. Emerging (2014): SOAP Version 1.2 Part 1: Messaging Framework (Second Edition), W3C Recommendation, 27 April 2007. SOAP Version 1.2 Part 2: Adjuncts (Second Edition), W3C Recommendation, 27 April 2007. SOAP Version 1.2 Part 3: One-Way MEP, W3C Working Group Note, 2 July 2007	The preferred method for implementing web-services are SOAP, however, there are many use cases (mash-ups etc.) where a REST based interface is easier to implement and sufficient to meet the IERs.
13:Secure exchange of data objects and documents across multiple security domains	The Draft X-Labels syntax definition is called the "NATO Profile for the XML Confidentiality Label Syntax" and is based on version 1.0 of the RTG-031 proposed XML confidentiality label syntax, see "Sharing of information across communities of interest and across security domains with object level protection" below.
14:Topic based publish / subscribe web services communication	WS-Notification 1.3 including: WS-Base Notification 1.3 WS-Brokered Notification 1.3 WS-Topics 1.3	Enable topic based subscriptions for web service notifications, with extensible filter mechanism and support for message brokers
15:Providing transport-neutral mechanisms to address web services	WS-Addressing 1.0	Provides transport-neutral mechanisms to addressWeb services and messages which is crucial in providing end-to- message level security, reliable messaging or publish / subscribe based web services end.
16:Reliable messaging for web services	Mandatory: OASIS, Web Services Reliable Messaging (WS-Reliable Messaging) Version 1.2, OASIS Standard, February 2009.	Describes a protocol that allows messages to be transferred reliably between nodes implementing this protocol in the presence of software component, system, or network failures.
^[a]This specification is subject to the following copyright: (c) 2001-2006 BEA Systems, Inc., BMC Software, CA, Inc., International Business Machines Corporation, Layer 7 Technologies, Microsoft Corporation, Inc., Novell, Inc. and VeriSign, Inc. All rights reserved.

C.3.2.3. Enterprise Support Services

277. Enterprise Support Services are a set of Community Of Interest (COI) independent services that must be available to all members within a tactESB instance. Enterprise Support Services facilitate other service and data providers on network elements by providing and managing underlying capabilities to facilitate collaboration and information management for end-users.

C.3.2.3.1. Information Management Services

278. Information Management Services provide technical services "...to direct and support the handling of information throughout its life-cycle ensuring it becomes the right information in the right form and of adequate quality to satisfy the demands of an organization." These services support organizations, groups, individuals and other technical services with capabilities to organize, store and retrieve information (in any format, structured or unstructured) through services and managed processes, governed by policies, directives, standards, profiles and guidelines.

Table C.5. Information Management Services and Data Standards

ID:Service/Purpose	Standard	Implementation Guidance
1:Enterprise Search Services: Automated information resource discover, information extraction and interchange of metadata	Mandatory: TIDE Information Discovery (v2.3.0, Oct 2009) TIDE Service Discovery (v.2.3.0 Oct 2009)	This profile requires a subset of metadata with UTF8 character encoding as defined in the NATO Discovery Metadata Specification (NDMS) The technical implementation specifications are part of the TIDE Transformational Baseline v3.0, however, Query-by-Example (QBE), has been deprecated with the TIDE Information Discovery specs v2.3.0 and replaced by SPARQL.
2: Enterprise Search Services: manual information resource discovery, classification marking and file naming conventions	Recommended: AC322-N(2010)0025 – Guidance On File Naming	Character codes for permissible Classification Markings will be specified for each Mission Network in the IM Annex of the OPLAN.

C.3.2.3.2. Geospatial Services

279. Geospatial Services deliver network-based access to quality raster, vector and terrain data, available in varying degrees of format and complexity. Geospatial Services form a distinct class of information services through their unique requirements for collecting, converting, storing, retrieving, processing, analyzing, creating, and displaying geographic data. The generic nature of Geospatial Services - "organizing information by location" - is interdisciplinary and not specific to any Community of Interest (COI) or application.

Table C.6. Geospatial Services and Data Standards

ID:Service/Purpose	Standard	Implementation Guidance
3:Distribution of geospatial data as maps rendered in raster image formats.	Mandatory: OGC 04-024 (ISO 19128:2005), Web Map Service (WMS) v.1.3 Fading (2012): OGC WMS v1.0.0, v1.1.0, and v1.1.1 OGC 05-078r4, OpenGIS Styled Layer Descriptor Profile of the Web Map Service (SLD) v.1.1.0 OGC 07-057r7, OpenGIS Web Map Tile Service Implementation Standard (WMTS) v.1.0.0	WMTS are to be provided as a complimentary service to WMS to ease access to users operating in bandwidth constraint environments. WMTS trades the flexibility of custom map rendering for the scalability possible by serving of static data (base maps) where the bounding box and scales have been constrained to discrete tiles which enables the use of standard network mechanisms for scalability such as distributed cache systems to cache images between the client and the server, reducing latency and bandwidth use.
4:Distribution of geo feature (vector) data between applications	Mandatory: OGC 04-094, Web Feature Service (WFS) v.1.1.
6: Catalogue services support the ability to publish and search collections of descriptive information (metadata) for geospatial data, services, and related information objects.	Mandatory: OGC 07-006r1: Catalogue Service for the Web (CSW) v.2.0.2, SOAP message

C.3.2.4. Information Management Services

280. Information Management Services provide technical services "...to direct and support the handling of information throughout its life-cycle ensuring it becomes the right information in the right form and of adequate quality to satisfy the demands of an organization." These services support organizations, groups, individuals and other technical services with capabilities to organize, store and retrieve information (in any format, structured or unstructured) through services and managed processes, governed by policies, directives, standards, profiles and guidelines.

Table C.7. General Data Format Standards

ID:Purpose	Standard	Implementation Guidance
1:General definition for the Representation of Dates and Times.	Mandatory: ISO 8601:2004 - Data elements and interchange formats - Information interchange - Representation of dates and times	Implementation of the W3C profile of ISO 8601:2004 (W3CDTF profile) is recommended.
2:General definition of letter codes for Geographical Entities	Country Codes (ISO/STANAG)	Whenever possible, the ISO alpha-3 (three-letter codes) as described in the relevant promulgated NATO STANAG should be used.
4:General definition of geospatial coverage areas in discovery metadata	Mandatory:World Geodetic System (WGS) 84, ISO 19115 and ISO 19136 (for point references)	ISO 19139 provides encoding guidance for ISO 19115

C.3.2.5. Geospatial Services

281. Geospatial Services deliver network-based access to quality raster, vector and terrain data, available in varying degrees of format and complexity. Geospatial Services form a distinct class of information services through their unique requirements for collecting, converting, storing, retrieving, processing, analyzing, creating, and displaying geographic data. The generic nature of Geospatial Services - "organizing information by location" - is interdisciplinary and not specific to any Community of Interest (COI) or application.

Table C.8. Geospatial Services and Data Standards

ID:Purpose	Standard	Guidance
1:Distribution of geospatial data as maps rendered in raster image formats.	OGC 04-024 (ISO 19128:2005), Web Map Service (WMS) v.1.3 OGC 05-078r4, OpenGIS Styled Layer Descriptor Profile of the Web Map Service (SLD) v.1.1.0 OGC 07-057r7, OpenGIS Web Map Tile Service Implementation Standard (WMTS) v.1.0.0	WMTS are to be provided as a complimentary service to WMS to ease access to users operating in bandwidth constraint environments. WMTS trades the flexibility of custom map rendering for the scalability possible by serving of static data (base maps) where the bounding box and scales have been constrained to discrete tiles which enables the use of standard network mechanisms for scalability such as distributed cache systems to cache images between the client and the server, reducing latency and bandwidth use.
2:Distribution of geo feature (vector) data between applications	OGC 04-094, Web Feature Service (WFS) v.1.1.
4: Catalogue services support the ability to publish and search collections of descriptive information (metadata) for geospatial data, services, and related information objects.	OGC 07-006r1: Catalogue Service for the Web (CSW) v.2.0.2, SOAP message

ID:Purpose

Standard

Guidance

1:Distribution of geospatial data as maps rendered in raster image formats.

OGC 04-024 (ISO 19128:2005), Web Map Service (WMS) v.1.3

OGC 05-078r4, OpenGIS Styled Layer Descriptor Profile of the Web Map Service (SLD) v.1.1.0

OGC 07-057r7, OpenGIS Web Map Tile Service Implementation Standard (WMTS) v.1.0.0

WMTS are to be provided as a complimentary service to WMS to ease access to users operating in bandwidth constraint environments. WMTS trades the flexibility of custom map rendering for the scalability possible by serving of static data (base maps) where the bounding box and scales have been constrained to discrete tiles which enables the use of standard network mechanisms for scalability such as distributed cache systems to cache images between the client and the server, reducing latency and bandwidth use.

2:Distribution of geo feature (vector) data between applications

OGC 04-094, Web Feature Service (WFS) v.1.1.

4: Catalogue services support the ability to publish and search collections of descriptive information (metadata) for geospatial data, services, and related information objects.

OGC 07-006r1: Catalogue Service for the Web (CSW) v.2.0.2, SOAP message