D.3. Core Enterprise Services

90. Definition: Core Enterprise Services (CES) provide generic, domain independent, technical functionality that enables or facilitates the operation and use of Information Technology (IT) resources.

91. CES will be broken up further into:

  • Infrastructure Services (incl. Information Assurance (IA) services)

  • Service Oriented Architecture (SOA) Platform Services

  • Enterprise Support Services

D.3.1. Infrastructure Services

92. Definition: Infrastructure Services provide software resources required to host services in a distributed and federated environment. They include computing, storage and high-level networking capabilities that can be used as the foundation for data centre or cloud computing implementations.

D.3.1.1. Standards

93. To provide federated services the standards listed in Table Table D.6 should be adhered to.

Table D.6. Infrastructure Services Standards
ID: Service/Purpose Standards Implementation Guidance
1: Distributed Time Services: Time synchronization

  • Mandatory: IETF RFC 5905: June 2010, Network Time Protocol version 4 (NTPv4).

  • Fading: IETF RFC 1305: March 1992, NTPv3.

To aid rapid post event reconstruction, ALL networked equipment will be set to process time as Coordinated Universal Time (UTC). i.e. ZULU Time Zone should apply to the whole Mission Network [AMN TPT CES Sept 2011].

All new capabilities shall use NTPv4. Some legacy systems may still need to use NTPv3.

TCN connecting to the AMN Core must use the time service of the AMN Core.

A stratum-1 time server is directly linked (not over a network path) to a reliable source of UTC time (Universal Time Coordinate) such as GPS, WWV, or CDMA transmissions through a modem connection, satellite, or radio.

Stratum-1 devices must implement IPv4 and IPv6 so that they can be used as timeservers for IPv4 and IPv6 Mission Network Elements

The W32Time service on all Windows Domain Controllers is to synchronize time through the Domain hierarchy (NT5DS type).

Databases are to implement TIMESTAMP as specified in point 4 below

2: Domain Name Services: Naming and Addressing
  • Mandatory: IETF STD 13: 1987 /, IETF RFC 1034: 1987, Domain Names – Concepts and Facilities.

  • Mandatory: IETF RFC 1035: 1987, Domain Names – Implementation and specification.

  • Mandatory: IETF RFC 1032: 1987, Domain Administrators Guide.

 
3: Identification and addressing of objects on the network.
  • Mandatory: IETF RFC 1738: 1994, Uniform Resource Locators (URL).

  • Mandatory: IETF RFC 3986: 2005, Uniform Resource Identifiers (URI), Generic Syntax., January 2005 (updates IETF RFC 1738)

Namespaces within XML documents shall use unique URLs or URIs for the namespace designation.

4: Infrastructure Storage Services: storing and accessing information about the time of events and transactions
  • Mandatory: ISO/IEC 9075(Parts 1 to 14):2011, Information technology - Database languages – SQL

Databases shall stores date and time values everything in TIMESTAMP WITH TIME ZONE or TIMESTAMPTZ

As the AMN user community spans several time zones, applications will increasingly need to conduct transactions across different time zones. Timestamps are essential for auditing purposes. It is important that the integrity of timestamps is maintained across all Mission Network Elements. From Oracle 9i, PostgreSQL 7.3 and MS SQL Server 2008 onwards, the time zone can be stored with the time directly by using the TIMESTAMP WITH TIME ZONE (Oracle, PostgreSQL) or datetimeoffset (MS-SQL) data types.

On the AMN, human interfaces may convert the time for display to the user as (e.g.) D30 (i.e. Local) as required. See also Table D.15 for details on representing time within applications

5: Infrastructure IA Services: Facilitate the access and authorization between users and services.

Directory access and management service

  • Mandatory: IETF RFC 4510: 2006, version 3 of the Lightweight Directory Access Protocol (LDAPv3), (LDAP) Technical Specification Road Map (LDAPv3).

  • Mandatory: IETF RFC 4511-4519:2006, RFC 4510 and associated LDAP Technical Specification. (RFC 4511-4519)

  • Mandatory: IETF RFC 2849: 2000, The LDAP Interchange Format 9 (LDIF)., RFC 2849

There are three options available to a Troop Contributing Nation (TCN) when joining their national network extension to the AMN:

1. Join the ISAF SECRET AD forest on AMN Core

2. Join the AD forest of an existing AMN TCN

3. Create own AD forest for the new AMN TCN

(Option 1 and 2 should be considered by the prospective Joining TCN before Option 3).

Whilst LDAP is a vendor independent standard, in practice Microsoft Active Directory (AD) is a common product providing directory services on national and NATO owned Mission Network elements. It should be noted that AD provides additional services aside from LDAP like functionality.

Note: Active Directory Federation Services (ADFS) will not be used on the AMN. The AMN is one logical network based on mutual trust. In such a trusted environment there is no requirement or use case for single sign on for webservices. In those cases where an outside or untrusted subdomain of a Nationally implemented Network desires access to webservices on the AMN, then those services will be granted using "local accounts created on the parent (AMN) domain.

6: Infrastructure IA Services: Digital Certificate Services
  • Mandatory: ITU-T X.509 (11/2008), Information technology - Open systems interconnection - The Directory: Public-key and attribute certificate frameworks

    • the version of the encoded public-key certificate shall be v3.

    • the version of the encoded certificate revocation list (CRL) shall be v2.

  • Mandatory: NATO Public Key Infrastructure (NPKI) Certificate Policy (CertP) Rev2, AC/322D(2004)0024 REV2

Note: on the AMN, PKI is only used for authentication (encryption of login). It is not used for the encryption of the entire session[a].
7: Infrastructure IA Services: Authentication Services
  • Mandatory: IETF RFC 1510:1993, The Kerberos Network Authentication Service (V5).

 
8: Infrastructure Processing (Operating System) Services

Operating Systems used on the AMN must be accredited by the respective Security Accreditation Authority.

As a minimum the Operating Systems should support the specifications for the above (Infrastructure IA Services).

Clients on the AMN Core and Option 1 TCN National Network Extensions are strongly advised to use Windows 7 Enterprise due to the mid-2014 End of Support provision by Microsoft for Windows XP.

Win 7 Enterprise was selected due to the inclusion of AppLocker (remote enforcement of application control policies) and integration with Sharepoint 2010 and MS Office Professional Plus 2010.

Windows 2008 R2 Standard Full Edition 64 bit is strongly advised for all Domain Controllers. Note Service Pack SP1 should be installed

[a] If PKI was used for the encryption of the entire session then this would create a flurry of un-monitorable traffic across the AMN. This would then lead to Certificate Proxy Services in order to once again see the traffic, and this would lead to a significant slow-down in information flow – which would have impacts in an operation that requires real time information flows.


D.3.2. SOA Platform Services

94. Definition: SOA Platform Services provide a foundation to implement web-based services in a loosely coupled environment, where flexible and agile service orchestration is a requirement. They offer generic building blocks for SOA implementation (e.g. discovery, message busses, orchestration, information abstraction and access, etc.) and can be used as a capability integration platform in a heterogeneous service-provisioning ecosystem.

D.3.2.1. Standards

95. To provide federated services the standards listed in Table D.7 should be adhered to.

Table D.7. Service Oriented Architecture (SOA) platform services and data standards
ID: Service/Purpose Standards Implementation Guidance
1: Web Platform Services
  • Mandatory: IETF RFC 2616: 1999, Hypertext Transfer Protocol HTTP/ 1.1.

  • Mandatory: IETF RFC 2817: 2000, Upgrading to TLS within HTTP/ 1.1.

  • Mandatory: IETF RFC 3986: 2005, Uniform Resource Identifier (URI): Generic Syntax.

HTTP shall be used as the transport protocol for information without 'need-to-know' caveats between all service providers and consumers (unsecured HTTP traffic).

HTTPS shall be used as the transport protocol between all service providers and consumers to ensure Confidentiality requirements (secured HTTP traffic).

Unsecured and secured HTTP traffic shall share the same port.

2: Publishing information including text, multimedia, hyperlink features, scripting languages and style sheets on the network
  • Mandatory: HyperText Markup Language (HTML) 4.01 (strict)

    • ISO/IEC 15445:2000, Information technology -- Document description and processing languages -- HyperText Markup Language (HTML).

    • IETF RFC2854:2000, The 'text/html' Media Type.

  • Emerging (2014): HyperText Markup Language, Version 5 (HTML 5), W3C Candidate Recommendation, Aug 2013

 
3: Providing a common style sheet language for describing presentation semantics (that is, the look and formatting) of documents written in mark-up languages like HTML.
  • Mandatory: Cascading Style Sheets (CSS), Level 2 revision 1 (CSS 2.1), W3C Recommendation, September 2009.

  • Emerging (2014): Cascading Style Sheets (CSS) Level 3:

    • Cascading Style Sheets (CSS), Level 2 revision 1 (including errata) (CSS 2.1), W3C Recommendation, June 2011.

    • CSS Style Attributes, W3C Candidate Recommendation, 12 October 2010

    • Media Queries, W3C Recommendation, 19 June 2012.

    • CSS Namespaces Module, W3C Recommendation, 29 September 2011.

    • Selectors Level 3, W3C Recommendation, 29 September 2011.

    • CSS Color Module Level 3, W3C Recommendation, 07 June 2011.

 
4: General formatting of information for sharing or exchange.
  • Mandatory: Extensible Markup Language (XML) 1.0 (Fifth Edition), W3C Recommendation, 26 November 2008.

  • Mandatory: XML Schema Part 1: Structures Second Edition, W3C Recommendation, 28 October 2004.

  • Mandatory: XML Schema Part 2: Datatypes Second Edition, W3C Recommendation, 28 October 2004.

XML shall be used for data exchange to satisfy those IERs on the AMN that are not addressed by a specific information exchange standard. XML Schemas and namespaces are required for all XML documents.
5: Providing web content or web feeds for syndication to web sites as well as directly to user agents.
  • Mandatory: (Really Simple Syndication) RSS 2.0 Specification Version 2.0.11, 30 March 2009.

  • Emerging: IETF RFC 4287: 2005, The Atom Syndication Format. (Atom 1.0).

  • Emerging: IETF RFC 5023: 2007, The Atom Publishing Protocol.

 
6: Encoding of location as part of web feeds
  • Mandatory: GeoRSS Simple encoding: Geographically Encoded Objects for RSS feeds: GeoRSS Simple encoding for <georss:point>, <georss:line>, <georss:polygon>, <georss:box>.

  • Recommended: GeoRSS GML Profile 1.0 a GML subset for <gml:Point>, <gml:LineString>, <gml:Polygon>, <gml:Envelope> of

  • Recommended: Where GeoRSS Simple is not appropriate the OGC GeoRSS 03-105r1: 2004-02-07, OpenGIS Geography Markup Language (GML) Implementation Specification version 3.1.1.

GML allows you to specify a coordinate reference system (CRS) other than WGS84 decimal degrees (think lat/long). If there is a need to express geography in a CRS other than WGS84, it is recommended to specify the geographic object multiple times, one in WGS84 and the others in your other desired CRSes.

Please also see Table D.10 Regarding Coordinate Reference Systems

Schema location for GeoRSS GML Profile 1.0: http://geo rss.org /xml/1.0/gmlgeorss.xsd

7: Message Security for web services
  • Mandatory: WS-Security: SOAP Message Security 1.1.

  • Mandatory: XML Encryption Syntax and Processing, W3C Recommendation, 10 December2002.

  • Mandatory: XML Signature Syntax and Processing (Second Edition), W3C Recommendation, 10 June 2008.

  • Mandatory: OASIS WS-I Basic Security Profile Version 1.1, 24 January 2010.

Specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as SAML, Kerberos, and X.509v3. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security.

Specifies a process for encrypting data and representing the result in XML. Referenced by WS-Security specification.

Specifies XML digital signature processing rules and syntax. Referenced by WS-Security specification

8: Security token format
  • Mandatory: OASIS Standard, Security Assertion Markup Language (SAML) 2.0), March 2005.

  • Mandatory: OASIS Standard, Web Services Security: SAML Token Profile 1.1 incorporating approved errata 1, Nov 2006.

Provides XML-based syntax to describe uses security tokens containing assertions to pass information about a principal (usually an end-user) between an identity provider and a web service.

Describes how to use SAML security tokens with WS-Security specification.

9: Security token issuing
  • Mandatory: OASIS Standard, WS-Trust 1.4, incorporating Approved Errata 01, 25 April 2012.

  • Mandatory: Web Services Federation Language (WS-Federation) Version 1.1, December 2006.[a]

  • Mandatory: Web Services Policy 1.5 – Framework, W3C Recommendation, 04 September 2007.

  • Mandatory: WS-Security Policy 1.3, OASIS Standard incorporating Approved Errata 01, 25 April 2012.WS-Trust 1.4

Uses WS-Security base mechanisms and defines additional primitives and extensions for security token exchange to enable the issuance and dissemination of credentials within different trust domains.

Extends WS-Trust to allow federation of different security realms.

Used to describe what aspects of the federation framework are required/supported by federation participants and that this information is used to determine the appropriate communication options.

10: Transforming XML documents into other XML documents
  • Mandatory: XSL Transformations (XSLT) Version 2.0, W3C Recommendation, 23 January 2007.

  • Note that XSLT 2.0 is a revised version of the XSLT 1.0 Recommendation published on 16 November 1999

Developer best practice for the translation of XML based documents into other formats or schemas.

11: Configuration management of structured data standards, service descriptions and other structured metadata.
  • Mandatory: ebXML v3.0: Electronic business XML Version 3.0,

  • Mandatory: Registry Information Model (ebRIM), OASIS Standard, 2 May 2005,

  • Mandatory: Registry Services and Protocols (ebRS)

  • Mandatory: OASIS Standard, Universal Description, Discovery, and Integration Specification (UDDI v2.0).

  • Emerging: OASIS Standard, Universal Description, Discovery, and Integration Specification (UDDI v3.0).

Used as foundation for setup, maintenance and interaction with a (AMN) Metadata Registry and Repository for sharing and configuration management of XML metadata. Also enables federation among metadata registries/ repositories.

12: Exchanging structured information in a decentralized, distributed environment via web services
  • Mandatory: W3C SOAP 1.1, Simple Object Access Protocol v1.1 (SOAP) 1.1, W3C Note, 8 May 2000

  • Mandatory: WSDL v1.1: Web Services Description Language (WSDL) 1.1, W3C Note, 15 March 2001.

  • Conditional: Representational State Transfer (REST) in accordance with:

    • University of California, Roy Thomas Fielding, Architectural Styles and the Design of Network-based Software Architectures: 2000, Irvine, CA.

  • Emerging (2014): SOAP Version 1.2 Part 1: Messaging Framework (Second Edition), W3C Recommendation, 27 April 2007.

  • Emerging (2014): SOAP Version 1.2 Part 2: Adjuncts (Second Edition), W3C Recommendation, 27 April 2007.

  • Emerging (2014): SOAP Version 1.2 Part 3: One-Way MEP, W3C Working Group Note, 2 July 2007

The preferred method for implementing web-services are SOAP, however, there are many use cases (mash-ups etc.) where a REST based interface is easier to implement and sufficient to meet the IERs.

Restful services support HTTP caching, if the data the Web service returns is not altered frequently and not dynamic in nature. REST is particularly useful for restricted-profile devices such as mobile phones and tablets for which the overhead of additional parameters like headers and other SOAP elements are less.

13: Secure exchange of data objects and documents across multiple security domains The Draft X-Labels syntax definition is called the "NATO Profile for the XML “Confidentiality Label Syntax" and is based on version 1.0 of the RTG-031 proposed XML confidentiality label syntax, see "Sharing of information across communities of interest and across security domains with object level protection" below.  
14: Topic based publish / subscribe web services communication
  • Mandatory: OASIS, Web Services Brokered Notification 1.3 (WS-BrokeredNotification), OASIS Standard, 1 October 2006

  • Mandatory: OASIS, Web Services Base Notification 1.3 (WS-BaseNotification), OASIS Standard, 1 October 2006

  • Mandatory: OASIS, Web Services Topics 1.3 (WS-Topics), OASIS Standard, 1 October 2006

Enable topic based subscriptions for web service notifications, with extensible filter mechanism and support for message brokers.

15: Providing transport-neutral mechanisms to address web services
  • Mandatory: Web Services Addressing 1.0 – Core, W3C Recommendation, 9 May 2006

Provides transport-neutral mechanisms to address Web services and messages which is crucial in providing end-to- message level security, reliable messaging or publish / subscribe based web services end.

16: Reliable messaging for web services
  • Mandatory: OASIS Standard, Web Services Reliable Messaging (WS-Reliable Messaging) Version 1.2, February 2009.

Describes a protocol that allows messages to be transferred reliably between nodes implementing this protocol in the presence of software component, system, or network failures.

[a] This specification is subject to the following copyright: (c) 2001-2006 BEA Systems, Inc., BMC Software, CA, Inc., International Business Machines Corporation, Layer 7 Technologies, Microsoft Corporation, Inc., Novell, Inc. and VeriSign, Inc. All rights reserve.


D.3.3. Enterprise Support Services

96. Definition: Enterprise Support Services are a set of Community Of Interest (COI) independent services that must be available to all members within the AMN. Enterprise Support Services facilitate other service and data providers on the federated networks by providing and managing underlying capabilities to facilitate collaboration and information management for end-users.

97. For the purposes of this Volume, Enterprise Support Services will be broken up further into:

  • Unified Communication and Collaboration Services

  • Information Management Services

  • Geospatial Services

D.3.3.1. Unified Communication and Collaboration Services

98. Definition: Unified Communication and Collaboration Services provide users with a range of interoperable collaboration capabilities, based on standards that fulfill operational requirements. They will enable real-time situational updates to time-critical planning activities between coalition partners, communities of interest (e.g. the Intel community or the Logistics community), and other agencies. Levels of collaboration include awareness, shared information, coordination and joint product development.

99. Different use cases require different levels of protection of these communication and collaboration services. For voice or audio-based collaboration services, the AMN profile can provide interoperability standards for two different scenarios:

  • A. Voice over Secure IP (VoSIP) network services

  • B. Network agnostic Secure Voice Services (such as 3G, IP/4G, ISDN)

100. On AMN, VoSIP is mandatory. If however network agnostic Secure Voice services are required in addition to VoSIP[2], then Secure Communications Interoperability Protocol (SCIP) specifications as defined for audio-based collaboration services (end-to-end protected voice) over any network should be used[3]. [Note this has been included due to the emerging requirements regarding Operation Resolute Support (i.e. from Jan 2015, post ISAF)]

101. For text-based collaboration there is also a basic profile sufficient for operating this service with reduced protection requirements as well as an enhanced XMPP profile that includes additional security mechanisms.

D.3.3.1.1. Standards

102. To provide federated services the standards listed in Table D.8 should be adhered to.

Table D.8. Unified Communication and Collaboration Services and Data Standards
ID: Service/Purpose Standards Implementation Guidance
1: Video-based Collaboration Services (VTC)
  • Mandatory (VTCoIP Signalling): ITU-T H.323 v7 (12/2009) Packet-based multimedia communications systems;

  • Mandatory (VTCoIP Audio encoding): ITU-T G.722.1c (2005) Corrigendum 1 (06/2008) Low-complexity coding at 24 and 32 kbit/s for hands-free operation in systems with low frame loss;

  • Mandatory (VTCoIP Video encoding): ITU-T H.263 (01/2005) Video coding for low bit rate communication

AMN VTC over IP is based on a QoS-Enabled Net- work Infrastructure (QENI) using Diffserve.

The AMN-Wide allowed interconnections are:

A) Peer to Peer,

B) Peer to MCU and

C) Peer to MCU to MCU to Peer

2: Audio-based Collaboration Services
  • Mandatory (VoIP numbering): STANAG 4705 Ed. 1 Ratification Draft, International Network Numbering for Communications Systems in use in NATO.

  • Mandatory (VoIP): IETF RFC 3261: 2002, SIP: Session Initiation Protocol.

  • Mandatory (Subscriber Number): STANAG 5046 Ed.3 (1995) The NATO Military Communications Directory System

  • Mandatory (VoIP Audio data encoding): ITU-T Recommendation G.729 Annex A (11/96), Coding of speech at 8 kbit/s using conjugate-structure algebraic-code-excited linear prediction (CS-ACELP). [a]

VoSIP refers to non-protected voice service running on a classified IP network (as in the case of the AMN).

All numbers (calling and called) passed over the NIP consist of 13 digits irrespective of the networks involved. The 13-digits consist of a 6 digit prefix and a 7-digit subscriber number. A TCN must be prepared to pass these 13 digits over the NIP.

By default the subscriber number should be taken from STANAG 5046

Voice Sampling Interval between Voice packets: 40ms

RTP protocol ports 16384 and/or 16385

See also detailed Interface Control Document for "Voice over Secure IP (VoSIP) Network Service" [THALES ICD 61935771-558 A Jul 2009].

3: Audio-based Collaboration Services (end-to-end protected voice) (Secure Communications Interoperability Protocol. SCIP)
  • Emerging: ITU-T V.150.1 (03/2004), Modem-over-IP networks: Procedures for the end-to-end connection of V-series DCEs, incorporating changes introduced by Corrigendum 1 and 2.

  • Emerging: National Security Agency (NSA), SCIP-210. SCIP signalling plan. 2007.

  • Emerging: NSA, SCIP-214, Interface requirements for SCIP devices to circuit switched networks.

  • Emerging: NSA, SCIP-215, Interface requirements for SCIP devices to IP networks.

  • Emerging: NSA, SCIP-216: Minimum Essential Requirements (MER) for V.150.1 recommendation.

  • Emerging: NSA, SCIP-220: Requirements for SCIP.

  • Emerging: NSA, SCIP-221: SCIP Minimum Implementation Profile (MIP).

  • Emerging: NSA, SCIP-233: NATO interim cryptographic suite (NATO and coalition).

Secure voice services over any network.

V.150.1 support must be end-to-end supported by unclassified voice network

SCIP-214 only applies to gateways

Note that SCIP-216 requires universal implementation.

4: Informal messaging services (e-mail)
  • Mandatory: IETF RFC 2821:2001, Simple Mail Transfer Protocol (SMTP).

  • Mandatory: IETF RFC 1870:1995, SMTP Service Extension for Message Size Declaration.

  • Mandatory: IETF RFC 2822:2001, Simple Internet Messages.

  • Emerging (2016): IETF RFC 5321: 2008, Simple Mail Transfer Protocol which obsoletes: IETF RFC 2821: 2001

  • Emerging (2017): IETF RFC 6477: 2012, Registration of Military Message Handling System (MMHS) Header Fields for Use in Internet Mail

Conditional: messages must be labelled in the message header field “Keywords” (RFC 2822) according to the following convention:

  • [MMM] [CLASSIFICATION], Releasable to [MISSION]

Where:

  • CLASSIFICATION is the classification {SECRET, CONFIDENTIAL, RESTRICTED, UNCLASSIFIED}

  • MMM is the alpha-3 country code e.g. DEU, GBR, as defined in Table 11.ID2 with the exception that NATO will be identified by the four letter acronym “NATO”.

Example:

  • Keywords: ITA UNCLASSIFIED, Releasable to XFOR

5: Content encapsulation within bodies of internet messages Multipurpose Internet Mail Extensions (MIME) specification:
  • Mandatory: IETF RFC 2045:1996, Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies.

  • Mandatory: IETF RFC 2046: 1996, Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types.

  • Mandatory: IETF RFC 2047: 1996, MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text.

  • Mandatory: IETF RFC 2049: 1996, Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples.

  • Mandatory: IETF RFC 4288 : 2005, Media Type Specifications and Registration Procedures.

10 MB max message size limit

Minimum Content-Transfer-Encoding:

  • 7bit

  • base64

  • binary BINARYMIME SMTP extension [IETF RFC 3030]

Minimum set of media and content-types:

  • text/plain [IETF RFC1521]

  • text/enriched [IETF RFC1896]

  • text/html IETF [RFC1866]

  • multipart/mixed [IETF RFC 2046]

  • multipart/signed

6: text-based collaboration services
  • Mandatory: Basic XMPP profile (see ID 6.1 below)

  • Recommended: Enhanced XMPP profile (see ID 6.2)

Near-real time text-based group collaboration capability for time critical reporting and decision making in military operations.

6.1: text-based collaboration services (basic XMPP profile)
  • Mandatory: IETF RFC 6120: 2011, Extensible Messaging and Presence Protocol (XMPP): Core

  • Mandatory: IETF RFC 6121: 2011, Extensible Messaging and Presence Protocol (XMPP) extensions for: Instant Messaging and Presence.

  • Mandatory: The following XMPP Extension Protocols (XEP) defined by the XMPP Standards Foundation shall also be supported:

    • XEP-0004: Data Forms, August 2007.

    • XEP-0030: Service Discovery, February 2007

    • XEP-0045: Multi-User Chat (MUC), July 2008

    • XEP-0049: Private XML Storage, March 2004

    • XEP-0050: Ad Hoc Commands, June 2005

    • XEP-0054: vCard Profiles, March 2003

    • XEP-0065: SOCKS5 Byte streams, April 2011

    • XEP-0092: Software Version, February 2007

    • XEP-0096: SI File Transfer, April 2004.

    • XEP-0114: Jabber Component Protocol, March 2005

    • XEP-0115: Entity Capabilities, February 2008.

    • XEP-0203: Delayed Delivery, September 2009

    • XEP-0220: Server Dialback, December 2007

    • XEP-0288: Bidirectional Server-to-Server Connections, October 2010

  • Fading:

    • XEP-0078: Non-SASL Authentication, October 2008. (for support of older clients)

    • XEP-0091: Legacy Delayed Delivery, May 2009

IETF RFC 6120 supersedes IETF RFC 3920

IETF RFC 6121 XMPP IM supersedes IETF RFC 3921

6.2: text-based collaboration services (enhanced XMPP profile).
  • Recommended: The enhanced profile requires compliance with the basic profile as defined above plus:

    • XEP-0033: Extended Stanza Addressing, September 2004

    • XEP-0079: Advanced Message Processing, November 2005.

    • XEP-0122: Data Forms Validation. September 2005.

    • XEP-0199: XMPP Ping, June 2009.

    • XEP-0249: Direct MUC Invitation, September 2011.

    • XEP-0258: Security Labels in XMPP, March 2009

  • Emerging:

    • XEP-0311(MUC Fast Reconnect, January 2012

Developers are also advised to consult the following IETF RFCs:
  • IETF RFC 6122: 2011, Extensible Messaging and Presence Protocol (XMPP): Address Format

  • IETF RFC 6125: 2011, Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)

  • IETF RFC 3923: 2004, End-to-end signing and object encryption for XMPP

  • IETF RFC 4854: 2007,XMPP URN A uniform Resource Name (URN) Namespace for Extensions to the Extensible Messaging and Presence Protocol (XMPP).

  • IETF RFC 4979: 2007, IANA registration of an Enumservice for XMPP (see IETF RFC 3761: 2004, The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)).

  • IETF RFC 5122: 2008, A Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifier (URI) for the Extensible Messaging and Presence Protocol (XMPP)

[a] The use of G.729 may require a license fee and/ or royalty fee. DiffServ, PHB and DSCP defined by IETF RFC 2474: 1998, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers. Please also see Table D.3 ID 3 (IP Quality of Service).


D.3.3.2. Information Management Services

103. Definition: Information Management Services provide technical services "...to direct and support the handling of information throughout its life-cycle ensuring it becomes the right information in the right form and of adequate quality to satisfy the demands of an organization." These services support organizations, groups, individuals and other technical services with capabilities to organize, store and retrieve information (in any format, structured or unstructured) through services and managed processes, governed by policies, directives, standards, profiles and guidelines.

D.3.3.2.1. Standards

104. To provide federated services the standards listed in Table D.9 should be adhered to. Additionally all information should be labelled with the minimum metadata set by ISAF

Table D.9. Information Management Services and Data Standards
ID: Service/Purpose Standards Implementation Guidance
1: Enterprise Search Services: Automated information resource discover, information extraction and interchange of metadata
  • Mandatory: ISO 15836:2009, Information and documentation - The Dublin Core metadata element set.”

  • Mandatory: TIDE Information Discovery (v2.3.0, Allied Command Transformation Specification, 30 October 2009.)

  • Emerging: TIDE Transformational Baseline 3.0 – Annex C: TIDE Service Discovery (v.2.2.0, Allied Command Transformation Specification) December 2009.

  • Emerging: SPARQL 1.1 Query Language, W3C Recommendation, 21 March 2013.

  • Emerging: OWL 2 Web Ontology Language Document Overview (Second Edition), W3C Recommendation, 11 December 2012.

  • Emerging (2014): OpenSearch 1.1 Draft 5.

ISO 15836:2009 does not define implementation detail.

This profile requires a subset of metadata with UTF8 character encoding as defined in the NATO Discovery Metadata Specification (NDMS) – see

The technical implementation specifications are part of the TIDE Transformational Baseline v3.0, however, Query-by-Example (QBE), has been deprecated with the TIDE Information Discovery specs v2.3.0 and replaced by SPARQL.

The TIDE community is evaluating OpenSearch for potential inclusion into the TIDE Information Discovery specifications. On the AMN CORE a commercial product called FAST ESP is being used to generate search indexes. This product could act as an OpenSearch "slave", but re- quires adaptation to this Open Standard but only using HTTP. For automated information discovery across the AMN all potential information sources must provide this standard search interface in order to allow tools like FAST ESP to discover relevant information.

2: Enterprise Search Services: manual information resource discovery, classification marking and file naming conventions
  • Recommended: AC322-N(2010)0025 – Guidance On File Naming

 
3: Enterprise Support Guard Services: General definition of Security and confidentiality metadata
  • Mandatory: NO-FFI-rapport 00961:2010, XML Confidentiality Label Syntax - a proposal for a NATO specification.

  • Mandatory: NO-FFI-rapport 00962: 2010, Binding of Metadata to Data Objects - a proposal for a NATO specification.

  • Mandatory: NCIA TN-1455-REV1, NATO Profile for the Binding of Metadata to Data Objects, Vers 1.1, December 2012.[a]

  • Mandatory: NCIA TN-1456-REV1, NATO Profile for the XML Confidentiality Label Syntax, Vers 1.1, January 2013.[b]

Services and applications shall implement object level labelling in order to support cross-domain information exchange using common enterprise Support Guard Services (e.g. Cross-Domain Solutions or Information Exchange Gateways)

[a] NC3A TN-1455 is the NATO profile of NO-FFI 00962.

[b] NC3A TN-1456 is the NATO profile of NO-FFI 00961.


D.3.3.3. Geospatial Services

105. Definition: Geospatial Services deliver network-based access to quality raster, vector and terrain data, available in varying degrees of format and complexity. Geospatial Services form a distinct class of information services through their unique requirements for collecting, converting, storing, retrieving, processing, analyzing, creating, and displaying geographic data. The generic nature of Geospatial Services - "organizing information by location" - is interdisciplinary and not specific to any Community of Interest (COI) or application.

D.3.3.3.1. Standards

106. To provide federated services the standards listed in Table D.10 should be adhered to.

Table D.10. Enterprise Support Geospatial Services and Data Standards
ID: Service/Purpose Standards Implementation Guidance
1: Geospatial Coordinate Services: identifying Coordinate Reference Systems (CRS)
  • Fading: “DGIWG Geodetic Codes and Parameters Registry”, https://portal.dgiwg.org/files/?artifact_id=3071 Last updated, Sept 2000

  • Recommended: EPSG registry http://www.epsg-registry.org/ , current version 8.2, dated 29 November 2013

The European Petrol Survey Group maintains the most comprehensive and accurate register of international geodetic codes and parameters for CRS. To identify the CRS for the exchange of geospatial data a standard naming convention and reference repository is required.
2: GeoWeb Service Interface to GIS Servers
  • Recommended: Open Esri GeoServices REST specification Version 1.0, September 2010

There are implementations of the Open Esri GeoServices REST specification from various other vendors. The REST API may be used for an easier to implement and rich interface to the server side GIS capabilities. Functional Services that support this interface may take advantage of this interface.
3: Geo-Analytical Functionality as a Service
  • Emerging (2014): Open Esri GeoServices REST specification Version 1.0, September 2010

  • Emerging (2014): OGC 05-007r7 Web Processing Service 1.0.0

Instead of retrieving all required spatial data in order to analyze it in a fat client, clients are encouraged to invoke the analytical processes where the data resides so that only the analytic result needs to be transmitted from the server to the client.
4: 3D Perspective Viewer as a GeoWeb-Service
  • Recommended: KML network link as part of OGC OGC 07-147r2 KM

Nil
5: Geodetic and geophysical model of the Earth.
  • Mandatory: NIMA Technical Report 8350.2 Third Edition incorporating Amendments 1 and 2: 23 June 2004, Department of Defense World Geodetic System 1984 Its Definition and Relationships with Local Geodetic Systems.

 
6: Electronic format for medium resolution terrain elevation data.
  • Mandatory: MIL-PRF-89020 Rev. B, Performance Specification: Digital Terrain Elevation Data (DTED), 23 May 2000.

Used to support line-of-sight analyzes, terrain profiling, 3D terrain visualization, mission planning/rehearsal, and modelling and simulation.
7: Services to publish geospatial data as maps rendered in raster image formats
  • Mandatory: ISO 19128:2005, Geographic information - Web map server interface (WMS v.1.3.0).

  • Mandatory: OGC 02-070 OpenGIS Styled Layer Descriptor (SLD) Implementation Specification v 1.0

  • Fading (Dec 2012): OGC WMS v1.0.0, v1.1.0, and v1.1.1

  • Emerging: OGC 05-078r4, OpenGIS Styled Layer Descriptor (SLD) Profile of the Web Map Service Implementation Specification v.1.1.0, June 2007.

  • Emerging (2018): OGC 07-057r7, OpenGIS Web Map Tile Service Implementation Standard (WMTS) v.1.0.0, April 2010.

WMTS are to be provided as a complimentary service to WMS to ease access to users operating in bandwidth constraint environments. WMTS trades the flexibility of custom map rendering for the scalability possible by serving of static data (base maps) where the bounding box and scales have been constrained to discrete tiles which enables the use of standard network mechanisms for scalability such as distributed cache systems to cache images between the client and the server, reducing latency and bandwidth use.
8: Services to publish vector-based geospatial feature data to applications
  • Mandatory: OGC 04-094, Web Feature Service (WFS) v.1.1.

  • Mandatory: OGC 04-095, Filter Encoding v.1.1

  • Emerging: OGC 10-100r3 Geography Markup Language (GML) simple features profile (with Corrigendum) v 2.0 including OGC 11-044 Geography Markup Language (GML) simple features profile Technical Note v 2.0

 
9: Electronic interchange of geospatial data as coverage, that is, digital geospatial information representing space varying phenomena
  • Mandatory: OGC 07-067r2, Web Coverage Service (WCS) v.1.1.1.

  • Fading (Dec 2011): v1.0.0 and v1.1.0

  • Emerging (2014): OGC 09-110r4, Web Coverage Service (WCS) v2.0, October 2010.

Web Coverage Service v.1.1.1 is limited to describing and requesting grid (or "simple") coverage.

OGC Web Coverage Service (WCS) Standard Guidance Implementation Specification 1.0

10: File based storage and exchange of digital geospatial mapping (raster) data where services based access is not possible
  • Mandatory: GeoTIFF format specification: GeoTIFF Revision 1, Version 1.8.2, December 2000.[a]

  • Mandatory: OGC 05-047r3: OpenGIS GML in JPEG 2000 for Geographic Imagery (GMLJP2) Encoding Specification 1.0.0, January 2006.

  • Recommended: MIL-PRF-89038, Performance Specification Compressed ARC Digitized Raster Graphics (CADRG). October 1994

  • Recommended: MIL-STD-2411 (NOTICE 3), Department of Defense Interface Standard: Raster Product Format (31 Mar 2004).

This is provided for legacy systems, implementers are encouraged to upgrade their systems to consume OGC Web Services.

In practice, the exchange of large geospatial(raster) data sets between Geo organizations of different TCN’s is conducted in the proprietary[b] Multi-resolution seamless image database format (MrSID Generation 3).

Data in MrSID format could be transformed to GeoTIFF.

11: File based storage and exchange of non-topological geometry and attribute information or digital geospatial feature (vector) data
  • Mandatory: OGC 07-147r2, Keyhole Markup Language (KML) 2.2.0, April 2008.

  • Fading: ESRI White Paper, ESRI Shapefile Technical Description, July 1998.

  • Emerging (2014): File Geodatabase (.gdb directories). (Note: The current version of the gdb file format is defined via the application programming interface File Geodatabase API 1.3, which is used in several GIS implementations including the open source Geospatial Data Abstraction Library (GDAL)).

ESRI Shapefiles are used by legacy systems and as file based interchange format. Implementers are encouraged to upgrade their systems based on OGC Web Services.

File geodatabases store datasets as folders in a file system with each file capable of storing more than 1 TB of information. Each file geodatabase can hold any number of these large, individual datasets. File geodatabases can be used across all platforms and can be compressed. They support the complete geodatabase information model and are faster than using shapefiles for large datasets. Users are rapidly adopting the file geodatabase in place of using shapefiles.

12: Geospatial Coordinate Services: general positioning, coordinate systems, and coordinate transformations
  • Recommended: OGC 01-009, OpenGIS Coordinate Transformation Service Implementation Specification Revision 1.00, January 2001.

 

[a] GeoTIFF 1.8.2 is public domain metadata standard embedding geo-referencing information within a TIFF revision 6.0 file.

[b] Requires LizardTech's (lizardtech.com) decoding software development kit (DSDK). The MrSID file format is a proprietary technology that provides tools for the rapid compression, viewing, and manipulation of geospatial raster and LiDAR data.




[2] The only scenario where this would apply would be in the case that crypto devices cannot be supplied, protected and managed on site and physical access to the AMN is hence not available at that location.

[3] If SCIP is used, then access to the AMN can only be possible if a gateway for SCIP multi-conferencing and interconnection to VoSIP networks is provided. AMN. Additionally to achieve this there would need to be agreement to re-use a Key Management system that is already deployed in ISAF (for example that used for the OMLTs).