idnits 2.17.00 (12 Aug 2021) /tmp/idnits57900/draft-eastlake-ecom-fields-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard == It seems as if not all pages are separated by form feeds - found 0 form feeds but 13 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There is 1 instance of too long lines in the document, the longest one being 32 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 14, 1999) is 8370 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'SET' on line 126 looks like a reference -- Missing reference section? 'XML' on line 126 looks like a reference -- Missing reference section? 'ISO 3166' on line 399 looks like a reference -- Missing reference section? 'RFC 2246' on line 462 looks like a reference -- Missing reference section? 'RFC 2411' on line 462 looks like a reference Summary: 7 errors (**), 0 flaws (~~), 3 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET DRAFT D. Eastlake 2 Expires December 13, 1999 IBM 3 T. Goldstein 4 draft-eastlake-ecom-fields-00.txt Transactor 5 June 14, 1999 7 ECML v1: Field Names for E-Commerce 8 ---- --- ----- ----- --- - -------- 10 Status of this Memo 12 This draft is file name draft-eastlake-ecom-fields-00.txt. 13 Distribution of this document is unlimited. Comments should be sent 14 to the author. 16 This document is an Internet-Draft and is in full conformance with 17 all provisions of Section 10 of RFC 2026 except that the right to 18 produce derivative works is not granted. Internet-Drafts are working 19 documents of the Internet Engineering Task Force (IETF), its areas, 20 and its working groups. Note that other groups may also distribute 21 working documents as Internet-Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six 24 months. Internet-Drafts may be updated, replaced, or obsoleted by 25 other documents at any time. It is not appropriate to use Internet- 26 Drafts as reference material or to cite them other than as a 27 ``working draft'' or ``work in progress.'' 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 To view the entire list of current Internet-Drafts, please check the 36 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 37 Directories as listed at . 39 Copyright Notice 41 Copyright (C) The Internet Society (1999). All Rights Reserved. 43 Abstract 45 Customers are frequently required to enter substantial amounts of 46 information at an Internet merchant site in order to complete a 47 purchase or other transaction, especially the first time they go 48 there. A standard set of information fields is defined as the first 49 version of an Electronic Commerce Modeling Language (ECML) so that 50 this task can be more easily automated, for example by wallet 51 software that could fill in fields. Even for the manual data entry 52 case, customers will be less confused by varying merchant sites if a 53 substantial number adopt these standard fields. 55 Acknowledgements 57 The following persons, in alphabetic order, contributed substantially 58 to the material herein: 60 George Burne, Trintech 62 Joe Coco, Microsoft 64 Kevin Weller, Visa 66 Table of Contents 68 Status of this Memo........................................1 69 Copyright Notice...........................................1 70 Abstract...................................................1 72 Acknowledgements...........................................2 73 Table of Contents..........................................2 75 1. Introduction............................................3 76 1.1 Background.............................................3 77 1.2 Relationship to Other Standards........................3 78 1.3 Areas Deferred to Future Versions......................4 79 2. Using The Fields........................................4 80 2.1 Presentation of the Fields.............................5 81 2.2 Methods and Flow of Setting the Fields.................5 82 2.3 HTML Example...........................................6 83 3. Field Definitions.......................................7 84 4. Security Considerations................................10 86 References................................................11 88 Full Copyright Statement..................................12 90 Author's Address..........................................13 91 File name and Expiration..................................13 93 1. Introduction 95 1.1 Background 97 Today, numerous merchants are successfully conducting business on the 98 Internet using HTML-based forms. The data formats used in these forms 99 varies considerably from one merchant to another. End-users find the 100 diversity confusing and the process of manually filling in these 101 forms to be tedious. The result is that many merchant forms, 102 reportedly around two thirds, are abandoned during the fill in 103 process. 105 Software tools called electronic wallets can help this situation. A 106 digital wallet is an application or service that assists consumers in 107 conducting online transactions by allowing them to store billing, 108 shipping, payment, and preference information and to use this 109 information to automatically complete merchant interactions. This 110 greatly simplifies the check-out process and minimizes the need for a 111 consumer to complete a merchant's form every time. Digital wallets 112 that fill forms have been successfully built into browsers, as helper 113 applications to browsers, as stand-alone applications, as browser 114 plug-ins, and as server-based applications. But the proliferation of 115 electronic wallets has been hampered by the lack of standards. 117 ECML (Electronic Commerce Modeling Language, ) Version 118 1 provides a set of simple guidelines for web merchants that will 119 enable electronic wallets from multiple vendors to fill in their web 120 forms. The end-result is that more consumers will find shopping on 121 the web to be easy and compelling. 123 1.2 Relationship to Other Standards 125 ECML Version 1 is not a replacement or alternative to SSL/TLS [RFC 126 2246], SET [SET], XML [XML], or IOTP [draft-ietf-trade-iotp-v1.0- 127 protocol-*.txt]. These are important standards that provide 128 functionality such as non-repudiatable transactions, automatable 129 payment scheme selection, and smart card support. 131 ECML may be used with any payment mechanism. It simply allows a 132 merchant to publish consistent simple web forms. 134 Multiple wallets and multiple merchants plan to interoperably support 135 ECML. This is an open standard. ECML is designed to be simple. 136 Version 1 of the project adds no new technology to the web. A 137 merchant can adopt ECML and gain the support of these multiple 138 Wallets by making very simple changes to the HTML pages that they 139 currently use to support their customers. Use of ECML requires no 140 license. 142 The set of fields documented herein was developed by the 143 Wallet/Merchant Standards Alliance (www.emcl.org) which now includes, 144 in alphabetic order, the following: 146 American Express (www.americanexpress.com> 147 AOL (www.aol.com) 148 Compaq (www.compaq.com) 149 CyberCash (www.cybercash.com) 150 IBM (www.ibm.com) 151 Mastercard (www.mastercard.com) 152 Microsoft (www.microsoft.com) 153 SETCo (www.setco.org) 154 Sun Microsystems (www.sun.com) 155 Transactor (www.transactor.com) 156 Trintech (www.trintech.com> 157 Visa (www.visa.com) 159 The fields are derived from and consistent with the W3C P3P base data 160 schema at 162 . 164 1.3 Areas Deferred to Future Versions 166 Standardization of information fields from the merchant to the 167 consumer, considerations for business purchasing cards, non-card 168 payment mechanisms, wallet activation, privacy related mechanisms, 169 and any sort of "negotiation" were among the areas deferred to 170 consideration in future versions. Hidden or other special fields 171 were minimized. The primary target was North American consumer to 172 merchant electronic commerce. 174 2. Using The Fields 176 To conform to this document, the field names shall be as listed in 177 section 3 below. Note: this does not impose any restriction on the 178 user visible labeling of fields, just on their names as used in 179 communication with the merchant. 181 2.1 Presentation of the Fields 183 There is no necessary implication as to the order or manner of 184 presentation. Some merchant may wish to ask for more information, 185 some less. Some merchant may ask for the information they want in 186 one HTML form on one web page, others may ask for parts of the 187 information at different times on different pages. For example, it 188 is common to ask for "ship to" information earlier, so shipping cost 189 can be computed, before the payment method information. Some 190 merchants may require that all the information they request be 191 provided while other make much information optional. Etc. 193 There is no way with version 1 of ECML to indicate what fields the 194 merchant considers mandatory. From the point of view of customer 195 software, all fields are optional to complete. However, the merchant 196 may give an error or re-present a request for information if some 197 field it requires is not completed, just as it may if a field is 198 completed in a manner it considers erroneous. 200 2.2 Methods and Flow of Setting the Fields 202 There are a variety of methods of communication possible between the 203 customer and the merchant by which the merchant can indicate what 204 fields they want that the consumer can provide. Probably the easiest 205 to use for currently deployed software is as fields in an HTML [RFC 206 1866] form. Other possibilities are to use the W3C P3P protocol or 207 the IOTP Authenticate transaction [draft-ietf-trade-iotp-v1.0- 208 protocol-*.txt]. 210 User action or the appearance of the Ecom_SchemaVersion field are 211 examples of triggers that could be used to initiate a facility 212 capable of filling in fields. It is required that the 213 Ecom_SchemaVersion field, which is usually a hidden field, be 214 included on every web page that has any "Ecom_" fields. 216 Because web pages can load very slowly, it may not be clear to an 217 automated field fill-in function when it is finished filling in 218 fields on a web page. For this reason, it is recommended that the 219 Ecom_SchemaVersion field be the last "Ecom_" field on a web page. 221 Merchant requests for information can extend over several web pages. 222 Without further provision, a facility could either require re- 223 starting on each page or possibly violate or appear to violate 224 privacy by continuing to fill in fields for pages beyond with end of 225 the transaction with a particular merchant. For this reason the 226 Ecom_TransactionComplete field, which is normally hidden, is 227 provided. It is recommended that it appear on the last web page 228 involved in a transaction, just before an Ecom_SchemaVersion field, 229 so that multi-web-page automated field fill in logic could know when 230 to stop if it chooses to check for this. 232 2.3 HTML Example 234 An example in HTML might be as follows: 236 237 238 eCom Fields Example 239 240 241
242 Please enter card information: 243

Your name on the card 244 245
The card number 246 247
Expiration date (MM YY) 248 249 250 251 253
254 255

256 257 259 After all of the pages are submitted, the merchant will reply with a 260 confirmation page informing both the user and the wallet that the 261 transaction is complete. 263 264 265 eCom Transaction Complete Example 266 267 268
269 Thank you for your order. It will be shipped in several days. 270 271 273
274 275 277 3. Field Definitions 279 The fields are listed below along with the minimum data entry size to 280 allow. Note that these fields are hierarchically organized as 281 indicated by the embedded underscore ("_") characters. Appropriate 282 consumer to merchant transmission mechanisms may use this to request 283 and send aggregates, such as Ecom_Payment_Card_ExpDate to encompass 284 all the date components or Ecom_ShipTo to encompass all the ship to 285 components that the consumer is willing to provide. The marshalling 286 and unmarshalling of the components of such aggregates depends on the 287 data transfer protocol used. 289 IMPORTANT NOTE: "MIN" in the table below is the MINIMUM DATA SIZE TO 290 ALLOW FOR ON DATA ENTRY. It is NOT the minimum size for valid 291 contents of the field and merchant software should, in most 292 cases, be prepared to receive a longer or shorter value. 293 Merchant dealing with areas where, for example, the 294 state/province name or phone number is longer than the "Min" 295 given below must obviously permit longer data entry. In some 296 cases, however, there is a maximum size that makes sense and 297 where this is the case, it is documented in a Note for the 298 field. 300 FIELD NAME Min Notes 302 ship to title Ecom_ShipTo_Postal_Name_Prefix 4 ( 1) 303 ship to first name Ecom_ShipTo_Postal_Name_First 15 304 ship to middle name Ecom_ShipTo_Postal_Name_Middle 15 ( 2) 305 ship to last name Ecom_ShipTo_Postal_Name_Last 15 306 ship to name suffix Ecom_ShipTo_Postal_Name_Suffix 4 ( 3) 307 ship to street line1 Ecom_ShipTo_Postal_Street_Line1 20 ( 4) 308 ship to street line2 Ecom_ShipTo_Postal_Street_Line2 20 ( 4) 309 ship to street line3 Ecom_ShipTo_Postal_Street_Line3 20 ( 4) 310 ship to city Ecom_ShipTo_Postal_City 22 311 ship to state/province Ecom_ShipTo_Postal_StateProv 2 ( 5) 312 ship to zip/postal code Ecom_ShipTo_Postal_PostalCode 14 ( 6) 313 ship to country Ecom_ShipTo_Postal_CountryCode 2 ( 7) 314 ship to phone Ecom_ShipTo_Telecom_Phone_Number 10 ( 8) 315 ship to email Ecom_ShipTo_Online_Email 40 ( 9) 317 bill to title Ecom_BillTo_Postal_Name_Prefix 4 ( 1) 318 bill to first name Ecom_BillTo_Postal_Name_First 15 319 bill to middle name Ecom_BillTo_Postal_Name_Middle 15 ( 2) 320 bill to last name Ecom_BillTo_Postal_Name_Last 15 321 bill to name suffix Ecom_BillTo_Postal_Name_Suffix 4 ( 3) 322 bill to street line1 Ecom_BillTo_Postal_Street_Line1 20 ( 4) 323 bill to street line2 Ecom_BillTo_Postal_Street_Line2 20 ( 4) 324 bill to street line3 Ecom_BillTo_Postal_Street_Line3 20 ( 4) 325 bill to city Ecom_BillTo_Postal_City 22 326 bill to state/province Ecom_BillTo_Postal_StateProv 2 ( 5) 327 bill to zip/postal code Ecom_BillTo_Postal_PostalCode 14 ( 6) 328 bill to country Ecom_BillTo_Postal_CountryCode 2 ( 7) 329 bill to phone Ecom_BillTo_Telecom_Phone_Number 10 ( 8) 330 bill to email Ecom_BillTo_Online_Email 40 ( 9) 332 receiptTo title Ecom_ReceiptTo_Postal_Name_Prefix 4 ( 1) 333 receiptTo first name Ecom_ReceiptTo_Postal_Name_First 15 334 receiptTo middle name Ecom_ReceiptTo_Postal_Name_Middle 15 ( 2) 335 receiptTo last name Ecom_ReceiptTo_Postal_Name_Last 15 336 receiptTo name suffix Ecom_ReceiptTo_Postal_Name_Suffix 4 ( 3) 337 receiptTo street line1 Ecom_ReceiptTo_Postal_Street_Line1 20 ( 4) 338 receiptTo street line2 Ecom_ReceiptTo_Postal_Street_Line2 20 ( 4) 339 receiptTo street line3 Ecom_ReceiptTo_Postal_Street_Line3 20 ( 4) 340 receiptTo city Ecom_ReceiptTo_Postal_City 22 341 receiptTo state/province Ecom_ReceiptTo_Postal_StateProv 2 ( 5) 342 receiptTo postal code Ecom_ReceiptTo_Postal_PostalCode 14 ( 6) 343 receiptTo country Ecom_ReceiptTo_Postal_CountryCode 2 ( 7) 344 receiptTo phone Ecom_ReceiptTo_Telecom_Phone_Number 10 ( 8) 345 receiptTo email Ecom_ReceiptTo_Online_Email 40 ( 9) 347 name on card Ecom_Payment_Card_Name 30 (10) 349 card type Ecom_Payment_Card_Type 4 (11) 350 card number Ecom_Payment_Card_Number 19 (12) 351 card verification value Ecom_Payment_Card_Verification 4 (13) 353 card expire date day Ecom_Payment_Card_ExpDate_Day 2 (14) 354 card expire date month Ecom_Payment_Card_ExpDate_Month 2 (15) 355 card expire date year Ecom_Payment_Card_ExpDate_Year 4 (16) 357 card protocols Ecom_Payment_Card_Protocols 20 (17) 359 consumer order ID Ecom_ConsumerOrderID 20 (18) 361 schema version Ecom_SchemaVersion 30 (19) 363 end transaction flag Ecom_TransactionComplete - (20) 365 FIELD NAME Min Notes 367 IMPORTANT NOTE: "MIN" in the table above is the MINIMUM DATA SIZE TO 368 ALLOW FOR ON DATA ENTRY. It is NOT the minimum size for valid 369 contents of the field and merchant software should, in most 370 cases, be prepared to receive a longer or shorter value. 371 Merchant dealing with areas where, for example, the 372 state/province name or phone number is longer than the "Min" 373 given below must obviously permit longer data entry. In some 374 cases, however, there is a maximum size that makes sense and 375 this is documented in a Note for the field. 377 FOOT NOTES 379 ( 1) For example: Mr., Mrs., Ms., Dr. This field is commonly not 380 used. 382 ( 2) May also be used for middle initial 384 ( 3) For example: Ph.D., Jr. (Junior), 3rd, Esq. (Esquire). This 385 field is commonly not used. 387 ( 4) Address lines must be filled in the order line1, then line2, 388 last line3. 390 ( 5) 2 characters are the minimum for the US and Canada, other 391 countries may require longer fields. For the US use 2 character US 392 Postal state abbreviation. 394 ( 6) Minimum field lengths for Postal Code will vary based on 395 international market served. Use 5 character or 5+4 ZIP for the US 396 and 6 character postal code for Canada. The size given, 14, is 397 believed to be the maximum required anywhere in the world. 399 ( 7) Use [ISO 3166] standard two letter codes 400 for 401 country names. 403 ( 8) 10 digits are the minimum for numbers local to the North 404 American Numbering Plan (: US, Canada and a 405 number of smaller Caribbean and Pacific nations (but not Cuba)), 406 other countries may require longer fields. Telephone numbers are 407 complicated by differing international access codes, variant 408 punctuation of area/city codes within countries, confusion caused by 409 the fact that the international access code in the NANP region is 410 usually the same as the "country code" for that area (1), etc. It 411 will probably be necessary to use heuristics or human examination 412 based on the telephone number and addresses given to figure out how 413 to actually call a customer. It is recommend that an "x" be placed 414 before extension numbers. 416 ( 9) For example: jsmith@isp.com 418 (10) The name of the cardholder. 420 (11) Use the first 4 letters of the association name: American 421 Express=AMER; Diners Club=DINE; Discover=DISC; JCB=JCB; 422 Mastercard=MAST; Visa=VISA. 424 (12) Includes the check digit at end but no spaces or hyphens [ISO 425 7812]. The Min given, 19, is the longest number permitted under the 426 standard. 428 (13) An additional cardholder verification number printed on the card 429 (but not embossed or recorded on the magnetic stripe) such as 430 American Express' CIV, MasterCard's CVC2, and Visa's CVV2 values. 432 (14) The day of the month. Values: 1-31 434 (15) The month of the year. Jan - 1, Feb - 2, March - 3, etc.; 435 Values: 1-12 437 (16) The value in the wallet cell is always four digits, e.g., 1999, 438 2000, 2001, ... 440 (17) A space separated list of protocols available in connection with 441 the specified card. Initial list of case insensitive tokens: none, 442 set, & setcert. "Set" indicates usable with SET protocol (i.e., is 443 in a SET wallet) but does not have a SET certificate. "Setcert" 444 indicates same but does have a set certificate. "None" indicates 445 that automatic field fill is operating but there is no SET wallet or 446 the card is not entered in any SET wallet. 448 (18) A unique order ID generated by the consumer software. 450 (19) URI indicating version of this set of fields. Usually a hidden 451 field. Equal to "http://www.ecml.org/version/1.0" for this version. 453 (20) A flag to indicate that this web-page/aggregate is the final one 454 for this transaction. Usually a hidden field. 456 4. Security Considerations 458 The information called for by many of these fields is sensitive and 459 should be protected if being sent over the public Internet or through 460 other channels where it can be observed. Mechanisms for such 461 protection are not specified herein but channel encryption such as 462 SSL/TLS [RFC 2246] or IPSec [RFC 2411] would be appropriate in many 463 cases. 465 User control over release of such information is needed to protect 466 the user's privacy. 468 Any multi-web-page or other multi-aggregate field fill in or data 469 provision mechanism should check for the Ecom_TransactionComplete 470 field and cease automated fill when it is encountered until fill is 471 further authorized. 473 References 475 ISO 3166 - Codes for the representation of names of countries, 476 478 ISO 7812 - Identification card - Identification of issuers - Part 1: 479 Numbering system 481 RFC 1866 - "Hypertext Markup Language - 2.0", T. Berners-Lee & D. 482 Connolly. November 1995. 484 RFC 2026 - "The Internet Standards Process -- Revision 3", S. 485 Bradner, October 1996. 487 RFC 2246 - "The TLS Protocol: Version 1.0", T. Dierks, C. Allen. 488 January 1999. 490 RFC 2411 - "IP Security: Document Roadmap", R. Thayer, N. Doraswany, 491 R. Glenn. November 1998. 493 IOTP [draft-ietf-trade-iotp-v1.0-protocol-*.txt] - Internet Open 494 Trading Protocol, D. Burdett 496 SET - Secure Electronic Transaction, 497 499 XML - Extensible Markup Language (XML) 1.0, 500 , T. Bray, J. Paoli, C. 501 M. Sperberg-McQueen 503 Full Copyright Statement 505 Copyright (C) The Internet Society (1999). All Rights Reserved. 507 This document and translations of it may be copied and furnished to 508 others, and derivative works that comment on or otherwise explain it 509 or assist in its implementation may be prepared, copied, published 510 and distributed, in whole or in part, without restriction of any 511 kind, provided that the above copyright notice and this paragraph are 512 included on all such copies and derivative works. However, this 513 document itself may not be modified in any way, such as by removing 514 the copyright notice or references to the Internet Society or other 515 Internet organizations, except as needed for the purpose of 516 developing Internet standards in which case the procedures for 517 copyrights defined in the Internet Standards process must be 518 followed, or as required to translate it into languages other than 519 English. 521 The limited permissions granted above are perpetual and will not be 522 revoked by the Internet Society or its successors or assigns. 524 This document and the information contained herein is provided on an 525 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 526 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 527 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 528 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 529 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 531 Author's Address 533 Donald E. Eastlake, 3rd 534 IBM, J1-N63 535 17 Skyline Drive 536 Hawthorne, NY 10532 USA 538 tel: +1-914-784-7913 539 fax: +1-914-784-3833 540 email: dee3@us.ibm.com 542 Ted Goldstein 543 Transactor Networks, Inc. 544 221 Main Street, Suite 1530 545 San Francisco, CA 94105 USA 547 tel: +1 415-495-3100 x222 548 fax: +1 415-495-3177 549 email: tedg@transactor.net 551 File name and Expiration 553 This file is draft-eastlake-ecom-fields-00.txt. 555 It expires December 13, 1999.