INTERNET DRAFT Jon W. Parsons American Express Expires August 2001 February 2001 Electronic Commerce Modeling Language (ECML): Version 2 Specification Status of this Memo This draft is intended to become a Proposed Standard. Distribution of this document is unlimited. Comments should be sent to the author or the IETF TRADE working group . This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) 2001, The Internet Society. All Rights Reserved. Abstract Electronic commerce frequently requires a substantial exchange of information in order to complete a purchase or other transaction, especially the first time the parties communicate. A standard set of hierarchicly organized payment related information fields in an XML syntax are defined as the second version of an Electronic Commerce Modeling Language (ECML) so that this task can be more easily automated, for example by wallet software. J. Parsons [Page 1] INTERNET-DRAFT ECML v2 Specification February 2001 Acknowledgements The following persons, in alphabetic order, contributed substantially to the material herein: Donald Eastlake 3rd David Shepherd Table of Contents Status of this Memo........................................1 Copyright Notice...........................................1 Abstract...................................................1 Acknowledgements...........................................2 Table of Contents..........................................2 1. Introduction............................................3 1.2 Relationship to Other Standards........................3 2. Field Definitions and DTD...............................4 2.1 Field List and Descriptions............................4 2.1.1 Field List...........................................4 2.1.2 Field Foot Notes.....................................7 2.2 ECML v2 XML DTD.......................................10 3. Usage Notes for ECML v2................................13 3.1 Presentation of the Fields............................13 3.2 Methods and Flow of Setting the Fields................14 4. Security and Privacy Considerations....................14 References................................................16 Appendix: Changes from v1.1 to v2.........................17 Full Copyright Statement..................................18 Author's Address..........................................19 File name and Expiration..................................19 J. Parsons [Page 2] INTERNET-DRAFT ECML v2 Specification February 2001 1. Introduction Today, numerous partries are successfully conducting business on the Internet using ad hoc fields and forms. The data formats and structure can vary considerably from one party to another. Where forms are filled out manually, many users find the diversity confusing and the process of manually filling in these forms to be tedious and error prone. Software tools including electronic wallets can help this situation. Such tools can assist in conducting online transactions by storing billing, shipping, payment, preference, and similar information and using this information to automatically complete the data sets required by interactions. For examplte, software that fills out forms has been successfully built into browsers, as proxy servers, as helper applications to browsers, as stand-alone applications, as browser plug-ins, and as server-based applications. But the proliferation of more automated transactions software has been hampered by the lack of standards. ECML (Electronic Commerce Modeling Language) provides a set of hierarchical payment oriented data structures that will enable automated software, including electronic wallets, from multiple vendors to supply neede data in a more uniform manner. Version 2.0 extends Verion 1.0 [RFC 2706] and 1.1 [RFC v1.1] as described in the Appendix to this document. These enhancements include support for additional payment mechanisms and a This is an open standard. ECML is designed to be simple. 1.2 Relationship to Other Standards The ECML fields were initially derived from the W3C P3P base data schema [P3P BASE] by the ECML Alliance [ECML]. Technical development and change control of ECML has now been trasnfered to the IETF. In version 2, ECML is extended by the fields in a W3C P3P Note related to eCommerce [P3P ECOM], by [ISO 8583], and by other sources. Its primary form will be an XML syntax. ECML Version 2.0 is not a replacement or alternative to TLS/SSL [RFC 2246], SET [SET], EMV [EMV], XML [XML], or IOTP [RFC 2801]. These are important standards that provide functionality such as confidentiality, non-repudiatable transactions, automatable payment scheme selection, and smart card support. J. Parsons [Page 3] INTERNET-DRAFT ECML v2 Specification February 2001 2. Field Definitions and DTD The ECML Standard is the definition and naming of a hierarcically structured set of fields and the provision of an XML syntax for their transmition. These fields can be encoded in other syntaxes and transmitted via a variety of protocols. Section 2.1 below lists and describes the fields and Section 2.2 provides an XML DTD for use with the fields. To conform to this standard, field names MUST be structured and named as closely to the structure and naming listed below as permitted by the syntax and transaction protocol in use. (Note: this does not impose any restriction on human visible labeling of fields, just on their names as used in communication.) 2.1 Field List and Descriptions The fields are listed below along with the minimum data entry size to allow. Note that these fields are hierarchically organized as indicated in this table by the embedded underscore ("_") characters. Appropriate data transmission mechanisms may use this to request and send aggregates, such as Ecom_Payment_Card_ExpDate to encompass all the date components or Ecom_ShipTo to encompass all the ship to components that a consumer is willing to provide. The labeling, marshalling, unmarshalling of the components of such aggregates depends on the data transfer protocol used. The RECOMMENDED syntax is XML as described in Section 2.2. 2.1.1 Field List IMPORTANT NOTE: "MIN" in the table below is the MINIMUM DATA SIZE TO ALLOW FOR ON DATA ENTRY. It is NOT the minimum size for valid contents of the field and merchant software should, in most cases, be prepared to receive a longer or shorter value. Merchant dealing with areas where, for example, the state/province name or phone number is longer than the "Min" given below must obviously permit longer data entry. In some cases, however, there is a maximum size that makes sense and where this is the case, it is documented in a Note for the field. The following fields are used to communicate from the customer to the merchant: J. Parsons [Page 4] INTERNET-DRAFT ECML v2 Specification February 2001 FIELD NAME Min Notes ship to title Ecom_ShipTo_Postal_Name_Prefix 4 ( 1) ship to first name Ecom_ShipTo_Postal_Name_First 15 ship to middle name Ecom_ShipTo_Postal_Name_Middle 15 ( 2) ship to last name Ecom_ShipTo_Postal_Name_Last 15 ship to name suffix Ecom_ShipTo_Postal_Name_Suffix 4 ( 3) ship to company name Ecom_ShipTo_Postal_Company 20 ship to street line1 Ecom_ShipTo_Postal_Street_Line1 20 ( 4) ship to street line2 Ecom_ShipTo_Postal_Street_Line2 20 ( 4) ship to street line3 Ecom_ShipTo_Postal_Street_Line3 20 ( 4) ship to city Ecom_ShipTo_Postal_City 22 ship to state/province Ecom_ShipTo_Postal_StateProv 2 ( 5) ship to zip/postal code Ecom_ShipTo_Postal_PostalCode 14 ( 6) ship to country Ecom_ShipTo_Postal_CountryCode 2 ( 7) ship to phone Ecom_ShipTo_Telecom_Phone_Number 10 ( 8) ship to email Ecom_ShipTo_Online_Email 40 ( 9) bill to title Ecom_BillTo_Postal_Name_Prefix 4 ( 1) bill to first name Ecom_BillTo_Postal_Name_First 15 bill to middle name Ecom_BillTo_Postal_Name_Middle 15 ( 2) bill to last name Ecom_BillTo_Postal_Name_Last 15 bill to name suffix Ecom_BillTo_Postal_Name_Suffix 4 ( 3) bill to company name Ecom_BillTo_Postal_Company 20 bill to street line1 Ecom_BillTo_Postal_Street_Line1 20 ( 4) bill to street line2 Ecom_BillTo_Postal_Street_Line2 20 ( 4) bill to street line3 Ecom_BillTo_Postal_Street_Line3 20 ( 4) bill to city Ecom_BillTo_Postal_City 22 bill to state/province Ecom_BillTo_Postal_StateProv 2 ( 5) bill to zip/postal code Ecom_BillTo_Postal_PostalCode 14 ( 6) bill to country Ecom_BillTo_Postal_CountryCode 2 ( 7) bill to phone Ecom_BillTo_Telecom_Phone_Number 10 ( 8) bill to email Ecom_BillTo_Online_Email 40 ( 9) receipt to (32) receipt to title Ecom_ReceiptTo_Postal_Name_Prefix 4 ( 1) receipt to first name Ecom_ReceiptTo_Postal_Name_First 15 receipt to middle name Ecom_ReceiptTo_Postal_Name_Middle 15 ( 2) receipt to last name Ecom_ReceiptTo_Postal_Name_Last 15 receipt to name suffix Ecom_ReceiptTo_Postal_Name_Suffix 4 ( 3) receipt to company name Ecom_ReceiptTo_Postal_Company 20 receipt to street line1 Ecom_ReceiptTo_Postal_Street_Line1 20 ( 4) receipt to street line2 Ecom_ReceiptTo_Postal_Street_Line2 20 ( 4) receipt to street line3 Ecom_ReceiptTo_Postal_Street_Line3 20 ( 4) receipt to city Ecom_ReceiptTo_Postal_City 22 receipt to state/province Ecom_ReceiptTo_Postal_StateProv 2 ( 5) receipt to postal code Ecom_ReceiptTo_Postal_PostalCode 14 ( 6) receipt to country Ecom_ReceiptTo_Postal_CountryCode 2 ( 7) receipt to phone Ecom_ReceiptTo_Telecom_Phone_Number 10 ( 8) receipt to email Ecom_ReceiptTo_Online_Email 40 ( 9) J. Parsons [Page 5] INTERNET-DRAFT ECML v2 Specification February 2001 name on card Ecom_Payment_Card_Name 30 (10) card type Ecom_Payment_Card_Type 4 (11) card number Ecom_Payment_Card_Number 19 (12) card verification value Ecom_Payment_Card_Verification 4 (13) card expire date day Ecom_Payment_Card_ExpDate_Day 2 (14) card expire date month Ecom_Payment_Card_ExpDate_Month 2 (15) card expire date year Ecom_Payment_Card_ExpDate_Year 4 (16) card protocols Ecom_Payment_Card_Protocol 20 (17) consumer order ID Ecom_ConsumerOrderID 20 (18) user ID Ecom_User_ID 40 (19) user password Ecom_User_Password 20 (19) schema version Ecom_SchemaVersion 30 (20) wallet id Ecom_WalletID 40 (21) end transaction flag Ecom_TransactionComplete - (22) The following fields are used to communicate from the merchant to the consumer: FIELD NAME Min Notes merchant home domain Ecom_Merchant 128 (23) processor home domain Ecom_Processor 128 (24) transaction identifier Ecom_Transaction_ID 128 (25) transaction URL inquiry Ecom_Transaction_Inquiry 500 (26) transaction amount Ecom_Transaction_Amount 128 (27) transaction currency Ecom_Transaction_CurrencyCode 3 (28) transaction date Ecom_Transaction_Date 80 (29) transaction type Ecom_Transaction_Type 40 (30) transaction signature Ecom_Transaction_Signature 160 (31) end transaction flag Ecom_TransactionComplete - (22) The following fields are used to communicate between the merchant and the processor: FIELD NAME Min Notes merchant identifier Ecom_Merchant_ID 8 (*) merchant terminal Ecom_Merchant_Terminal_ID 8 (*) merchant terminal data Ecom_Merchant_Terminal_Data 128 (*) transaction process code Ecom_Transaction_ProcessingCode 6 (*) J. Parsons [Page 6] INTERNET-DRAFT ECML v2 Specification February 2001 transaction reference Ecom_Transaction_Reference_ID 12 (*) transaction acquirer Ecom_Transaction_Acquire_ID 13 (*) transaction forward Ecom_Transaction_Forward_ID 13 (*) transaction trace Ecom_Transaction_Trace_Audit 6 (*) transaction effective date Ecom_Transaction_Effective_Date 4 (*) transaction CID Ecom_Transaction_CID 8 (*) transaction POS Ecom_Transaction_POSCode 12 (*) transaction private use Ecom_Transaction_PrivateUseData 166 (*) transaction response Ecom_Transaction_ResponseData 27 (*) transaction approval code Ecom_Transaction_ApprovalCode 6 (*) transaction retrieval code Ecom_Transaction_RetrievalCode 128 (*) transaction response action Ecom_Transaction_ActionCode 13 (*) transaction reason Ecom_Transaction_ReasonCode 4 (*) transaction AAV Ecom_Transaction_AAV 3 (*) transaction settlement date Ecom_Transaction_Settle_Date 4 (*) transaction capture date Ecom_Transaction_Capture_Date 4 (*) transaction Track 1 Ecom_Transaction_Track1 39 (*) transaction Track 2 Ecom_Transaction_Track2 39 (*) IMPORTANT NOTE: "MIN" in the table above is the MINIMUM DATA SIZE TO ALLOW FOR ON DATA ENTRY. It is NOT the minimum size for valid contents of the field and merchant software should, in most cases, be prepared to receive a longer or shorter value. Merchant dealing with areas where, for example, the state/province name or phone number is longer than the "Min" given below must obviously permit longer data entry. In some cases, however, there is a maximum size that makes sense and this is documented in a Note for the field. 2.1.2 Field Foot Notes ( 1) For example: Mr., Mrs., Ms., Dr. This field is commonly not used. ( 2) May also be used for middle initial. ( 3) For example: Ph.D., Jr. (Junior), 3rd, Esq. (Esquire). This field is commonly not used. ( 4) Address lines must be filled in the order line1, then line2, and last line3. ( 5) 2 characters are the minimum for the US and Canada, other countries may require longer fields. For the US use 2 character US Postal state abbreviation. ( 6) Minimum field lengths for Postal Code will vary based on international market served. Use 5 character or 5+4 ZIP for the US and 6 character postal code for Canada. The size given, 14, is believed to be the maximum required anywhere in the world. J. Parsons [Page 7] INTERNET-DRAFT ECML v2 Specification February 2001 ( 7) Use [ISO 3166] standard two letter codes. See for country names. ( 8) 10 digits are the minimum for numbers local to the North American Numbering Plan (: US, Canada and a number of smaller Caribbean and Pacific nations (but not Cuba)), other countries may require longer fields. Telephone numbers are complicated by differing international access codes, variant punctuation of area/city codes within countries, confusion caused by the fact that the international access code in the NANP region is usually the same as the "country code" for that area (1), etc. It will probably be necessary to use heuristics or human examination based on the telephone number and addresses given to figure out how to actually call a customer. It is recommend that an "x" be placed before extension numbers. ( 9) For example: jsmith@example.com (10) The name of the cardholder. (11) Use the first 4 letters of the association name: AMER American Express BANK Bankcard (Australia) DC DC (Japan) DINE Diners Club DISC Discover JCB JCB MAST Mastercard NIKO Nikos (Japan) SAIS Saison (Japan) UC UC (Japan) UCAR UCard (Taiwan) VISA Visa (12) Includes the check digit at end but no spaces or hyphens [ISO 7812]. The Min given, 19, is the longest number permitted under the ISO standard. (13) An additional cardholder verification number printed on the card (but not embossed or recorded on the magnetic stripe) such as American Express' CIV, MasterCard's CVC2, and Visa's CVV2 values. (14) The day of the month. Values: 1-31. A leading zero is ignored so, for example, 07 is valid for the seventh day of the month. (15) The month of the year. Jan - 1, Feb - 2, March - 3, etc.; Values: 1-12. A leading zero is ignored so, for example, 07 is valid for July. J. Parsons [Page 8] INTERNET-DRAFT ECML v2 Specification February 2001 (16) The value in the wallet cell is always four digits, e.g., 1999, 2000, 2001, ... (17) A space separated list of protocols available in connection with the specified card. Initial list of case insensitive tokens: none set setcert iotp echeck simcard phoneid "Set" indicates usable with SET protocol (i.e., is in a SET wallet) but does not have a SET certificate. "Setcert" indicates same but does have a set certificate. "iotp" indicates the IOTP protocol [RFC 2801] is supported at the customer. "echeck" indicates that the eCheck protocol [eCheck] is supported at the customer. "simcard" indicates use the transaction instrument built into a Cellphone subscriber for identification. "phoneid" indicates use the transaction instrument of a phone bill instrument. "None" indicates that automatic field fill is operating but there is no SET wallet or the card is not entered in any SET wallet. (18) A unique order ID generated by the consumer software. (19) The user ID and password fields are used in cases where the user has a pre-established account with the merchant. (20) URI indicating version of this set of fields. Usually a hidden field. Equal to "http://www.ecml.org/version/1.1" for this version. (21) A string to identify the source and version of the form fill software that is acting on behalf of the user. Should contain company and/or product name and version. Example "Wallets Inc., SuperFill, v42.7". Usually a hidden field. (22) A flag to indicate that this web-page/aggregate is the final one for this transaction. Usually a hidden field. (23) Merchant domain name such as www.merchant.example. This is usually a hidden field. (24) Gateway transaction processor who is actually accepting the payment on behalf of the merchant in home domain such as www.processor.example. This is usually a hidden field. (25) A Transaction identification string whose format is specific to the processor. This is usually a hidden field. (26) A URL that can be invoke to inquire about the transaction. This J. Parsons [Page 9] INTERNET-DRAFT ECML v2 Specification February 2001 is usually a hidden field. (27) The amount of the transaction in ISO currency format. This is two integer numbers with a period in between but no other currency marks (such as a $ dollar sign). This is usually a hidden field. (28) This is the three letter ISO currency code. For example, for US dollars it is USD. This is usually a hidden field. (29) ISO Transaction date. This is usually a hidden field. (30) The type of the transaction (either debit or credit) if known. This is usually a hidden field. (31) The signature of the encoded certificate. This is usually a hidden field. (32) The Receipt To fields are used when the Bill To entity, location, or address and the Receipto entity, location, or address are different. For example, when using some forms of Corporate Purchasing Cards or Agent Purchasing Cards, the individual card holder would be in the Receipt To fields and the corporate or other owner would be in the Bill To fields. (*) TBD. 2.2 ECML v2 XML DTD For internationalization of [XML] ECML, use the general XML character encoding provisions, which mandate support of UTF-8 and UTF-16 and permit support of other character sets, and the xml:lang attribute which may be used to specify language information. J. Parsons [Page 10] INTERNET-DRAFT ECML v2 Specification February 2001 J. Parsons [Page 11] INTERNET-DRAFT ECML v2 Specification February 2001 3. Usage Notes for ECML v2 This section provides a general usage guide for ECML v2. 3.1 Presentation of the Fields This standard does not constrain the order or completeness of communication of or query for these fields. Some parties may wish to to provide or ask for more information, some less by omitting fields. Some may ask for the information they want in one interaction or web page, others may ask for parts of the information at different times in multiple interactions or different web pages. For example, it is common to ask for "ship to" information earlier, so shipping cost can be computed, before the payment method information. Some parties may require that all the information they request be provided while other make much information optional. Etc. There is no way with Version 2.0 of ECML to indicate what fields the party considers mandatory [should this be?]. From the point of view of software, all fields queried are optional to complete. However, a party may give an error or re-present a request for information if some field it requires is not completed, just as it may if a field is completed in a manner it considers erroneous. J. Parsons [Page 13] INTERNET-DRAFT ECML v2 Specification February 2001 3.2 Methods and Flow of Setting the Fields [The following is pretty web page oriented...] There are a variety of methods of communication possible between the parties by which one can indicate what fields it wants the other to provide. Probably the easiest to use for currently deployed mass software is as fields in an [HTML] form. Other possibilities are to use an [XML] exchange, the IOTP Authenticate transaction [RFC 2801], or proprietary protocols. So that browser software can tell what version it is dealing with, it is REQUIRED that the Ecom_SchemaVersion field be included in every transactions when ECML is being used on the web. Ecom_SchemaVersion must appear on every web page that has any Ecom fields and is usually a hidden field. User action or the appearance of the Ecom_SchemaVersion field are examples of triggers that could be used to initiate a facility capable of providing information in response to an ECML based query. Because some web software may require user activation, there should be at least one user visible Ecom field on every web page with any Ecom fields present that are to be filled in when ECML is used via the web. Because, under some circumstances, communications can proceed very slowly, it may not be clear to an automated field fill-in function when it is finished filling in fields on a web page or the like. For this reason, it is recommended that the Ecom_SchemaVersion field be the last Ecom field on a web page. Transfer or requests for information can extend over several interactions or web pages. Without further provision, a facility could either require re-starting on each page or possibly violate or appear to violate privacy by continuing to provide personal data beyond with end of the transaction with a particular business. For this reason the Ecom_TransactionComplete field, which is normally hidden, is provided. It is RECOMMENDED that it appear on the last interaction or web page involved in a transaction, just before an Ecom_SchemaVersion field, so that multi-interaction automated logic can know when to stop if it chooses to check for this field. 4. Security and Privacy Considerations The information called for by many of these fields is sensitive and should be secured if being sent over the public Internet or through other channels where it can be observed. Mechanisms for such protection are not specified herein but channel encryption such as J. Parsons [Page 14] INTERNET-DRAFT ECML v2 Specification February 2001 TLS/SSL [RFC 2246] or IPSec [RFC 2411] would be appropriate in many cases. When information is being requested from a user, their control over release of such information is needed to protect their privacy. Software that is installed on a shared or public terminal should be configurable such that memory of any sensitive or individual identity information is fully disabled. This is vital to protect the privacy of library patrons, students, and customers using public terminals, and children who might, for example, use a form on a public terminal without realizing that their information is being stored. When sensitive or individual identification information is stored, the operator/user should have an option to protect the information with a password, without which the information will be unavailable, even to someone who has access to the file(s) in which it is being stored. This might also allow for a convenient method for multiple users to use their own ECML information from the same software. Any multi-page/screen or other multi-aggregate field fill in or data provision mechanism should check for the Ecom_TransactionComplete field and cease automated fill when it is encountered until fill is further authorized. J. Parsons [Page 15] INTERNET-DRAFT ECML v2 Specification February 2001 References [eCheck] - [ECML] - [EMV] - [HTML] - "HTML 3.2 Reference Specification", < http://www.w3.org/TR/REC-html32.html>, D. Raggett, January 1997. [IANA] - Internet Assigned Numbers Authority, Official Names for Character Sets, ed. Keld Simonsen et al. . [ISO 3166] - Codes for the representation of names of countries, [ISO 7812] - "Identification card - Identification of issuers - Part 1: Numbering system" [P3P BASE] - "The Platform for Privacy Preferences 1.0 (P3P1.0) Specification", L. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall, J. Reagle, December 2000, . [P3P ECOM] - "Using P3P for E-Commerce", J. Coco, S. Klien, D. Schutzer, S. Yen, A. Slater, November 1999, . [RFC 1766] - "Tags for the Identification of Languages", H. Alvestrand. March 1995. [RFC 2026] - "The Internet Standards Process -- Revision 3", S. Bradner, October 1996. [RFC 2246] - "The TLS Protocol: Version 1.0", T. Dierks, C. Allen. January 1999. [RFC 2411] - "IP Security: Document Roadmap", R. Thayer, N. Doraswany, R. Glenn. November 1998. [RFC 2706] - "ECML v1: Field Names for E-Commerce", D. Eastlake, T. Goldstein, September 1999. [RFC 2801] - "Internet Open Trading Protocol - IOTP Version 1.0", D. Burdett, April 2000. [RFC v1.1] - "ECML v1.1: Field Specifications for E-Commerce", D. Eastlake, T. Goldstein, , in RFC Editor's queue for publication as a non-WG Informational RFC. [SET] - Secure Electronic Transaction, [XML] - Extensible Markup Language (XML) 1.0 (Second Edition), , T. Bray, J. Paoli, C. M. Sperberg-McQueen, E. Maler Appendix: Changes from v1.1 to v2 Substantial rewording of text to attempt to change the emphasis from an HTML Form Field naming to XML Syntax. Addition of the merhcant -> processor fields. J. Parsons [Page 17] INTERNET-DRAFT ECML v2 Specification February 2001 Full Copyright Statement Copyright (C) 2001, The Internet Society. All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. J. Parsons [Page 18] INTERNET-DRAFT ECML v2 Specification February 2001 Author's Address Jon W. Parsons American Express Corporation Establishment Services Technologies 10010 W. 25TH AVE, MC 43-02-04 Phoenix AZ 85021 Phone: 1.602.766.5559 EMail: jon.w.parsons@aexp.com File name and Expiration This file is draft-ietf-trade-ecml2-spec-00.txt. It expires August 2001. J. Parsons [Page 19]