loading please wait..
close
Sign up for our newsletter
menu

Q&A

Q&A

STM developer forum’s questions and answers

This Q&A site is used as a complementary tool to STM developer forum´s physical meetings. Questions will be documented during the meetings and published here on the site when answered. You may also post your question directly here below and the STM developer team at the Swedish Maritime Administration will answer it as soon as possible.

Please send any questions to: cajsa.jerslerfransson@sjofartsverket.se

Updated: 2017-03-10

What are the procedures around certificates? Root certificate?

Certificates for organizations, services, users, etc. are issued by the Identity Registry. New certificates are valid until 2025, but can be revoked sooner if needed. The root certificate is currently held by the Danish Maritime Authority. The trust chain is available from http://maritimecloud.net/#tech Source TGC

Updated: 2017-03-10

  • Is the STM module integrated into ECDIS?

  • Depends, it is up to the manufacture of STM display/ module application.

  • What communication is used between VIS and the STM module, secure?

  • This interface is a private interface, the design of VIS and SPIS does not put any requirements on the level of security used. Although it can be assumed VIS and STM module resides in the same security domain. It is still depending on chosen deployment alternative.Source PL

  • Do I need a VIS if I only intend to display RTZ Routes i a land based system?
  • Yes, if you intend to receive the voyage plans (RTZ) to display you need to implement the uploadVoyagePlan interface exactly as described in VIS. There is a discussion whether you need to implement all interfaces in VIS or just the interface you need. The idea is to base the instance on VIS Design, and thereby the consumer (such as a ship) have a known interface to exchange RTZ/voyage plan.It may be that we need to discuss this further. Source: MO

  • Why is one VIS instance needed per vessel and how are we to handle multiple (>100) vessels in one VIS server implementation?

  • Since services like Route Optimization is carried out per vessel the service has to be instantiated on vessel level to represent a single vessel. You wouldn't send an optimized route to a shipping company info address, but rather to a specific vessel. In STM a single VIS server can handle up to 50000 ships (VIS instances) depending on configuration (one port per VIS instance).

  • Can VIS be used in Route Check Service?

  • Yes, but only in asynchronous mode for now. The result cannot (or is not described that way) be returned in response. The result can be uploaded back to VIS as voyage plan, text message or area message using the upload interface.

  • How can we, from ships point of view, see who is the provider of e.g. route optimization service if there are several registered services?

  • The service instances is different with different descriptions. It will also show which organisation that provides the service. A document describing the instance can also be retrieved for more detailed description. Source:MO

  • Don't want to create a new version of STM Module each time a new service is released.Will this be needed?

  • Provided the newly released service adhere to STM defined standard for receiving and sending the four different payloads defined. The STM module will not have to be changed. Source: MO,PL

  • Do I need to implement VIS in my service?

  • Yes, if you expect to be nominated/authorized by ship and receive VP (RTZ) in an "standard" way
  • Yes, if you provide service that include exchange of voyage plan, in return you are "guaranteed" that service consumers, such as ships, can consume the service without new software updates.
  • No, not if you only send VP to another party and don't expect to receive any.
  • If you yourself always initiates request/subscription of VP, however, the subscription callback service endpoint must adhere to VIS uploadVoyageplan. Source MO, PL

  • Why is one VIS instance needed per vessel and how are we to handle multiple (>100) vessels in one VIS server implementation?

  • Since services like Route Optimization is carried out per vessel the service has to be instantiated on vessel level to represent a single vessel. You wouldn’t send an optimized route to a shipping company info address, but rather to a specific vessel. In STM a single VIS server can handle up to 50000 ships (VIS instances) depending on configuration.

Updated: 2017-03-10

  • How use the project SeaSWIM Connector in relation with human interactable web services?

  • The SSC is used by a parent service that could be a GUI oriented to users

  • Is the project SeaSWIM Connector only for machine-to-machine interaction?

  • Yes

  • Is the project SeaSWIM Connector only used to open a communication channel or also to send data through?

  • The project SeaSWIM Connector interacts in both outgoing and incoming service calls and supports the authentication and forwarding of data in the service calls. Source MO

  • What requirements does the project SeaSWIM Connector put on my deployment environment?

  • See SeaSWIM Connector Implementation description for details how to configure a webserver and the SSC.http://stmvalidation.eu/service-catalogue/#ssc
  • Source:FR

  • Will it be possible to extract a functional library from the project SeaSWIM Connector?

  • Yes, partly but not for all functionality since the COTS Tomcat application is used in the SeaSWIM Connector. Source MO

  • Will it be possible to search for services within a certain location through the project SeaSWIM Connector?

  • Yes, there are search functionality based on geometry in Service Registry and support in the project SeaSWIM Connector. Source MO

  • Is the project SeaSWIM Connector dependant on the Identity Registry? Is Identity Registry a single point of failure? Is it a risk that needs to be mitigated in the live STM testbed?

  • Yes, all service interaction is dependent on the Identity Registry and the authentication procedure. Source MO.

  • Where does the SeaSWIM connector reside?
  • This depends on the chosen deployment alternative. But as we have designed the project VIS, SSC should be implemented alongside the VIS i.e. on the same server. Source PL

  • I downloaded the ssc.zip file but there was no explanations about the usage. I am interested in what kind of certificate should I use for my server to secure the https traffic between two SSC instances. Do we require both SSC instances to provide valid SSL certificates for making contact?

  • "README-file have now been added and more documentation will follow.
  • Authentication of interaction between two services shall be possible with any kind of valid certificate in Identity Registry, such as a Service Certificate.
  • Please observer that a new root certificate has been created and all previously certificates have been revoked and new needs to be generated.
  • Mutual authentication is enabled in the project JAVA SSC and therefore there need to be the same procedures and SSC functionality in both ends." Source MO

  • How can we search for services or Service providers via the SSC or via the Identity registry?

  • Search for service instance(s) can be done in both VIS, SPIS and SSC, they all have the same interface. Searches can be done on keywords, geometry in JSON, geometry in WKT, geometry as location, geometry as UN/LOCODE, free text and on serviceInstanceID. The proposal is to also include providerID (such as urn:mrn:stm:org:smhi) and endpointType (such as REST) as search parameters.More examples will follow on Developer Forum.The result from search is currently being refined and more examples and schemas will follow on Developer Forum.

Must the callservice() call go through a VIS?

 

  • No, the callService in VIS just propagates the callService from the SeaSWIM Connector as support to a parent service. As long as SeaSWIM Connector functionalities (such as authentication and encryption) is used, the callService can be your own. Source:MO

Is the project SSC converting between SOAP and REST?

  • Incoming (intercepted) service request should already be in REST and forwarded in REST to “parent” service (such as VIS). Source:MO

Will SeaSWIM Connector be delivered as a functional Library by the project?

  • A decision was made to deliver the project SeaSWIM Connector as a service and not a functional library.

 


Will SeaSWIM Connector be delivered by the project in form of a JAVA JAR file?

 


Will there be configuration examples available for the project SeaSWIM Connector?

  • Yes in SeaSWIM Connector implementation description, located on developer forum. Source MO,PL
    See http://stmvalidation.eu/executables/


Must the provided SeaSWIM Connector be used or I can use my own SeaSWIM Connector?

  • No, you can use your own SeaSWIM Connector as long as it follows the functionality, standards and formats specified.

Updated: 2017-03-10

  • What kind of procedure is used around certificates; Server certificates or authority certificates?

  • All the certificate emitted by the Maritime Cloud Authority installed in the servers ( vessel for example ) will be valid and authorized by the SSC. Other Certification auth like , verysign , etc … in the Service2Service will be recached. Source:FR

    Will mutual authentication work on my ship that is protected by a proxy server?

  • Depend of what the proxy service do. If not need certificates than yes. Source:FR

  • Does the certificate authenticate the machine or the organisation?

  • The certificate authenticate  a service, vessel a device , an oganization, like described in the developer identity registry http://developers.maritimecloud.net/identity/index.html#certificate-attributes
  • Source:FR

  • How do I authenticate myself (what credentials) to the Service Registry?

  • Open ID and token given by Identity Registry. You need to register your organisation in Identity Registry. Source AD

  • What are the procedures around certificates? Root certificate?

  • Certificates for organizations, services, users, etc. are issued by the Identity Registry. New certificates are valid until 2025, but can be revoked sooner if needed. The root certificate is currently held by the Danish Maritime Authority. The trust chain is available from http://maritimecloud.net/#tech. Source AD.

  • Can the project SeaSWIM Connector handle OpenID as well as X.509 Certificates?

  • Yes. The SSC uses OpenId Connect to authenticate to the Service Registry and X509 in the Service2service comunication and X509 in the communication with the Identity Registry. But note that this only applies for outgoing connections. The SSC cannot handle incoming requests that is authenticated using OpenId Connect. Source: TGC

  • Can services that uses OpenID for authentication be cooperating with services that uses X.509 Certificates for authentication?
  •  No, not unless those services themselves has a certificate. If a service (S1) that uses OpenId Connect for authentication wants to interact with a service (S2) that only accepts certificate authentication, S1 must obtain a certificate to be able to do this. This means that to S2 it will look like the request is coming from S1. (If S2 supports OpenId Connect, S1 could use the OpenId Connect Token of the user to represent the user, and S2 would see that the call comes from the user.) Souce:TGC

  • Is the certificates used for protection of the path or the message? Or both?

  • The certificates and the authentication protects the path.
    A decision was made to not at this stage protect the message more than HTTPS.

  • Must you implement authorization in your own service?

  • Yes, it's strongly recommended to consider and handle authorization (access) to your data using POSIX and Access Control List.
    Project SeaSWIM Connector does not handle authorization to data.

  • Does VIS automatically authorize actors in STM to a voyage plan?

  • No, authorization is always managed by the information owner, typically this is done by the operator in the STM module.

Updated: 2017-01-27

  • How do I add more users in my organisation?
  • To add users in your Organiastion:
  • Log into Maritime Cloud with the original user.
  • Click "User" In the left side panel
  • Add user
  • The new user will get an email with credentials.

  • How can we search for services or Service providers via the SSC or via the Identity registry?

  • Search for service instance(s) can be done in both VIS, SPIS and SSC, they all have the same interface. Searches can be done on keywords, geometry in JSON, geometry in WKT, geometry as location, geometry as UN/LOCODE, free text and on serviceInstanceID. The proposal is to also include providerID (such as urn:mrn:stm:org:smhi) and endpointType (such as REST) as search parameters.More examples will follow on Developer Forum.The result from search is currently being refined and more examples and schemas will follow on Developer Forum.

Updated: 2016-12-13

  • Can I as a developer create my own protected test environment and use the project SeaSWIM Connector?
  • Will it be possible to run local instances of the ID and Service registry (for security purposes) during development?
  • Yes in principel this is possible, though personally I would recommend using the (soon) provided test or staging instance. Most test setup is most likely only interested in the Service Registry for lookup? So maybe an easy SR setup for testing is needed? Source AD.

  • Will there be compliance tests to ensure quality and security of deployed services in the testbed?

  • Currently the tests for compliance are spread over the different operational services. The SeaSWIM infrastructure intends to provide a comprehensive set for compliance and security, however, it is not known if this complete set of tests will be ready for deployment. A technical compliance checklist is being circulated to provide a first level of guidance. Source AD

  • Will there be a test environment available where developers can test application and services against other test and reference components?

  • Yes, the aim is to establish and describe a test and development environment separated from the STM Live Testbed environment.
  • PL: This will be further described in the roadmap later on.

  • Will there be a set of test data available from the project?

  • Yes, there will be a set of various test data available that is related to the Use Cases in STM Live Testbed.

  • Will there be a graphical test application in the test envinronment where routes etc can be shown?

  • Yes, there will be a set of various test data available that is related to the Use Cases in STM Live Testbed.

  • When will a production be available for the STM Testbed?

  • See STM testbed roadmap

Updated: 2016-12-13

  • What is the textMessage? Is there a schema/ standard used?
  • The textMessage is one of the four payload formats used in STM testbed. The schema is defined and described in the STM Message Formats section of developer forum website. Source PL

Updated: 2016-12-13

  • Does the service provider need a PIS instance?
  • "SPIS supports with consumption of PortCDM services in STM. If a service provider needs to implement port synchronization, yes SPIS can be used. Source MO.
    "

Updated: 2016-12-13

  • Route and voyage are not the same?
  • That is correct, although in the STM testbed we have made this delimitation. In STM testbed a voyage plan is equivalent to a route plan which is defined according to the RTZ format. Source PL.

Updated: 2016-11-28

Will source code for the project SeaSWIM Connector be available?

Updated: 2016-11-25

Isn´t it finished? to introduce an additional distribution channel for MSI/ Navigational warnings etc.?

STM is not about replacing existing channels for MSI and Navigational warnings/ messages. The scope for the STM testbed is limited to 4 payloads (RTZ, textMessage, areaMessage and PCM).

Updated: 2016-11-17

  • Will it be possible to search for Ship by MMSI to locate their VIS to upload a e.g. search pattern in RTZ format?
  • Yes, by adding mmsi in keyword when registering the VIS instance for the ship.

  • How can we, from ships point of view, see who is the provider of e.g. route optimization service if there are several registered services?

  • The service instance is different with different descriptions. It will also show which organisation that provides the service.

  • Who is hosting service "boxes"?

  • This is up to the deployment alternative of VIS, SSC and PIS. A basic deployment would be the STM module onboard and VIS/PIS together with SSC on shore representing the vessel. In the STM testbed SMA will be hosting an environment for VIS and SSC. Source MO, PL

  • How are REST interfaces versioned in STM testbed?

  • STM REST interface version is be included in the base path.

Updated: 2016-11-17

  • What will be the status of the internet connection onboard?
  • In designing VIS and SPIS we have assumed the connection to vessels are intermittent. The design and sequences of VIS and SPIS are not depending on vessels having a reliable internet connection. This is also depending on the design and deployment of the STM Module.

Updated: 2016-11-17

  • Is there an acknowledgment?
  • In VIS we have included acknowledgment in the described sequence diagrams. This acknowledgment is sent to requesting service according to parameters in the service request/ response. A request message is returned at successful delivery of a message to the vessel (STM module). VIS also has an interface for receiving acknowledgements. Source Mo,PL

Updated: 2016-11-17

  • How to manage changes to VIS, PIS, SSC specifications? Eg. Docker?
  • Every STM service is registered in the STM service registry catalogue. The service registry has support for versioning of service specifications. Usage of Docker is one implementation alternative among others. The choice of how a service is implemented is up to each service provider. As long as STM interoperability is not jeopardized.

Updated: 2016-11-15

What schemas are used for information exchange in the testbed?

Schemas for data exchange can be found in Service Specifications and SeaSWIM Technical documentation.
https://service.projectplace.com/pp/pp.cgi/0/1212298701

and here.

Updated: 2016-11-15

Does the organization in the SeaSWIM ID registry reflect the owner or is this the operating organization of a vessel? How are we to handle vessels used for T/C where the vessel operating organization changes?

In SeaSWIM the authentication is made on service level (certificate). For the testbed authorization is based on vessel (certificate) and/ or userid.

Updated: 2016-11-15

Which technologies and languages have been used for the SeaSWIM Connector provided by the project?

SSC is written in JAVA and exposes a private SOAP API that enables the service application to make the request to other services or to the Identity and Service Registry.

How do I register my service instance(s) in the [STM] Service Registry?

Updated: 2016-11-03

The following items shall be provided
–    Service Specification (report and XML+XSD)
–    Service Design (report and XML+XSD)
–    Service Instance (report and XML+XSD)
For the testbed; contact cajsa.jerslerfransson@sjofartsverket.se

 

What service technologies shall be used?

Updated: 2016-11-03

Currently REST