Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The reference architecture for BoB specifies the interfaces, data models and information flows required for interoperability between participants. How the functionality is implemented internally by each entity is heavily dependent upon the entities own business requirements. The architecture consists of four key components; sales channelprice and product ticket engine and validation/inspection.

Gliffy
imageAttachmentIdatt2261712994
macroId2be64f90-ce21-4fa7-b172-90cd1ba18cd0
Drawio
baseUrlhttps://samtrafiken.atlassian.net/wiki
displayNamediagramNameBoB Arkitektur.drawio
nametempPreviewBoB Arkitektur
diagramAttachmentIdatt2261418158
containerId2238939361
timestamp1614757276121.png
width500
zoom1
pageId2238939361
custContentId3639509063
lbox1
contentVer1
height500
revision1

...

Sales Channel

A Sales Channel can be one of many things such as a re-sellers system, an app, a ticketing vending machine or similar. This function is usually the travellers interface through which they buy their journey. In some cases these can also store or deliver a ticket distributed by the Local Back End Ticketing System. A Sales Channel is generally linked to a payment service provider that handles the payments. The Sales Channel can be from the same company as the ticket provider but it can also be a totaly separate company.

...

To enable a travel company to provide customer support in situations where another party (an independent sales function) has made the sale and manages the customer relationship, some basic information about the traveler is typically required to provide such support (for example a refund). For this purpose the sales channel also provides a special interface ( "traveler") that can be used by the carrier (or other party providing customer support for the carrier).

Gliffy
imageAttachmentIdatt2261024917
macroIdb958dce9-c9b0-4a9f-9254-68a5e276c37d
Drawio
name
baseUrlhttps://samtrafiken.atlassian.net/wiki
diagramNameBoB Arkitektur med Sales Channel i centrum.drawio
tempPreviewBoB Arkitektur med Sales Channel i centrum
diagramAttachmentIdatt2261352573
containerId2238939361
timestamp1614757230963.png
width500
zoom1
pageId2238939361
custContentId3639607368
lbox1
contentVer1
height500
revision1

...

Prices and Product

The Price and Product module delivers information to the Sales Channel on available products, prices for journeys and other business rules. This information constitutes basic input for ordering a ticket from the Ticket Engine.

...

The Price and Product provides a search query interface which the sales channel can use to retrieve different product options for a specific trip. Price and Product is however not a trip planner, it is required that the sales channel already has that functionality to ensure feasibility of a certain trip. When that has been determined Price and Product can be used to retrieve prices and products for that trip, or a specific trip to be combined into a complete journey.


0846cc5e-f1db-4ef4-b847-2f7ba2a88bfe
Gliffy
imageAttachmentIdatt2319974456
macroId
Drawio
baseUrlhttps://samtrafiken.atlassian.net/wiki
namediagramNamePrice and Product.drawio
tempPreviewPrice and Product
diagramAttachmentIdatt2320072747
containerId2238939361
timestamp1614851698630.png
width500
zoom1
pageId2238939361
custContentId3639181420
lbox1
contentVer1
height500
revision1

...

Ticket Engine

The Ticket Engine receives orders for tickets and establishes the information that is to be stored on the ticket, including an electronic stamp that guarantees the validity of the ticket. The Ticket Engine then returns all the ticket information to the Sales Channel.

...

The Ticket Engine issues tickets based on manifests. The manifests are issued by Price and Product and conveyed to the Ticket Engine through the sales channel. The Ticket Engine is normally stateless, and can be instantiated in multiple locations simultaneously to provide redundancy. The Ticket Engine registers all information pertaining to issued tickets in a data warehouse. Naturally, the Ticket Engine is a security-critical component of the participants ticketing and fare collection infrastructure. As such, it required adequate protection from attempts to compromise the integrity of the service and the confidentiality of the Ticket Signing Keys. 

Gliffy
imageAttachmentIdatt2320433173
macroIdd6575598-197d-4ac2-93b4-6d67ecc464b3
Drawio
name
baseUrlhttps://samtrafiken.atlassian.net/wiki
diagramNameBoB Arkitektur med Ticket i fokus.drawio
tempPreviewBoB Arkitektur med Ticket i fokus
diagramAttachmentIdatt2319253575
containerId2238939361
timestamp1614851746991.png
width500
zoom1
pageId2238939361
custContentId3639607362
lbox1
contentVer1
height500
revision1

...

Validation Service

The Validation Service provides the functionality required to determine if a ticket is valid or not. Validation is a check of the validity of a ticket in time and place. The result of a validation is either positive or negative. A positive validation result will confirm that the ticket is used at the right place, geography and/or vehicle type etc, at the right time. A negative validation result will indicate that the ticket is not valid for the place and/or time. A negative validation result can be handled in many ways depending on the business rules of the PTA/traffic company. Validation can be done by different devices such as bus validators, handheld units, gates or platform validators. A validation may also activate a ticket or payment procedure. 

...

Another variant of the Validation Service is the type of validator used for ticket inspections. Inspection is a check of the validity of a ticket. If the ticket is found to be invalid, a fine could be issued. Inspection is typically handled by dedicated staff that are apart from bus drivers or train hosts. As the Validation Service is used for inspecting tickets the requirements may be different. On-line fraud checks may have longer time-outs, and the transactions sent to the ticketing back-end are sent using a different interface (the inspection endpoint), and the transactions are registered as ticket inspection events rather than validation events.

249a50ba-dea6-4113-bd45-5e32e93dac2d
Gliffy
imageAttachmentIdatt2319646779
macroId
Drawio
baseUrlhttps://samtrafiken.atlassian.net/wiki
namediagramNameBoB Arkitektur med Validation i fokus.drawio
tempPreviewBoB Arkitektur med Validation i fokus
diagramAttachmentIdatt2320433178
containerId2238939361
timestamp1614851796436.png
width500
zoom1
pageId2238939361
custContentId3639214182
lbox1
contentVer1
height500
revision1

...

On-demand Traffic

The On-demand Traffic service is handling all the bookings of on-demand travels. On-demand travel is a form of transport which needs to be requested in advance, i.e. service will not run if there is no pre-bookings. It can be added as a request as part of an ordinary combined journey. 

When a travel is requested from the Sales Channel the Price and Product tells the Sales Channel that it has to call the On-demand Traffic Service. First a preliminary booking is made. When the Sales Channel gets the ticket from the Ticket Engine it confirms the booking of the on-demand journey and gets the booking that can be added to the ticket.

Gliffy
imageAttachmentIdatt2382659605
macroId8bf69784-2d38-4f8b-aa03-20fb4ba4473f
Drawio
baseUrlhttps://samtrafiken.atlassian.net/wiki
namediagramNameBoB Arkitektur med On-demand Traffic i centrum.drawio
tempPreviewBoB Arkitektur med On-demand Traffic i centrum
diagramAttachmentIdatt2382561312
containerId2238939361
timestamp1614851832826.png
width500
zoom1
pageId2238939361
custContentId3639672910
lbox1
contentVer1
height500
revision1

...

Token Publisher

The Token Publisher loads the BoB application ("Travel Card Application" according to MTS7) on a data chip in a secure way. This can then be used in an ID-based ticket system, i.e. when the traveller purcheses a right to travel (a ticket) their ID is connected to a ticket stored in the ticket engine. When a validation or inspection is performed the traveller presents his ID which is then used to find their right to travel stored in the back-end ticket engine.

Each travel document is unique since the token ID is generated from a cryptographic key (refer to MTS7 for details around cryptographic keys and ID derivation). The same Token ID (i.e. the same public-private key pair) must only reside in one physical bearer. The Token Publisher is responsible to ensure the keys can not be extracted from the bearer. The token has to be registered with each Sales Channel the traveller wishes to use. Validation service only interprets an ID (as a reference) from the travel document and sends a request about validity to the Ticket Engine.

Gliffy
imageAttachmentIdatt2911731870
macroId1a089e71-b23a-40af-aa0e-52c7731f6429
Drawio
baseUrlhttps://samtrafiken.atlassian.net/wiki
displayNamediagramNameBoB Akitektur med Token i centrum.drawio
nametempPreviewBoB Akitektur med Token i centrum
diagramAttachmentIdatt2915074115
containerId2238939361
timestamp1626411663722.png
width500
zoom1
pageId2238939361
custContentId3639574628
lbox1
contentVer1
height500
revision1

...

Participant Metadata

The Participant Metadata service, also called coordination function, collects, aggregates and distributes so called Metadata from the different participants. This function is managed by Samtrafiken. By retrieving Metadata, participants are able to validate the authenticity of tickets issued by other entities and securely communicate directly with each other. The Metadata contains the Participant Identifier (PID) which uniquely identifies each entity within the infrastructure. In addition, it also contains the Uniform Resource Identifier (URI) of participants interface endpoints, public keys for validating tickets authenticity, public keys to authenticate other participants end-entities (such as validating devices, inspectors, ticket vending machines, et cetera) among other things.

As the Metadata constitutes the very foundation for interoperability, it is of particular security-critical nature. For this reason, all Metadata (whether being the complete set or an excerpt) it is cryptographically signed by the Coordination Function. Any requests to add, modify or remove metadata also required cryptographically signed operations. For this cryptography to work, there needs to be an initial key exchange between the participant and Samtrafiken. 

Gliffy
imageAttachmentIdatt2384887811
macroIdfaf1b85c-946d-4b7f-99d0-3b038c6a5401
Drawio
baseUrlhttps://samtrafiken.atlassian.net/wiki
namediagramNameBoB Arkitektur med Participant Metadata i fokus.drawio
tempPreviewBoB Arkitektur med Participant Metadata i fokus
diagramAttachmentIdatt2382659616
containerId2238939361
timestamp1614851868520.png
width500
zoom1
pageId2238939361
custContentId3639574636
lbox1
contentVer1
height500
revision1

...

Authentication

Authentication in the BoB infrastructure is based on the principles of an identity federation, where trust is established bilaterally through agreements and, technically, by inclusion of the other participants' metadata in the respective systems.

...