A Formal and Executable Specification of the Internet Open Trading Protocol Chun Ouyang, Lars Michael Kristensen ⋆ , and Jonathan Billington Computer Systems Engineering Centre School of Electrical and Information Engineering University of South Australia, SA 5095, AUSTRALIA chun.ouyang@postgrads.unisa.edu.au {Lars.Kristensen,Jonathan.Billington}@unisa.edu.au Abstract. The Internet Open Trading Protocol (IOTP) is being devel- oped by the Internet Engineering Task Force for electronic commerce (e-commerce) over the Internet. The core of IOTP is a set of trading transactions that reflects the most common trading activities in the real world. We apply the formal method of Coloured Petri Nets (CP-nets) to constructanabstractexecutablespecificationofIOTP’stradingtransac- tion protocols. The formal semantics of CP-nets allows us to investigate the termination properties of the transactions using state space tech- niques. This investigation has revealed deficiencies in the termination of IOTPtradingtransactions,demonstratingthebenefitofapplyingformal methods to the specification and verification of e-commerce protocols. 1 Introduction The Internet Open Trading Protocol (IOTP) [2] focuses on business-to-consumer trading transactions. A main design goal of IOTP is the encapsulation of differ- ent payment protocols such as the Secure Electronic Transaction (SET) protocol [19] and the Mondex Value Transfer Protocol (VTP) [9]. The development of IOTP is in an early stage with research groups and companies working on the first trial implementations of IOTP [5,17] based on the informal protocol speci- fication given in RFC 2801 [2]. No complete implementation of IOTP currently exists, and there are still several open research issues concerning IOTP. One of these is to validate and verify the functional correctness of IOTP. Ensuring the correctness of complex e-commerce protocols is a challenging task, and informal methods are in most cases inadequate. Formal methods [4] have proven to be a powerful tool for investigating the correctness of communication protocols, including e-commerce protocols. The main advantage of using formal methods in protocol engineering is that they result in unambiguous protocol specifications amenable to computer-aided veri- fication. Related work on applying formal methods to the modelling and analysis of e-commerce protocols and trading procedures can be found in [15,20,14,8]. None of them address the formal specification and analysis of IOTP. ⋆ Supported by the Danish Natural Science Research Council. K.Bauknecht,AM.Tjoa,G.Quirchmayr(Eds.):EC-Web2002,LNCS2455,pp.377–387,2002. c  Springer-VerlagBerlinHeidelberg2002