OIO Reliable Asynchronous Secure Profile Version 1.2


In response to the feedback from the public hearing the OIO Reliable Asynchronous Secure Profile has been updated:

  • The HTTP protocol has been made primary (whereas SMTP is outdated from 2016)
  • ReceiverPartyIdentifierType and SenderPartyIdentifierType has become optional in the XML Schema for the RASP custom header to reflect the "SHOULD".
  • Versionen has been updated to 1.2
  • DNITA vil later provide a document on how to provide "digital evidence"


Reliable Asynchronous Secure Profile (OIO RASP) is a profile of web service standards from the WS-* family of standards. It supports asynchronous exchange of business documents via the Internet with a high degree of security and reliability in the transactions.

This document defines the OIO Reliable Asynchronous Secure Profile 1.2, consisting of a set of non-proprietary Web services specifications, along with clarifications, refinements, interpretations and amplifications of those specifications which promote interoperability.

Open process

OIO RASP has been developed in an open and accountable process at the Danish National IT and Telecom Agency. Input has been given from several public sector institutions as well as private companies through workshops and public hearings.


and closely related

The OIO Service Metadata Interface is not part of the RASP profile but is composable with RASP.

Filer og referencer

Titel Type
OIO_Reliable_Asynchronous_Secure_Profile_1.2.pdf pdf

Regarding custom SOAP headers to be used with OIO RASP

Brian Nielsen

Hi Arvinder Singh

Thank you for giving us feedback. I see you point and it's my understanding that the current plan for with the next release for NemHandel is that these custom SOAP headers will become mandatory. 

That said, the target audience for OIORASP is broader than NemHandel and I could image usage scenarios outside the context of NemHandel where these headers would not be required, but there has not been any decisions on this yet.

Best regards

Brian Nielsen 


ReceiverPartyIdentifierType and SenderPartyIdentifierType as optional

Arvinder Singh

Well we have been living with this "mishap", so this comment is more of a reflection.

Why are these type fields optional ? without them the identifier is meaningless, unless (as the RASP reference implementation has done it) to assume that an identifier is of some type based on length.

Requiring the types being mandatory would make the implementaion simpler and more general.

Hi Arvinder

In my search for another comment i read your comment again and just wanted to inform you that this requirement has be adressed as "a should" in our "FAQ til OIORASP profilen" (PDF in Danish), translated into english something like:

The declaration of the type Identification used (SenderPartyIdentifierType and ReceiverPartyIdentifierType) is made optional. This has been done to ensure that the Profile will remain backwards compatible, but all implementations of the OIORASP profile in the context of NemHandel should include typeinformation in the header.

based on the danish version:

Angivelsen af, hvilken type identifikation der anvendes (SenderPartyIdentifierType og ReceiverPartyIdentifierType) er gjort frivillig. Dette er gjort for at gøre profilen bagudkompatibel, men alle der i konteksten af NemHandel implementerer OIORASP profilen bør inkludere typeinformation i headeren.

ændret af Brian Nielsen (07.02.2011)