[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [ebxml-cppa-negot] RE: [ebxml-cppa] Ordering dependencies innegotiation
Marty notes "The negotiable items may not be able to be negotiated in an arbitrary order because there may be dependencies among them that fix the order of negotiation. Security aspects of some of the protocols may be one example. Certificate details cannot be negotiated until it has been agreed that certificate-based security will be used for message exchanges. Any ordering dependencies will have to be expressed in the NDD. Ordering dependencies also mean that a counter offer will omit items that cannot be negotiated until after the items in that counter offer agre agreed to." If parties came to agree (in a NDD allowable way) to use digital enveloping but omitted both SecurityDetails for the sender's TrustAnchors and omitted the certificate of the receiver, would that mean that we had an inconsistent CPA or just an incomplete one? My view is that it would be incomplete. The dependencies I think to be worth documenting and worrying about are ones where actual incompatibilities would exist because of incompatible values in parts of the CPA. But it is admittedly a little hard to distinguish these dependencies. If the BusinessProcessCharacteristics for data confidentiality included the "transient" value, but the TransportSecurity was missing, is it incompatible or incomplete? I suppose IPSEC might be used, and the CPPA TC has not standardized how to agree on that. Technically, however, the parties might want to use IPSEC for data confidentiality on the wire, and so a missing TransportSecurity would not conflict with a "transient" value for data confidentiality.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC