[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [ebxml-cppa-negot] RE: [ebxml-cppa] Ordering dependencies innegotiation
Dale's points are valid and we should document the cases of "incomplete but usable" and "incomplete and not usable". However, that is not my concern. The question I am asking is whether some items need to be negotiated in a particular order (i.e. that there are ordering dependencies). The example I gave was that it may not be useful or possible to negotiate about certificates before negotiating about how they are to be used. Given our current rule that negotiable items that have been agreed to shall not be reopened, there may be cases where order of negotiation is significant. If there are ordering dependencies, we will have to invent a way of expressing the dependency graph within the NDD (or put it on the post-v1 list). Regards, Marty ************************************************************************************* Martin W. Sachs IBM T. J. Watson Research Center P. O. B. 704 Yorktown Hts, NY 10598 914-784-7287; IBM tie line 863-7287 Notes address: Martin W Sachs/Watson/IBM Internet address: mwsachs @ us.ibm.com ************************************************************************************* "Dale Moberg" <dmoberg@cycloneco To: Martin W Sachs/Watson/IBM@IBMUS, "Cppanegotiation (E-mail)" mmerce.com> <ebxml-cppa-negot@lists.oasis-open.org> cc: 09/24/2002 06:51 Subject: RE: [ebxml-cppa] Ordering dependencies in negotiation PM Marty notes "The negotiable items may not be able to be negotiated in an arbitrary order because there may be dependencies among them that fix the order of negotiation. Security aspects of some of the protocols may be one example. Certificate details cannot be negotiated until it has been agreed that certificate-based security will be used for message exchanges. Any ordering dependencies will have to be expressed in the NDD. Ordering dependencies also mean that a counter offer will omit items that cannot be negotiated until after the items in that counter offer agre agreed to." If parties came to agree (in a NDD allowable way) to use digital enveloping but omitted both SecurityDetails for the sender's TrustAnchors and omitted the certificate of the receiver, would that mean that we had an inconsistent CPA or just an incomplete one? My view is that it would be incomplete. The dependencies I think to be worth documenting and worrying about are ones where actual incompatibilities would exist because of incompatible values in parts of the CPA. But it is admittedly a little hard to distinguish these dependencies. If the BusinessProcessCharacteristics for data confidentiality included the "transient" value, but the TransportSecurity was missing, is it incompatible or incomplete? I suppose IPSEC might be used, and the CPPA TC has not standardized how to agree on that. Technically, however, the parties might want to use IPSEC for data confidentiality on the wire, and so a missing TransportSecurity would not conflict with a "transient" value for data confidentiality.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC