[ebxml-cppa-negot] RE: [ebxml-cppa] Ordering dependencies innegotiation

[Martin W Sachs <mwsachs@us.ibm.com>]

Dale's points are valid and we should document the cases of "incomplete but
usable" and "incomplete and not usable".  However, that is not my concern.
The question I am asking is whether some items need to be negotiated in a
particular order (i.e. that there are ordering dependencies). The example I
gave was that it may not be useful or possible to negotiate about
certificates before negotiating about how they are to be used. Given our
current rule that negotiable items that have been agreed to shall not be
reopened, there may be cases where order of negotiation is significant. If
there are ordering dependencies, we will have to invent a way of expressing
the dependency graph within the NDD (or put it on the post-v1 list).

Regards,
Marty

*************************************************************************************

Martin W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY 10598
914-784-7287;  IBM tie line 863-7287
Notes address:  Martin W Sachs/Watson/IBM
Internet address:  mwsachs @ us.ibm.com
*************************************************************************************


                                                                                                                                      
                      "Dale Moberg"                                                                                                   
                      <dmoberg@cycloneco        To:       Martin W Sachs/Watson/IBM@IBMUS, "Cppanegotiation (E-mail)"                 
                      mmerce.com>                <ebxml-cppa-negot@lists.oasis-open.org>                                              
                                                cc:                                                                                   
                      09/24/2002 06:51          Subject:  RE: [ebxml-cppa] Ordering dependencies in negotiation                       
                      PM                                                                                                              
                                                                                                                                      
                                                                                                                                      



Marty notes
"The negotiable items may not be able to be negotiated in an arbitrary
order
because there may be dependencies among them that fix the order of
negotiation. Security aspects of some of the protocols may be one
example.
Certificate details cannot be negotiated until it has been agreed that
certificate-based security will be used for message exchanges.   Any
ordering dependencies will have to be expressed in the NDD.  Ordering
dependencies also mean that a counter offer will omit items that cannot
be
negotiated until after the items in that counter offer agre agreed to."


If parties came to agree (in a NDD allowable way) to use digital
enveloping
but omitted both SecurityDetails for the sender's TrustAnchors and
omitted
the certificate of the receiver, would that mean that we had an
inconsistent
CPA or just an incomplete one? My view is that it would be incomplete.

The dependencies I think to be worth documenting and worrying about
are ones where actual incompatibilities would exist because of
incompatible values in parts of the CPA.

But it is admittedly a little hard to distinguish these dependencies. If
the
BusinessProcessCharacteristics for data confidentiality included the
"transient"
value, but the TransportSecurity was missing, is it incompatible or
incomplete?
I suppose IPSEC might be used, and the CPPA TC
has not standardized how to agree on that. Technically, however, the
parties might want to use IPSEC for data confidentiality on the wire,
and so a missing TransportSecurity would not conflict with a "transient"
value for data confidentiality.