[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [ebxml-cppa] Arvola's comments on version 1.01
Tony, With respect to item 2, you are raising the question of "what is middleware and what is the application?" From a MSG viewpoint, the application is everything above the mythical upper interface of the MSH since the MSH has no knowledge of the software structure above it. It may be perfectly reasonable for middleware functions to be viewed as part of the application and, in this case, to perform the decryption. Most likely, even if the code that actually performs the specific business process receives the message encrypted, it will invoke a middleware function to do the decrypting. So, as with other MSH functions, if the MSH function places the encrypted message in the persistent store, that constitutes delivery to the application. Regards, Marty ************************************************************************************* Martin W. Sachs IBM T. J. Watson Research Center P. O. B. 704 Yorktown Hts, NY 10598 914-784-7287; IBM tie line 863-7287 Notes address: Martin W Sachs/Watson/IBM Internet address: mwsachs @ us.ibm.com ************************************************************************************* Tony Weida <rweida@hotmail.com> on 01/03/2002 10:29:39 AM To: Arvola Chan <arvola@tibco.com>, CPPA <ebxml-cppa@lists.oasis-open.org> cc: Subject: [ebxml-cppa] Arvola's comments on version 1.01 Arvola, Regarding two comments you included for version 1.01 (the version I distributed to the list, with changes highlighted): 1. You commented about lines 339-343: "It was agreed in the joint MSG-CPPA meeting in October that the 1.1 CPP/A spec will not address the requirements for interacting with intermediaries." I believe the identified text is broadly informational in nature and doesn't conflict with your comment, so I'd be inclined to remove that comment from version 1.02. Okay? 2. You commented on the confidentiality attribute, lines 1503-1504) as follows: "I think the last part of the sentence "and delivered, encrypted, to the application" should be struck out. The encryption might have happened before the ebXML message is packaged and signed. The middleware on the receiver side probably should pass the decrypted payload to the destination application." In response, I commented: "I thought the intent of this attribute was to specify confidential delivery between applications, and thus the sentence should remain intact." Is that agreeable, or shall I record this as an issue? Regards, Tony ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC