[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [ebxml-cppa] Re: Arvola's comments on version 1.01
Arvola, My responses inline ... Regards, Tony ----- Original Message ----- From: "Arvola Chan" <arvola@tibco.com> To: "Tony Weida" <rweida@hotmail.com>; "CPPA" <ebxml-cppa@lists.oasis-open.org> Sent: Thursday, January 03, 2002 1:36 PM Subject: Re: Arvola's comments on version 1.01 > Tony: > > I agree that it is OK to remove the following text from the 1.02 spec: TW: My proposal was to remove the comment, not the text. Although I understand the point of the comment, I believe that the 1.0 team wanted to offer a bit of optional guidance (not requirements) pending more detailed treatment of intermediaries in a future version. To me, that still seems like a reasonable approach. > "In this initial version of this specification, this MAY be accomplished by > creating a CPA between each Party and the intermediary in addition to the > CPA between the two Parties. The functionality needed for the interaction > between a Party and the intermediary is described in the CPA between the > Party and the intermediary. The functionality needed for the interaction > between the two Parties is described in the CPA between the two Parties." > > Regarding the confidentiality attribute section, I just feel that the > following statement is a little bit too strong: TW: Partners who feel strongly about confidentiality must be able to make such a strong statement in their agreement, backed up corresponding language in the CPPA spec. It might be OK to provide for weaker statements as well, which would suggest a finer grained machanism than confidentiality = true or false. > "It MUST be encrypted above the level of the transport and delivered, > encrypted, to the application." > > Some clarification along the lines used in the exchanges you have with Marty > may be helpful. > > Thanks, > -Arvola > > ----- Original Message ----- > From: "Tony Weida" <rweida@hotmail.com> > To: "Arvola Chan" <arvola@tibco.com>; "CPPA" > <ebxml-cppa@lists.oasis-open.org> > Sent: Thursday, January 03, 2002 7:29 AM > Subject: Arvola's comments on version 1.01 > > > > Arvola, > > > > Regarding two comments you included for version 1.01 (the version I > > distributed to the list, with changes highlighted): > > > > 1. You commented about lines 339-343: "It was agreed in the joint MSG-CPPA > > meeting in October that the 1.1 CPP/A spec will not address the > requirements > > for interacting with intermediaries." > > > > I believe the identified text is broadly informational in nature and > doesn't > > conflict with your comment, so I'd be inclined to remove that comment from > > version 1.02. Okay? > > > > 2. You commented on the confidentiality attribute, lines 1503-1504) as > > follows: "I think the last part of the sentence "and delivered, encrypted, > > to the application" should be struck out. The encryption might have > happened > > before the ebXML message is packaged and signed. The middleware on the > > receiver side probably should pass the decrypted payload to the > destination > > application." > > > > In response, I commented: "I thought the intent of this attribute was to > > specify confidential delivery between applications, and thus the sentence > > should remain intact." Is that agreeable, or shall I record this as an > > issue? > > > > Regards, > > Tony > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC