[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [ebxml-cppa] isConfidential
Sounds good to me. (Omission of the word "authorized" wouldn't change the facts :-) ----- Original Message ----- From: "Christopher Ferris" <chris.ferris@sun.com> To: "Tony Weida" <rweida@hotmail.com> Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org> Sent: Monday, March 11, 2002 3:22 PM Subject: Re: [ebxml-cppa] isConfidential > Then might I suggest the following: > > A mechanism that is applied to the message itself, irrespective > of the communication protocol(s) used to convey the message, such that > its content (in whole, or in part) can only be revealed to > the authorized holder of the key that is used to decrypt the > encrypted content. > > Cheers, > > Chris > > Tony Weida wrote: > > > By way of background, the new wording arose from discussion of the previous > > wording: > > > > "It MUST be encrypted above the level of the transport and delivered, > > encrypted, to the application." > > > > Arvola wanted to weaken the wording and I didn't. In particular, I wanted > > to ensure that the "application" controls when and where decryption takes > > place. However, there was a general feeling that the definition of > > "application" would be hard to agree on. > > > > Thanks, > > Tony > > > > ----- Original Message ----- > > From: "Christopher Ferris" <chris.ferris@sun.com> > > To: "Tony Weida" <rweida@hotmail.com> > > Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org> > > Sent: Monday, March 11, 2002 2:33 PM > > Subject: Re: [ebxml-cppa] isConfidential > > > > > > > >>I took that as a given. However, as I indicated, it > >>really has nothing to do with "persistence on some > >>media". The fact that I use XML Encryption on a message > >>does not necessarily require any manner of persistence > >>(e.g. storage on some form of media such as hard disk). > >> > >>The confidentiality accorded a message that is characterized > >>as "isConfidential='persistent' is a function of the message > >>itself. isConfidential='transient-and-persistent' is a > >>function BOTH of the communications protocol that is used > >>to exchange the message between two adjacent network nodes > >>and of the message itself, independent of the mechanism > >>used to convey the message between network nodes. > >> > >>The fact that a message that has used a persistent form > >>of confidentiality *might* be stored (locally or elsewhere) > >>on some form of storage media is secondary to the definition > >>of what this property means. > >> > >>Cheers, > >> > >>Chris > >> > >>Tony Weida wrote: > >> > >> > >>>The isConfidential attribute has four potential values: "none", > >>> > > "transient", > > > >>>"persistent", and "transient-and-persistent". The cited text applies to > >>> > > the > > > >>>persistent cases. Sorry for omitting the qualification. THe motivation > >>> > > is > > > >>>to address the case of confidential exchange between applications, not > >>>merely MSHs. > >>> > >>>----- Original Message ----- > >>>From: "Christopher Ferris" <chris.ferris@sun.com> > >>>To: "Tony Weida" <rweida@hotmail.com> > >>>Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org> > >>>Sent: Monday, March 11, 2002 2:09 PM > >>>Subject: Re: [ebxml-cppa] isConfidential > >>> > >>> > >>> > >>> > >>>>Why would persistence (I assume on some media) be a > >>>>consideration? True, the confidentiality is "persistent", > >>>>but persistent only to the degree that the feature is > >>>>not a function of the transfer or transport mechanism > >>>>but of the message itself. > >>>> > >>>>Tony Weida wrote: > >>>> > >>>> > >>>> > >>>>>Here's the text we arrived at during the last call to characterize > >>>>>isConfidential: > >>>>> > >>>>> > >>>>> > >>>>> "...persisted locally in encrypted form, and made available to the > >>>>> application in accordance with local security policies implemented > >>>>> to preserve confidentiality." > >>>>> > >>>>> > >>>>> > >>>>>Tony > >>>>> > >>>>> > >>>>> > >>>> > >> > >> > >>---------------------------------------------------------------- > >>To subscribe or unsubscribe from this elist use the subscription > >>manager: <http://lists.oasis-open.org/ob/adm.pl> > >> > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC