[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: assessing the non-repudiation feature
Summary of non-repudiation
of receipt feature/issues, possible support in V3: 1. Assumptions: - in some cases,
non-repudiation applies to messages that do not need additional validation beyond the receiving MSH, (just
need be properly “delivered”) but in most other cases it will. Well-formedness of payload
possibly including some semantic checks, may be needed. In other words, the decision
process for acknowledging, [often] has to be delegated to the application. - in all cases however, the
method of non-repudiation (packaging process of the receipt, including a digest of the acknowledged
message, and signing) can be standardized. 2. Scenario to be supported: (a) an MSH B is supposed to
provide non-repudiation assurance for some Purchase Orders sent by A. This requirement appears in
a P-Mode parameter. The P-Mode also tells
whether (a1) the receiving MSH can send the receipt without further validation, or (a2) needs to
wait for application validation and decision. (b) When the MSH receives
the PO, it persists the that a signed receipt would
be needed. It delivers the the MSH creates a receipt
and send it back on its own. (c) In case of (a2), the
application validates the content, and gives the MSH the OK for sending back the receipt. All what the
application gives the MSH is the messageID of the an additional Receipt
payload). The MSH knows which message
this is a receipt for (it had persisted the (d) The MSH builds the
receipt: add the digest of (e) the MSH that initially
sent the with original In case of invalid receipt,
it notifies its application side ( is not ensured yet (calling
for action at app level). 3. Questions to be answered if
we add support for this feature: - which standard packaging
(and process) for generating the receipt? - need to define how enough
identity data and security data (e.g. signature) should/can be
persisted/delivered by the MSH receiver of the receipt, knowing that
security processing normally removes wss:security header. - the status of the receipt
message has to be determined: it has both a UserMessage aspect (full part of an MEP, can be
pulled, can be subject to delivery) while it has also properties of a Signal (requires specific
unique processing, both on sending and receiving sides.) -Jacques & Hamid |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]