egov message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Better, more secure exchanges - a fresh look at ebXML messaging (again!)
- From: "David RR Webber \(XML\)" <david@drrw.info>
- To: eGov <egov@lists.oasis-open.org>
- Date: Thu, 24 Aug 2006 08:07:45 -0700
Folks,
I've noticed the concern in the news around cyber vulnerabilities of
networked infrastructure.
Funny how the wheel rolls full circle and we get back to where we
were five years ago - reviewing how to securely use the internet to
exchange ebusiness information with XML.
The work we've been doing here at NIH to package the Hermes ebMS is
instructive in using the ebXML approach to develop mechanisms that are
strong and robust and able to be quickly adapted as needed.
Techniques and tools have developed over the past five years - and
now we have firmware components such as Big-IP that manage intrusion
threats - but regardless - the mainstays of digital certificates and
SSL along with configuration via the CPA provide a significant level of
security.
Particularly important is the ability to componentize the CPA so that
across a community of partners - default settings can be quickly
re-routed and the changes propagated in response to threats or server
outages due to network failures and the like without necessarily having
to update each CPA and setup individually.
Clearly in terms of crisis response - whether it is a natural
disaster or manmade emergency - its crucial to know that your base
design is able to support rapid changes and new relationships
dynamically.
Similarly - leveraging the CPA itself to make partner setup details
private and secure - limit the ability for eavesdropping /
spoofing and the like - while at the same time allowing secure
rapid addition of new partners in emergency situations. Allied to
this is the need to support rule-driven information integration as part
of the message exchange solution.
We're not quite there yet in terms of integrating rules engine tools
such as CAM directly with Hermes - but we have done some initial
prototyping on that - so that gap is closing. Again the CPA
already supports business process and actions and transactions mapping
- allowing routing and transformation linkage - and the new CPA v3.0 is
providing direct coupling there. The new CPA v3 is also supporting
PULL as a interaction model along with enhanced signalling - and that
also is crucial for alert mechanisms - and being able to avoid
overloading networks by deferring actions as needed.
Having this capability built-in via a set of operational
guidelines and a verifiable open source implementation is clearly a
significant advantage to meeting the challenges of SOA and secure
network infrastructures.
DW
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]