[Fwd: Re: [ubl] MINUTES FROM EUROPE ASIA UBL WORKING SESSION WEDNESDAY6th JULY at 0800 UTC]

[Monica J Martin <Monica.Martin@Sun.COM>]

Forward to list as requested. Thanks.

>   One aspect that may or may not have been discussed here [1] is that 
>   geographic, agreement, regulatory and other infrastructure conditions 
>   may dictate what option is used - encapsulation and/or referencing.  If 
>   you look at the business document and the process it may be associated 
>   with, is it advisable to dictate what option is used? Let me explain 
>   briefly. If you look back at eCommerce Patterns [2], it talks some of 
>   the boundaries here. While I agree that parties may specify what the 
>   security criteria is and the mechanisms used, should UBL dictate what 
>   they are rather than allowing the agreement, conditions and expectations 
>   of the parties compiling and using the business document in a business 
>   process define what mechanisms are selected. I realize I am an observer 
>   but this, at least to me, is an important point that was worth raising. 
>   Forgive me for stepping out of my observer box.  Thanks.
>
>   [1] I've also briefly scanned the Certificate of Origin documents too 
>   but am not directly familiar with the detailed discussions on COO or how 
>   to meet the requirements identified.
>   [2] cc: Jamie Clark here as he is an expert here....and I'm not but ebBP 
>   long debated legally binding and shared intent (See latest specification 
>   packages preparing for CD vote at: 
>   http://www.oasis-open.org/committees/documents.php?wg_abbrev=ebxml-bp (6 
>   packages uploaded 1 July 2005). eCommerce patterns:  
>   http://www.ebxml.org/specs/bpPATT.pdf.
>
>   > mcgrath: Attendees:
>   > Tim McGrath
>   > Thomas Lee
>   > Peter Borresen
>   >
>   > Given the limited attendance, we decided to concentrate this meeting 
>   > on the topic of Digital  Signatures.  Peter and Thomas have an action 
>   > tiem to prepare a white paper on this issue.
>   >
>   > TL: outlined the requirements from the Certificate of Origin 
>   > document.   This document is actually built up in stages by different 
>   > orgnaizations, each of whom signs their respective parts.  This also 
>   > means the sequence of signing is significant as well.
>   >
>   > Two approaches have been identified:
>   > a. encapsulating the digital signature inside the document (the 
>   > Crimson Logic approach)
>   > b. referencing the digital signature from the document and storing it 
>   > externally (the DTTN and ebXML approach).
>   >
>   > Both have their strengths and weaknesses.
>   >
>   > Action Item: Peter will create a draft of how the Digital Signature 
>   > could be referenced from a UBL document and pass to Thomas for his input.
>