OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

bdx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [bdx] SMP and CPP

Hello,
 
I'm switching to a slightly different layout for readability.
 
1) Different types of documents.
<kebe>The logic here is actually quite simple.</kebe>  
 
Thanks, you are right to point out that in my specific example the ability of the supplier receive a particular type of order (an order tied to some specific CEN business process) already implies that later on they will be able to send an invoice with an embedded OrderReference (as this is required in the the profile/business process).  But it is not hard to imagine a situation where there are multiple initial document variants that a party can receive,  for which the party would like to determine the ability of potential partners to send them.   A small generalization of the SML/SMP model to be more CPP-like seems to support this.
 
2) Document signature
<kebe>Why is it an objective in itself to have a signature in the document?</kebe>
 
I agree that the point of the AP to AP trust model seems to be that somehow the AP is trusted to send messages on behalf of some party, so not requiring business level signatures.  But just as SML/SMP allows a party to express the AP at which they want to receive documents,  I think it would be useful to allow a party to express from which AP they will send messages. Or whether they participate in a BDX network at all.  If there is no such verifiable link from sender to sending AP,  an intruder only needs to hack into one AP (from the possibly hundreds or thousands of APs in a BDX network) to be able to send fake business documents to any other company that is in the BDX network on behalf of any company in the real world (including companies not using any AP in that BDX network).  That AP will get its certificate revoked at some point, or will otherwise be disconnected from the BDX network, but a lot of damage will have been caused by then. Any potential damage from breaches to an AP should be limited to the companies that are customers of that AP.   
 
3) Pull 
<kebe>Do you know why these large companies chose to implement message "pulling" instead of "pushing"</kebe>
The idea (as it was explained to me) is that they can control the timing of the delivery, especially in connections from other endpoints that send high message volumes.  The receiver can then check periodically and retrieve any messages instead of being overloaded with data.  
 
Pim     
 
 
 

From: Kenneth Bengtsson [mailto:kenneth@alfa1lab.com]
Sent: 17 June 2011 06:24
To: Pim van der Eijk; 'Mike Edwards'; bdx@lists.oasis-open.org
Subject: Re: [bdx] SMP and CPP

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]