[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [bdx] SMP and CPP
Hello,
I'm
switching to a slightly different layout for readability.
1) Different
types of documents.
<kebe>The logic
here is actually quite simple.</kebe>
Thanks, you are right to point out that in my
specific example the ability of the supplier receive a particular type
of order (an order tied to some specific CEN business process) already implies
that later on they will be able to send an invoice with an embedded
OrderReference (as this is required in the the profile/business
process). But it is not hard to imagine a situation where there are
multiple initial document variants that a party can receive, for
which the party would like to determine the ability of potential partners to
send them. A small generalization of
the SML/SMP model to be more CPP-like seems to support this.
2) Document
signature
<kebe>Why is it
an objective in itself to have a signature in the document?</kebe> I agree that
the point of the AP to AP trust model seems to be that somehow the AP is
trusted to send messages on behalf of some party, so not requiring business
level signatures. But just as SML/SMP allows a party to express the
AP at which they want to receive documents, I think it would be
useful to allow a party to express from which AP they will send
messages. Or whether they participate in a BDX network at all. If
there is no such verifiable link from sender to sending AP, an intruder
only needs to hack into one AP (from the possibly hundreds or thousands
of APs in a BDX network) to be able to send fake business documents to
any other company that is in the BDX network on behalf of
any company in the real world (including companies not using any
AP in that BDX network). That AP will get its certificate revoked at some
point, or will otherwise be disconnected from the BDX
network, but a lot of damage will have been caused by then. Any
potential damage from
breaches to an AP should be limited to the companies that are customers of that
AP.
3)
Pull
<kebe>Do you know why these large companies chose to
implement message "pulling" instead of
"pushing"</kebe>
The idea (as
it was explained to me) is that they can control the timing of the delivery,
especially in connections from other endpoints that send high message
volumes. The receiver can then check periodically and retrieve any
messages instead of being overloaded with data.
Pim
From: Kenneth Bengtsson [mailto:kenneth@alfa1lab.com] Sent: 17 June 2011 06:24 To: Pim van der Eijk; 'Mike Edwards'; bdx@lists.oasis-open.org Subject: Re: [bdx] SMP and CPP |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]