[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SV: [bdx] BDX address recipe outline.
Hi,
We need to remember one of the VERY important design-goals of
Bdx - the decoupling of the transport infrastructure and the business
workflows.
This is THE design requirement that distinguishes BDX from
other protocols (none mentioned - none forgotten).
IMHO is this a VERY wise design - to keep the business
document workflows separate from the transport
infrastructure.
If Pim would be kind enought to analyze BDX together with the
CEN BII Profiles - I think(hope?) that it would show that BDX/CEN BII in fact IS
a complete good solution.
Please, when debating BDX - the design-goals should be
factored in .- else only HALF of the solution is analyzed.
Best regards
Jens Jakob Fra: bdx@lists.oasis-open.org [mailto:bdx@lists.oasis-open.org] På vegne af Markus Gudmundsson Sendt: 23. november 2011 12:42 Til: Pim van der Eijk; 'Mike Edwards'; 'Moberg Dale' Cc: 'Business Document Exchange TC List' Emne: RE: [bdx] BDX address recipe outline. Thank
you Pim. I
am not going to comment so much on the DNS issues, but the proposed methodology
works ok, there may be other ways and better to implement it, but I think it is
quite important that the technology does allow fast and relatively simply
updates to the registry, without requiring time-consuming tasks like opening
specific ports on firewalls, etc. I
think we have to move a little bit away from the idea of ?fixed trading
contracts? and ?closed network lines?. The EU is aiming for higher adoption and
since validation logic for business documents is getting more and more advanced,
we can expect ?electronic invoices? to be much more strictly compliant with
regards to content and business rules than before, and therefore companies
should be able to publish their endpoint for invoices in certain formats and
expect them all to be valid and readable by their system. This could be the
strongest driver for adoption for SMEs. It
may depend on how strict the network is, how much trust there is. If we assume
that in BDX you can only participate as an Access Point after signing an
agreement dictating responsibilities, then there is certain trust and assuming
the technology is secure enough, spamming and Denial of Service Attacks should
not become a serious issue. I
am not saying that there should not be a possibility of ?blacklisting? certain
access points or sending parties, however it should not be the default to
promote adoption. Of
course a ?generic invoice? could be an open endpoint, whereas an industry
specific option, could be restricted to certain parties. I believe a good
registry should have this capability and therefore it should be possible to
publish some business profiles e.g. BII04 (and transactions therein) as ?open?
and other, more specific ?under contract with trading partners?. So I strongly
support either reusing other registry standards, where applicable or
borrowing features and incorporating into the current SMP. My
views, at least. Markús From:
bdx@lists.oasis-open.org [mailto:bdx@lists.oasis-open.org] On Behalf Of
Pim van der Eijk Today I
can only attend the first part of the meeting, so here is some written input in
case we don't get to discuss this. First of
all, I think it is not just the people asking questions about, or proposing
alternatives to, the various specifications submitted to this TC who
should provide use cases and requirements. I would even more like to
see some more discussion of (and justification by their authors for) the
requirements and use cases that underly SML/SMP and related specifications
themselves, if memory serves the authors of those specifications
correctly. This will help us all to understand how general and reusable
these specifications are, and find and fix any aspects that perhaps are too
hard-wired to the specific PEPPOL context to be of general
use. To
elaborate a bit: SML/SMP are not the first or only attempts at
specifications for e-business registry or capability _expression_
functionality, and there are both strong similarities and differences
compared to these earlier approaches. So as a start, an overview that
explains how the design of SML/SMP relates to (and why it differs from)
them would be useful. Some of these differences are interesting, but
not all of them strike me as improvements. I've mentioned before the absence of
the equivalents of ebXML CPP "CanSend"s in SMP. Another is the absence of a
concept of an agreement or service versioning. Without similar
concepts, in BDX, if I publish that I can receive a particular
version of a UBL invoice, how do I express that I only want that option to be
used by a specific limited set of trading partners? How can I
express that I only support a deprecated version for some established partners,
or for partners that sent me a a document of some related type before, but
want others to only use the newer one? How can I express that any
messages from me will be not be sent from any Access Point, but only
from a particular named Access Point that I trust using specific
credentials? Earlier established protocols like CPA support this very well
and are used in production today, I don't see how SML/SMP/BDX handles
this. As an
analogy: in social networking, someone first has to connect to you before
he/she can send you messages or flood you with their network updates. You
have an option to not accept a connection
invitation. You even have an option to no longer accept invitations at all
(if you've set up your closed community). This seems to be something that
a register-based collaboration architecture should support if it wants to be a
general solution. The majority of e-government networks are closed or
semi-closed, e-procurement networks are the exception rather than the
rule. The OASIS EnergyInterop TC has a party registration service concept,
which could be combined with a limited capability matching/intersection
functionality. And no, I'm not buying that this functionality would be too
complex. SSL has long had a handshake mechanism and is one of the most
widely used Internet protocols. There are even handshakes in Web Services
protocols such as WS-ReliableMessaging. Capability intersection has been
implemented in CPPA and other specifications, all of which could be used or
profiled further if desired. On the
particular subject of DNS, I read Dale's email (as far as I understand it)
as stating that it can do a lot more than SML/SMP use it for. So for
architectural coherence it might make sense to use it more generally in the BDX
architecture. I would rather raise a different issue: a major
drawback of a system that depends on DNS updates is administration overhead,
because DNS management is often outsourced to hosting providers or telcos. You
cannot typically update DNS records from a business application directly, but
have to go through some (often horribly slow) service management processes,
at best partly automated. Today, in some ebMS 2.0
environments I've worked in, connecting a new partner means writing
a CPA, which is usually simple and done in a few minutes, then waiting
a week or even longer for all the firewall changes, NAT rules etc. to be
implemented. I'm sure they're not looking forward to adding DNS update
dependencies in this mix ... So I'm
wondering what problem DNS is a problem for. I know it offers scalability,
but is this level of scalability even needed for a business registry?
Previous e-business registry standards failed to take off, but lack of
scalability does not seem to rank highly on the list of reasons why.
Similar business registries, such as the GS1 GEPIR, or the various national
systems of chambres of commerce, seem to not have found the need for it,
yet they process (I have some hands-on experience with this) huge amounts of
queries using regular HTTP-based exchanges. Pim From: bdx@lists.oasis-open.org [mailto:bdx@lists.oasis-open.org]
On Behalf Of Mike Edwards
Unless
stated otherwise above: |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]