[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [bdx] BDX address recipe outline.
We’ve jumped into discussion of some important technical details here, but missed what I thought was Pim’s most important, first point. And that was, that the pre-existing PEPPOL specifications were taken and assumed as the baseline and trajectory for the TC. There appears to be a relatively high bar set for justifying any proposals that vary from this – one which the PEPPOL stack has not been required to meet. Looking back at the TC Document repository, I see twenty or so PEPPOL-originated specification documents, but not a single one setting out the requirements that led to those specifications. Without the TC seeing and discussing those requirements, it’s hard to have a dispassionate discussion. It seems so obvious as to be hardly worth stating that successful Internet scale standards tend to be those that define the simplest possible approach to meeting the core requirements in a particular domain of most users. It follows that if different user communities have different requirements, the “simplest possible approach” nonetheless does need to support a superset of those different communities’ requirements. And if global interoperability is a requirement, this is even more true. Even if this is all obvious, it has implications for how we conduct BDX discussions, and so is perhaps worth some explicit consideration. So if we have use cases or requirements being raised within BDX that differ from the PEPPOL specs and their (unstated?) requirements, it seems unhelpful to just refer back to the wisdom of the PEPPOL designers. Speaking for myself, but perhaps others too, unless these requirements can be addressed in an open and even-handed way, BDX will simply rule itself out as the venue for defining standards that have any realistic chance of adoption at Internet scale. To go one level deeper, on some of the different technical points raised, it seems to me we may be conflating STANDARDS specifications, and OPERATIONAL considerations about how those standards are implemented in different contexts. On the use of DNS standards for example: even if a DNS-based registry protocol were agreed for BDX applications, to me it does not follow at all that it would be managed through the same (sometimes slow and clunky) operational processes that manage endpoint DNS infrastructure today. Similarly, regarding the social network/connect models: any standard should allow operational flexibility to handle this at different levels. On the one hand, it should not require duplication of agreement content that is handled by other systems out of band. But conversely (and this is a primary concern I have), the machine-to-machine registry and handshake model should allow for the possibility of fully automated setup, without requiring separate (manual) processes for some of the required steps. Best regards, Roger From: bdx@lists.oasis-open.org [mailto:bdx@lists.oasis-open.org] On Behalf Of Pim van der Eijk This discussion was supposed to be about SML/SMP (registry, routing, capabilities) not about transport, but let's do the ebMS comments first: in ebMS 3.0, the reference to the agreement is no longer a required message header element. An explicit agreement reference is sometimes useful (that is why it is still an optional header element) but not always. Not requiring it in the header is more flexible and allows for implementations to have "default" agreements, or to derive the relevant agreement information from other information, or some other way. Some kind of default or on-the-fly generated agreement would be needed for the "connect" feature, unless it were mediated by some trusted third party match maker. I was using "agreement" in a loose sense. SML/SMP are about routing and about expressing capabilities. My point was that there are areas where you want to be able to support receiving some types of documents from particular partners but not from others or don't want to advertize your capability to support particular services to every partner and non-partner in the same way. Not everyone wants his name and address to be in the phone book, but you do want the telco to route calls to your number. It is not uncommon for B2B gateways to act as a kind of ERP firewalls, in which case they are used to prevent delivery of documents. Just as some people set their phone to screen calls using white lists or black lists. Perhaps this is not as important in some areas as it is in others, but this doesn't mean the architecture should be hardwired to support just one set of choices. Pim From: Martin Forsberg [mailto:martin.forsberg@ecru.se] Hi Pim, Regarding the social network/connect-analogy: We have been using ebms for quite some time in Sweden and one of the biggest issues is that most ebms-implementations require an agreement before-hand. This agreement (CPA) is also referred to in the ebms-header. We have tried to build around this by defining agreement-id schemes that can be deduced by other information elements (like service/action). So for use, it really doesn’t give much value. All implementations that I come in contact with have a “connect-feature” as part of their e-business software or e-invoice software where they keep track of their business partners. To also maintain this on a messaging-level (often outsourced to a service provider) is creating a lot of extra work. /Martin Från: bdx@lists.oasis-open.org [mailto:bdx@lists.oasis-open.org] För Pim van der Eijk Today I can only attend the first part of the meeting, so here is some written input in case we don't get to discuss this. First of all, I think it is not just the people asking questions about, or proposing alternatives to, the various specifications submitted to this TC who should provide use cases and requirements. I would even more like to see some more discussion of (and justification by their authors for) the requirements and use cases that underly SML/SMP and related specifications themselves, if memory serves the authors of those specifications correctly. This will help us all to understand how general and reusable these specifications are, and find and fix any aspects that perhaps are too hard-wired to the specific PEPPOL context to be of general use. To elaborate a bit: SML/SMP are not the first or only attempts at specifications for e-business registry or capability _expression_ functionality, and there are both strong similarities and differences compared to these earlier approaches. So as a start, an overview that explains how the design of SML/SMP relates to (and why it differs from) them would be useful. Some of these differences are interesting, but not all of them strike me as improvements. I've mentioned before the absence of the equivalents of ebXML CPP "CanSend"s in SMP. Another is the absence of a concept of an agreement or service versioning. Without similar concepts, in BDX, if I publish that I can receive a particular version of a UBL invoice, how do I express that I only want that option to be used by a specific limited set of trading partners? How can I express that I only support a deprecated version for some established partners, or for partners that sent me a a document of some related type before, but want others to only use the newer one? How can I express that any messages from me will be not be sent from any Access Point, but only from a particular named Access Point that I trust using specific credentials? Earlier established protocols like CPA support this very well and are used in production today, I don't see how SML/SMP/BDX handles this. As an analogy: in social networking, someone first has to connect to you before he/she can send you messages or flood you with their network updates. You have an option to not accept a connection invitation. You even have an option to no longer accept invitations at all (if you've set up your closed community). This seems to be something that a register-based collaboration architecture should support if it wants to be a general solution. The majority of e-government networks are closed or semi-closed, e-procurement networks are the exception rather than the rule. The OASIS EnergyInterop TC has a party registration service concept, which could be combined with a limited capability matching/intersection functionality. And no, I'm not buying that this functionality would be too complex. SSL has long had a handshake mechanism and is one of the most widely used Internet protocols. There are even handshakes in Web Services protocols such as WS-ReliableMessaging. Capability intersection has been implemented in CPPA and other specifications, all of which could be used or profiled further if desired. On the particular subject of DNS, I read Dale's email (as far as I understand it) as stating that it can do a lot more than SML/SMP use it for. So for architectural coherence it might make sense to use it more generally in the BDX architecture. I would rather raise a different issue: a major drawback of a system that depends on DNS updates is administration overhead, because DNS management is often outsourced to hosting providers or telcos. You cannot typically update DNS records from a business application directly, but have to go through some (often horribly slow) service management processes, at best partly automated. Today, in some ebMS 2.0 environments I've worked in, connecting a new partner means writing a CPA, which is usually simple and done in a few minutes, then waiting a week or even longer for all the firewall changes, NAT rules etc. to be implemented. I'm sure they're not looking forward to adding DNS update dependencies in this mix ... So I'm wondering what problem DNS is a problem for. I know it offers scalability, but is this level of scalability even needed for a business registry? Previous e-business registry standards failed to take off, but lack of scalability does not seem to rank highly on the list of reasons why. Similar business registries, such as the GS1 GEPIR, or the various national systems of chambres of commerce, seem to not have found the need for it, yet they process (I have some hands-on experience with this) huge amounts of queries using regular HTTP-based exchanges. Pim From: bdx@lists.oasis-open.org [mailto:bdx@lists.oasis-open.org] On Behalf Of Mike Edwards
Unless stated otherwise above: |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]