OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

bdxr message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [bdxr] This weeks meeting

Hello Dale,
Security of the registration service is the hardest as (by definition) it involves communication among two partners that do not yet have any established relation, including established trust. Two options are:
-  Rely on established trusted relations between service providers that relay Connect requests, so that you do not get registration requests directly from an unknown business partner, but via your service provider.  The mechanism you use to trust you service provider is part of your service agreement with that provider..
-  Rely on a mechanism by which entities authenticate using TLS authentication and certificates signed by a CA trusted for Connect messages.  Any certificate signed using this CA is trusted and the entity identifier are extracted from the certificates. Which CA (or CAs) this is,  would depend on the community to connect.  PEPPOL acts as a CA for service providers in public e-procurement, Odette is a dedicated CA for automotive B2B, etc.
PEPPOL uses a combination of the two.  The attached document (which I sent to Roger who is editing the use cases for the Connect protocol, but only today so he hasn't had any time to process it) has some discussion.

From: Moberg Dale [mailto:dmoberg@axway.com]
Sent: 21 August 2012 18:15
To: Pim van der Eijk; 'Kenneth Bengtsson'; bdxr@lists.oasis-open.org
Subject: RE: [bdxr] This weeks meeting

Thanks Pim for helping Kenneth out.


I would like to add some specifics to the DDDS discussion agenda.


I would like to hear some discussion of what a registration service that has the purpose of establishing credentials for access to a metadata service should do.  To do this, some requirements concerning what access and authorization features are needed for a protected metadata service need to be proposed and discussed.





From: bdxr@lists.oasis-open.org [mailto:bdxr@lists.oasis-open.org] On Behalf Of Pim van der Eijk
Sent: Tuesday, August 21, 2012 8:50 AM
To: 'Kenneth Bengtsson'; bdxr@lists.oasis-open.org
Subject: RE: [bdxr] This weeks meeting


Hi Kenneth,


Sorry you can't make it,  I'd be happy to host the call.

Agenda proposal:

1)  Dale's DDDS document

2)  Updates to use cases

3)  F2F agenda and preparations

4)  Updates from related projects and activities

5)  AOB




From: bdxr@lists.oasis-open.org [mailto:bdxr@lists.oasis-open.org] On Behalf Of Kenneth Bengtsson
Sent: 20 August 2012 18:16
To: bdxr@lists.oasis-open.org
Subject: [bdxr] This weeks meeting

Dear all


Because of illness I am unfortunately unable to participate in this weeks TC meeting. If anyone can step in and host the call I can provide you with the Gotomeeting credentials.


Best regards,




Attachment: Connect Use Cases.odt
Description: application/vnd.oasis.opendocument.text

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]