[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ebbp 3/20/2005: Comment re: documentSecurity (wd10/schema 2-22)
Everyone, as we discussed Tuesday, there are dependencies or
expectations that may exist given the transaction patterns selected and
the expectations of the involved parties. Here is a summary documenting
our discussion and proposed changes either to the technical
specification or schema. Unless the team indicates, I see no specific
changes required in the BT patterns matrix. I ask that we get comments
from the team on any concerns, open questions or changes requested.
* Summary details
o Need to separate business and reliable messaging layers.
Such as: Reliable messaging protocol may have security and
non-repudiation happening with every message as the default.
That may not be raised to business layer where it is persisted.
o Assumptions may be upgraded in the CPPA.
o For Business Transaction and Notification, these attributes
are required.
+ Where required in the schema and specified with a
default, and the partners fail to make a selection,
the attributes are required and the default applies.
o For all others:
+ Where required in the schema and no default is
specified, and the partners fail to make a selection,
the matrix characteristics apply first.
# Else if the matrix specifies that the involved
partners make the selection for
documentSecurity, no persistence required.
+ Where optional and the partners don't make a selection
for documentSecurity, it is assumed to be no
persistence required.
* Open items
o QUESTION: Do we go any further by specifying any
relationship with the quality attribute group
(isIntelligibleCheckRequired, isNonRepudiationRequired,
isNonRepudiationReceptRequired, TimetoAcknowledgeAcceptance,
isAuthorizationRequired and RetryCount)? Note, I believe we
decided to take a pragmatic approach - indicating some
well-formedness rules while requesting more business
requirements.
Updates proposed:
============================================================================================================
Section 4.7.3
Change from:
Trading partners MAY wish to conduct legally enforceable business
transactions over ebXML.
Change to:
Trading partners MAY wish to conduct intentional business transactions
over ebXML.
Section 4.7.5
Change from:
.....Typically, this occurs in intentional situations.
Change to:
.....Typically, this occurs in intentional situations where
authentication and tamper detection are particularly important to
support enforceability. In such cases, it is recommended that the
parties also specify the channel is confidential. Otherwise, document
security is specified by the parties involved. See the patterns matrices
earlier in Section 4 for other details. In those instances where intent
is specified regardless of pattern, documentSecurity attributes apply.
For example, where non-repudiation of content is required,
documentSecurity SHOULD apply although this is subject to the agreement
of the parties. Updates MAY also be made in the CPA.
============================================================================================================
Dale, please advise given these discussions if any schema changes may be
required other than annotations, which I can complete after we agree on
the direction.
Thanks everyone.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]