OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Non Repudiation


Suresh:
 
Thank you for your clarification. I doubt if further elaboration on non repudiation parameters needs to be included in the 1.1 CPPA spec. I would propose it as a 2.0 requirement.
 
-Arvola
-----Original Message-----
From: Damodaran, Suresh <Suresh_Damodaran@stercomm.com>
To: 'Arvola Chan' <arvola@tibco.com>; ebxml-cppa@lists.oasis-open.org <ebxml-cppa@lists.oasis-open.org>
Date: Friday, August 17, 2001 8:00 AM
Subject: RE: Non Repudiation

Arvola,
 
This is my understanding of the non-repudiation problem.
I am assuming the general case of n partners in a business process.
If n=2, it is incidental.
 
The persistent copy of the message (including payloads)
will be stored as "archives" for a long time. Without these archives,
nonrepudiation is not possible. Some specific
issues/comments below.
 
1. What is the archival policy?
    There are three broad types of archival policies.
        - archived till a fixed date ("fixed policy")
        - archived relative to today, say for 7 years ("relative")
        - always keep an archive of k backups taken at the end of a predefined interval.
          When the time period elapses, the earliest back up is trashed and a new one is added
2. Are there regulations that mandate any of the archival policy?
    Some industries do have such requirements. I fairly sure banking industry has one.
 
3. When there are multiple partners, the CPA, if it has the archival policy, then
should be same for all the partners in the business process. However, it is also
possible that the same trading partner may be involved with multiple business
processes involving different archival policies.
 
 
Needless to say, non-repudiation is a vital requirement for business.
 
Comments 2 & 3 above lead me to believe that non-repudiation requirements (archival
policy, and any other piece of info for processing the archives) will likely need to be
represented in the CPA, and will likely be specific to the business process. Hope this helps!
 
On the other question of logging, I don't think I quite understand the question.
I would say logging is neither below nor above but along side!
 
Cheers,
-Suresh
 
-----Original Message-----
From: Arvola Chan [mailto:arvola@tibco.com]
Sent: Thursday, August 16, 2001 1:45 PM
To: ebxml-cppa@lists.oasis-open.org
Subject: Non Repudiation

Don't non repudiation of origin and non repudiation of receipt imply that the recipient has to keep a persistent copy of the message for some rather long period of time (typically of the order of years)?
 
Is this duration implicit (i.e., has the same value for all cases) or should it be represented explicitly in the CPA?
 
Another related question is whether the logging functionality to support non repudiation belongs above or below the Message Service Interface.
 
-Arvola
 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC