[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Nonrepudiation of receipt in CPA
After today's conference call, I realized that I should emphasize a point that I made a few weeks ago with an additional matter that I overlooked at the time. NRR is expressed in the CPA by the NonRepudiation element under ebXMLBinding in the delivery channel. The delivery channel describes a Party's receive properties. Nonrepudiation requires action by both parties. However signing is done by the From Party. So having it NRR in the delivery channel (receive properties) is a bit peculiar. The points that I don't think I made previously are these: Although NonRepudiation is in the delivery channel (receive properties), the certificate which must be referenced is for signing the message. This certificate belongs to the From party, not the To party. If we leave NonRepudiation where it is, the text must make it clear that the certificate is one belonging to the other party, not the party that owns this delivery channel. Because the certificate belongs to the other party, the certificate reference is meaningless in the CPP. The text should state that the certificate referenced in the CPP must be replaced by a reference to the other party's certificate when the CPA is composed. A better solution is to provide "send" delivery channels along with the "receive" delivery channels though this is probably out of scope for V1.1. Regards, Marty ************************************************************************************* Martin W. Sachs IBM T. J. Watson Research Center P. O. B. 704 Yorktown Hts, NY 10598 914-784-7287; IBM tie line 863-7287 Notes address: Martin W Sachs/Watson/IBM Internet address: mwsachs @ us.ibm.com *************************************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC