OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [ebxml-cppa] RE: [ebxml-msg] CPA & MS overriding parameters - Mildcorrection

[This replaces the last send, which was incomplete.] 

Just got Suresh's latest message after I sent mine. 
Incidentally, I am mirroring to ebxml-msg but it may bounce as I may not still be signed up there.  Please feel free to cc that list, if this should be copied there.

At 11:32 AM 11/14/01, Damodaran, Suresh wrote:
<sd>
The parameters that can be overridden are in CPA also because in some cases parties may decide that these MUST not be overridden, and state so in the policy (we may not have such a mechanism in CPA, but the CPA TC may consider having it)
<sd/>

We do have a mechanism in the CPA/CPP spec for non-overridable parameters.  It's called the CPA.   I don't mean to be flip.   The entry assumption of using a CPA is that two trading partners plan to conduct a logically associated set of transactions -- likely to progress from the first to last without intervention.  I ham having trouble imagining why any trading partner would want to permit the business signal parameters to change in the middle of runtime of a nonsupervised collaboration.  
    *  If we are only talking about a collaboration composed of a single transaction, this issue is irrelevant.  There is no need to vary on a 'per-message' basis from the CPA parameters, if they only apply to one pair of messages.
   *  If we are talking about a multi-step collaboration, could someone give me an example of a CPA-invoked parameter that I might as a trading partner be willing to "waive" by acceding to an override?   Here's what I imagine:

    (1)   I am offering to sell widgets.  You find my prospective offer in a registry along with a CPP.  My CPP asks you as a buyer always to XML-DSIG sign and hash through any substantive acceptance or rejection -- as I will be bound to ship you up to $1000000 of widgets, and want to be sure about your being bound to pay in a manner that gives me some pretty good evidence that the "acceptance" came authentically from you. 

    (2)   You and I enter into a CPA that includes that DSIG level of repudiation protection as a parameter.

    (3)    I send you my binding e-offer to sell, upon the acceptance of which I am bound to deliver to you.  It is contained in a message with no overrides.

    (4)    You return a message to me with a logically valid and BP-conformant acceptance -- but no DSIG, and a message header that essentially says "no DSIG needed".   

Well, as a lawyer I'm just full of questions at this point:  (a) Am I bound by your acceptance?  (b) Why would I ever, if sober, agree to the optionality of the DSIG requirement in the CPA itself?   Isn't "optional" or "overridable" logically identical to "no"?   What does {yes|no|optional} add to {yes|no} ?

Regards   Jamie

James Bryce Clark   
VP and General Counsel, McLure-Moynihan Inc.
Chair, ABA Business Law Subcommittee on Electronic Commerce 
(www.abanet.org/buslaw/cyber/ecommerce/ecommerce.html)
1 818 597 9475   jamie.clark@mmiec.com    jbc@lawyer.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC