OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [ebxml-cppa] Re: **VOTE** BPSS/CPPA issue - #21 (old)

I agree with the proposed change.

-Arvola

-----Original Message-----
From: David Smiley <dsmiley@mercator.com>
To: ebTWG-BPS <ebtwg-bps@lists.ebtwg.org>; ebXML-CPPA
<ebxml-cppa@lists.oasis-open.org>
Date: Thursday, December 13, 2001 7:26 AM
Subject: **VOTE** BPSS/CPPA issue - #21 (old)


>No substantive responses have been received that require
>modifying the proposed change to the specification.
>
>Your vote is needed.
>
>**Do you agree with the proposed change?**
>
>FYI,
>Once approved, the resolution goes into the
>BPSS Issues Log (Pallavi). Then, an editor will be assigned
>to make the changes to the spec prescribed by the resolution.
>
>*************************************************************Old/New issue:
>Old
>Re-numbered for V1.1: 21
>Number: 57
>Date: 4/4
>Originator: Christopher Ferris
>Line: Lines 1081-1100
>
>Issue:
>
>I am still quite uncomfortable with this scheme. It does not
>permit a degree of flexibility that allows for a combination
>of persistent and transient security mechanisms. For instance,
>use of a persistent digital signature over the contents of
>the message (or on selected parts) to provide for authentication
>as well as integrity combined with a transient encryption of
>the message on the wire. Having "isSecureTransport" qualify the
>security characteristics of the Document Flow is IMHO, a poor
>design. I would much prefer that isConfidential, isAuthenticated
>and isTamperProof have the enumeration of "persistent",
>"transient" and "none" (default) such that valid combinations
>of security mechanisms might be applied.
>
>Suggestion for Change to BPSS Spec:
>
>For isConfidential, isAuthenticated and isTamperProof, change
>the type from boolean to enumerated value.
>
>Make the list of possible values be "persistent", "transient",
>"persistent-and-transient", "none" with the default being "none".
>
>The value of the attribute, if other than "none" could be
>interpreted as "at least <value>".  Thus, if the value were
>"transient" it would be interpreted as "at least transient"
>which could mean that the parties might choose to adopt a
>persistent form of the appropriate countermeasure if they were
>more paranoid than the authors of the process. A value of
>"persistent" would be interpreted as "at least persistent" which
>could be augmented with transient countermeasures (e.g. a digitally
>signed message carried over a bilaterally authenticated SSL connection).
>
>Issue Comments:
>
>Background material:
>Some comments were posted against V0.99
>http://www.ebxml.org/project_teams/jdt/ts/SpecificationSchemaV0.99.pdf.
>The current draft being revised is V1.01
>http://www.ebxml.org/specs/ebBPSS.pdf or
>http://www.ebxml.org/specs/ebBPSS.doc.
>
>David Smiley
>Director of Standards
>Mercator Software
>540.338.3355
>
>
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.ebtwg.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC