OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: (long) RE: [ebxml-cppa] Purpose of CertificateRef inCollaborationRole

 
-----Original Message-----
From: Arvola Chan [mailto:arvola@tibco.com]
Sent: Tuesday, December 18, 2001 12:11 PM
To: Dale Moberg; ebXML-CPPA (E-mail)
Cc: Peter Ogden
Subject: Re: (long) RE: [ebxml-cppa] Purpose of CertificateRef in CollaborationRole

Dale:
 
I was assuming that if certificate references are missing from the NonRepudiation element, then perhaps the certificate reference included in the CollaborationRole element may be used as the default. I agree that this is a confusing optimization and that we should do away with the defaultSigningCertificateRef attribute. 
 
OK. What should the element name be to indicate it is for use by a layer above the MSH?
 
I think many implementations will want the MSH to sign on behalf of the applications. 
 
Dale >> Yes, I think this is more typical than the financial use case.
 
  Therefore, the certificate references in the NonRepudiation element should be usable by the MSH for signing purposes. Otherwise, where are we recording the signing certificate that the MSH will be using?
 
Yes, I agree that if nonrepudiation is handled by MSH (either origin or receipt) then it goes under these elements.
 
In the 1.0 spec, section 7.6.5 NonRepudiation element, it is stated:
 
"If the NonRepudiation element is omitted, the Messages are not digitally signed." 
 
 Right, where Message signing is over both payload and SOAP envelope as in ebMS.
 
The NonRepudiation and DigitalEnvelope elements under DocExchange may be referenced by a DeliveryChannel that is used synchronously. Therefore, each of NonRepudation and DigitalEnvelope should contain two certificate references, one is required for the normal case, the other is optionally used for signing or encrypting responses that must be returned synchronously. 
 
Can you elaborate why you think synchronous requires a different CertificateRef approach? 
I guess I have not have expected that transport distinction
to make a difference in terms of what keypairs
get used in signing or enveloping....
 
Dale
 
 
-Arvola
 
-----Original Message-----
From: Dale Moberg <dmoberg@cyclonecommerce.com>
To: ebXML-CPPA (E-mail) <ebxml-cppa@lists.oasis-open.org>
Cc: Peter Ogden <pogden@cyclonecommerce.com>; Arvola Chan <arvola@tibco.com>
Date: Tuesday, December 18, 2001 10:15 AM
Subject: (long) RE: [ebxml-cppa] Purpose of CertificateRef in CollaborationRole

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC