[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [ebxml-cppa] Re: Arvola's comments on version 1.01
Tony: I agree that it is OK to remove the following text from the 1.02 spec: "In this initial version of this specification, this MAY be accomplished by creating a CPA between each Party and the intermediary in addition to the CPA between the two Parties. The functionality needed for the interaction between a Party and the intermediary is described in the CPA between the Party and the intermediary. The functionality needed for the interaction between the two Parties is described in the CPA between the two Parties." Regarding the confidentiality attribute section, I just feel that the following statement is a little bit too strong: "It MUST be encrypted above the level of the transport and delivered, encrypted, to the application." Some clarification along the lines used in the exchanges you have with Marty may be helpful. Thanks, -Arvola ----- Original Message ----- From: "Tony Weida" <rweida@hotmail.com> To: "Arvola Chan" <arvola@tibco.com>; "CPPA" <ebxml-cppa@lists.oasis-open.org> Sent: Thursday, January 03, 2002 7:29 AM Subject: Arvola's comments on version 1.01 > Arvola, > > Regarding two comments you included for version 1.01 (the version I > distributed to the list, with changes highlighted): > > 1. You commented about lines 339-343: "It was agreed in the joint MSG-CPPA > meeting in October that the 1.1 CPP/A spec will not address the requirements > for interacting with intermediaries." > > I believe the identified text is broadly informational in nature and doesn't > conflict with your comment, so I'd be inclined to remove that comment from > version 1.02. Okay? > > 2. You commented on the confidentiality attribute, lines 1503-1504) as > follows: "I think the last part of the sentence "and delivered, encrypted, > to the application" should be struck out. The encryption might have happened > before the ebXML message is packaged and signed. The middleware on the > receiver side probably should pass the decrypted payload to the destination > application." > > In response, I commented: "I thought the intent of this attribute was to > specify confidential delivery between applications, and thus the sentence > should remain intact." Is that agreeable, or shall I record this as an > issue? > > Regards, > Tony
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC