[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [ebxml-cppa] isConfidential
By way of background, the new wording arose from discussion of the previous wording: "It MUST be encrypted above the level of the transport and delivered, encrypted, to the application." Arvola wanted to weaken the wording and I didn't. In particular, I wanted to ensure that the "application" controls when and where decryption takes place. However, there was a general feeling that the definition of "application" would be hard to agree on. Thanks, Tony ----- Original Message ----- From: "Christopher Ferris" <chris.ferris@sun.com> To: "Tony Weida" <rweida@hotmail.com> Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org> Sent: Monday, March 11, 2002 2:33 PM Subject: Re: [ebxml-cppa] isConfidential > I took that as a given. However, as I indicated, it > really has nothing to do with "persistence on some > media". The fact that I use XML Encryption on a message > does not necessarily require any manner of persistence > (e.g. storage on some form of media such as hard disk). > > The confidentiality accorded a message that is characterized > as "isConfidential='persistent' is a function of the message > itself. isConfidential='transient-and-persistent' is a > function BOTH of the communications protocol that is used > to exchange the message between two adjacent network nodes > and of the message itself, independent of the mechanism > used to convey the message between network nodes. > > The fact that a message that has used a persistent form > of confidentiality *might* be stored (locally or elsewhere) > on some form of storage media is secondary to the definition > of what this property means. > > Cheers, > > Chris > > Tony Weida wrote: > > > The isConfidential attribute has four potential values: "none", "transient", > > "persistent", and "transient-and-persistent". The cited text applies to the > > persistent cases. Sorry for omitting the qualification. THe motivation is > > to address the case of confidential exchange between applications, not > > merely MSHs. > > > > ----- Original Message ----- > > From: "Christopher Ferris" <chris.ferris@sun.com> > > To: "Tony Weida" <rweida@hotmail.com> > > Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org> > > Sent: Monday, March 11, 2002 2:09 PM > > Subject: Re: [ebxml-cppa] isConfidential > > > > > > > >>Why would persistence (I assume on some media) be a > >>consideration? True, the confidentiality is "persistent", > >>but persistent only to the degree that the feature is > >>not a function of the transfer or transport mechanism > >>but of the message itself. > >> > >>Tony Weida wrote: > >> > >> > >>>Here's the text we arrived at during the last call to characterize > >>>isConfidential: > >>> > >>> > >>> > >>> "...persisted locally in encrypted form, and made available to the > >>> application in accordance with local security policies implemented > >>> to preserve confidentiality." > >>> > >>> > >>> > >>>Tony > >>> > >>> > >> > >> > > > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC