Re: [ebxml-cppa] isConfidential

[Tony Weida <rweida@hotmail.com>]

Sounds good to me.  (Omission of the word "authorized" wouldn't change the
facts :-)

----- Original Message -----
From: "Christopher Ferris" <chris.ferris@sun.com>
To: "Tony Weida" <rweida@hotmail.com>
Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org>
Sent: Monday, March 11, 2002 3:22 PM
Subject: Re: [ebxml-cppa] isConfidential


> Then might I suggest the following:
>
> A mechanism that is applied to the message itself, irrespective
> of the communication protocol(s) used to convey the message, such that
> its content (in whole, or in part) can only be revealed to
> the authorized holder of the key that is used to decrypt the
> encrypted content.
>
> Cheers,
>
> Chris
>
> Tony Weida wrote:
>
> > By way of background, the new wording arose from discussion of the
previous
> > wording:
> >
> > "It MUST be encrypted above the level of the transport and delivered,
> > encrypted, to the application."
> >
> > Arvola wanted to weaken the wording and I didn't.  In particular, I
wanted
> > to ensure that the "application" controls when and where decryption
takes
> > place.  However, there was a general feeling that the definition of
> > "application" would be hard to agree on.
> >
> > Thanks,
> > Tony
> >
> > ----- Original Message -----
> > From: "Christopher Ferris" <chris.ferris@sun.com>
> > To: "Tony Weida" <rweida@hotmail.com>
> > Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org>
> > Sent: Monday, March 11, 2002 2:33 PM
> > Subject: Re: [ebxml-cppa] isConfidential
> >
> >
> >
> >>I took that as a given. However, as I indicated, it
> >>really has nothing to do with "persistence on some
> >>media". The fact that I use XML Encryption on a message
> >>does not necessarily require any manner of persistence
> >>(e.g. storage on some form of media such as hard disk).
> >>
> >>The confidentiality accorded a message that is characterized
> >>as "isConfidential='persistent' is a function of the message
> >>itself. isConfidential='transient-and-persistent' is a
> >>function BOTH of the communications protocol that is used
> >>to exchange the message between two adjacent network nodes
> >>and of the message itself, independent of the mechanism
> >>used to convey the message between network nodes.
> >>
> >>The fact that a message that has used a persistent form
> >>of confidentiality *might* be stored (locally or elsewhere)
> >>on some form of storage media is secondary to the definition
> >>of what this property means.
> >>
> >>Cheers,
> >>
> >>Chris
> >>
> >>Tony Weida wrote:
> >>
> >>
> >>>The isConfidential attribute has four potential values: "none",
> >>>
> > "transient",
> >
> >>>"persistent", and "transient-and-persistent".  The cited text applies
to
> >>>
> > the
> >
> >>>persistent cases.  Sorry for omitting the qualification.  THe
motivation
> >>>
> > is
> >
> >>>to address the case of confidential exchange between applications, not
> >>>merely MSHs.
> >>>
> >>>----- Original Message -----
> >>>From: "Christopher Ferris" <chris.ferris@sun.com>
> >>>To: "Tony Weida" <rweida@hotmail.com>
> >>>Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org>
> >>>Sent: Monday, March 11, 2002 2:09 PM
> >>>Subject: Re: [ebxml-cppa] isConfidential
> >>>
> >>>
> >>>
> >>>
> >>>>Why would persistence (I assume on some media) be a
> >>>>consideration? True, the confidentiality is "persistent",
> >>>>but persistent only to the degree that the feature is
> >>>>not a function of the transfer or transport mechanism
> >>>>but of the message itself.
> >>>>
> >>>>Tony Weida wrote:
> >>>>
> >>>>
> >>>>
> >>>>>Here's the text we arrived at during the last call to characterize
> >>>>>isConfidential:
> >>>>>
> >>>>>
> >>>>>
> >>>>>   "...persisted locally in encrypted form, and made available to the
> >>>>>   application in accordance with local security policies implemented
> >>>>>   to preserve confidentiality."
> >>>>>
> >>>>>
> >>>>>
> >>>>>Tony
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>
> >>
> >>----------------------------------------------------------------
> >>To subscribe or unsubscribe from this elist use the subscription
> >>manager: <http://lists.oasis-open.org/ob/adm.pl>
> >>
> >
>
>
>