OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [ebxml-cppa] isConfidential


Dale,

Involving storage media as a requirement to satisfy
'isConfidential='persistent' would complicate matters
greatly with regards to an implementation. It would
effectively amount to a change of the required behavior of
an MSH beyond what the MSG TC has currently specified
in v2.0c.

*IF* the message is written to persistent storage media,
then clearly, it is true that it MUST be done in such a
way that the confidentiality is preserved.

I would think that the analysis is flawed (no offense
intended!). I can easily conceive of a requirement that
NO persistent storage be used (this message will self-destruct
in five seconds) so as to further ensure that confidentiality is not
compromised after-the-fact.

Cheers,

Chris

Dale Moberg wrote:

> We just added the part about persisted locally
> because Brian Hayes and Pallavi Malu (who
> are on BPSS and CPPA) advised us that this
> language was to be in their new BPSS document,
> and that it was there because of the UMM analsis.
> 
> Does anyone know the chapter and verse
> from the UMM for this "analysis" of
> isConfidential? 
> 
> We have been relying
> on Brian and Pallavi since they are
> involved in both sides. 
> 
> We are aware that Messaging
> had been the source of the "transient" vs
> "persistent" distinctions. 
> 
> The current issue has been one
> where we have ended up saying
> something definite, albeit vague, about the
> local programmatic behavior. We did
> not say what kind of hard drive you
> had to use, however:-)
> 
> 
> -----Original Message-----
> From: Christopher Ferris [mailto:chris.ferris@sun.com]
> Sent: Monday, March 11, 2002 1:32 PM
> To: Dale Moberg
> Cc: Tony Weida; CPPA
> Subject: Re: [ebxml-cppa] isConfidential
> 
> 
> Hmmm... then you'd better get some clarification.
> That wasn't what I was given to understand. Basically,
> the notions of persistent vs transient confidentiality, etc.
> were raised by me, not originating from BPSS. They
> had originally had just a boolean which could have
> been interpreted sixteen ways to sunday. Before that,
> they were implying specific technology solutions in
> their characterization which was also felt to be
> inappropriate as this is the realm not of the model, but
> of the agreement between parties and the common capabilities
> of their respective solutions.
> 
> Cheers,
> 
> Chris
> 
> Dale Moberg wrote:
> 
> 
>>Also, persistence, or the idea that "a copy was to be
>>saved," was part of
>>the BPSS clarification 
>>of what isConfidential was to
>>mean. 
>>
>>Probably from the UMM, somewhere.
>>
>>Dale
>>
>>-----Original Message-----
>>From: Tony Weida [mailto:rweida@hotmail.com]
>>Sent: Monday, March 11, 2002 12:20 PM
>>To: Christopher Ferris
>>Cc: CPPA
>>Subject: Re: [ebxml-cppa] isConfidential
>>
>>
>>The isConfidential attribute has four potential values: "none",
>>"transient",
>>"persistent", and "transient-and-persistent".  The cited text applies
>>
> to
> 
>>the
>>persistent cases.  Sorry for omitting the qualification.  THe
>>
> motivation
> 
>>is
>>to address the case of confidential exchange between applications, not
>>merely MSHs.
>>
>>----- Original Message -----
>>From: "Christopher Ferris" <chris.ferris@sun.com>
>>To: "Tony Weida" <rweida@hotmail.com>
>>Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org>
>>Sent: Monday, March 11, 2002 2:09 PM
>>Subject: Re: [ebxml-cppa] isConfidential
>>
>>
>>
>>
>>>Why would persistence (I assume on some media) be a
>>>consideration? True, the confidentiality is "persistent",
>>>but persistent only to the degree that the feature is
>>>not a function of the transfer or transport mechanism
>>>but of the message itself.
>>>
>>>Tony Weida wrote:
>>>
>>>
>>>
>>>>Here's the text we arrived at during the last call to characterize
>>>>isConfidential:
>>>>
>>>>
>>>>
>>>>   "...persisted locally in encrypted form, and made available to
>>>>
>>>>
>>the
>>
>>
>>>>   application in accordance with local security policies
>>>>
>>>>
>>implemented
>>
>>
>>>>   to preserve confidentiality."
>>>>
>>>>
>>>>
>>>>Tony
>>>>
>>>>
>>>>
>>>
>>----------------------------------------------------------------
>>To subscribe or unsubscribe from this elist use the subscription
>>manager: <http://lists.oasis-open.org/ob/adm.pl>
>>
> 
> 
> 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC