OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Fwd: [ebxml-msg] Note about CPA hash in ebXML message

Sacha has a very good point about detecting CPA misalignment (see below).

I suggest that we put a non-normative note on this in a prominent place in 
the CPPA specification.

Regards,
Marty

>Mailing-List: contact ebxml-msg-help@lists.oasis-open.org; run by ezmlm
>X-No-Archive: yes
>List-Post: <mailto:ebxml-msg@lists.oasis-open.org>
>List-Help: <mailto:ebxml-msg-help@lists.oasis-open.org>
>List-Unsubscribe: <mailto:ebxml-msg-unsubscribe@lists.oasis-open.org>
>List-Subscribe: <mailto:ebxml-msg-subscribe@lists.oasis-open.org>
>Delivered-To: mailing list ebxml-msg@lists.oasis-open.org
>Date: Thu, 13 Jan 2005 08:29:44 -0700
>X-MS-Has-Attach:
>X-MS-TNEF-Correlator:
>Thread-Topic: Note about CPA hash in ebXML message
>Thread-Index: AcT5hLV2FZRtjRkjTtmtbNuKAedNNA==
>From: "Sacha Schlegel" <sschlegel@cyclonecommerce.com>
>To: <ebxml-msg@lists.oasis-open.org>
>X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on
>         hermes.oasis-open.org
>X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.64
>X-Spam-Level:
>Subject: [ebxml-msg] Note about CPA hash in ebXML message
>X-XWall-Excl: maillist
>X-OriginalArrivalTime: 13 Jan 2005 15:34:07.0500 (UTC) 
>FILETIME=[52014CC0:01C4F985]
>X-NAS-Bayes: #0: 1.0823E-290; #1: 1
>X-NAS-Classification: 0
>X-NAS-MessageID: 3673
>X-NAS-Validation: {6C6C0D95-D959-4B50-8369-95681D6D69E6}
>
>Hi ebMS team
>
>During a recent ebMS phone conference I brought up the thought of having a 
>CPA hash in addition to the CPA ID.
>
>Here a short description.
>
>Regards
>
>Sacha
>
>---------------------------------------------
>
>If ebXML messages are based upon ebXML CPA's as their underlying agreement 
>it is suggested that the ebXML message not only uses the CPA ID as the 
>reference to the agreement but to also use the MD5 hash value of the 
>actual CPA file.
>
>The anomaly of an agreement is that both parties must deploy the same 
>agreement. It is important that the underlying agreement is not changed by 
>one party (would result in a different MSH behaviour and potential 
>inconsitencies). If an agreement must be changed it is important that both 
>parties replace their current agreement with the new agreement.
>
>Just checking the reference to the underlying agreement does not 
>explicitly assure that the agreement has not been modified. Using the MD5 
>hash of the actual CPA file as an optional ebXML message header element 
>provides the assurance that the agreement has not been changed.
>
>A different MD5 hash of the CPA indicates that the CPA has been modified 
>and that the two MSH system might be mis-aligned.
>
>
>---------------------------------------------
>
>To unsubscribe from this mailing list (and be removed from the roster of 
>the OASIS TC), go to 
>http://www.oasis-open.org/apps/org/workgroup/ebxml-msg/members/leave_workgroup.php.

*************************************
Martin Sachs
standards architect
Cyclone Commerce
msachs@cyclonecommerce.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]