[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fwd: [ebxml-msg] Note about CPA hash in ebXML message
Sacha has a very good point about detecting CPA misalignment (see below). I suggest that we put a non-normative note on this in a prominent place in the CPPA specification. Regards, Marty >Mailing-List: contact ebxml-msg-help@lists.oasis-open.org; run by ezmlm >X-No-Archive: yes >List-Post: <mailto:ebxml-msg@lists.oasis-open.org> >List-Help: <mailto:ebxml-msg-help@lists.oasis-open.org> >List-Unsubscribe: <mailto:ebxml-msg-unsubscribe@lists.oasis-open.org> >List-Subscribe: <mailto:ebxml-msg-subscribe@lists.oasis-open.org> >Delivered-To: mailing list ebxml-msg@lists.oasis-open.org >Date: Thu, 13 Jan 2005 08:29:44 -0700 >X-MS-Has-Attach: >X-MS-TNEF-Correlator: >Thread-Topic: Note about CPA hash in ebXML message >Thread-Index: AcT5hLV2FZRtjRkjTtmtbNuKAedNNA== >From: "Sacha Schlegel" <sschlegel@cyclonecommerce.com> >To: <ebxml-msg@lists.oasis-open.org> >X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on > hermes.oasis-open.org >X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.64 >X-Spam-Level: >Subject: [ebxml-msg] Note about CPA hash in ebXML message >X-XWall-Excl: maillist >X-OriginalArrivalTime: 13 Jan 2005 15:34:07.0500 (UTC) >FILETIME=[52014CC0:01C4F985] >X-NAS-Bayes: #0: 1.0823E-290; #1: 1 >X-NAS-Classification: 0 >X-NAS-MessageID: 3673 >X-NAS-Validation: {6C6C0D95-D959-4B50-8369-95681D6D69E6} > >Hi ebMS team > >During a recent ebMS phone conference I brought up the thought of having a >CPA hash in addition to the CPA ID. > >Here a short description. > >Regards > >Sacha > >--------------------------------------------- > >If ebXML messages are based upon ebXML CPA's as their underlying agreement >it is suggested that the ebXML message not only uses the CPA ID as the >reference to the agreement but to also use the MD5 hash value of the >actual CPA file. > >The anomaly of an agreement is that both parties must deploy the same >agreement. It is important that the underlying agreement is not changed by >one party (would result in a different MSH behaviour and potential >inconsitencies). If an agreement must be changed it is important that both >parties replace their current agreement with the new agreement. > >Just checking the reference to the underlying agreement does not >explicitly assure that the agreement has not been modified. Using the MD5 >hash of the actual CPA file as an optional ebXML message header element >provides the assurance that the agreement has not been changed. > >A different MD5 hash of the CPA indicates that the CPA has been modified >and that the two MSH system might be mis-aligned. > > >--------------------------------------------- > >To unsubscribe from this mailing list (and be removed from the roster of >the OASIS TC), go to >http://www.oasis-open.org/apps/org/workgroup/ebxml-msg/members/leave_workgroup.php. ************************************* Martin Sachs standards architect Cyclone Commerce msachs@cyclonecommerce.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]