[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ebxml-cppa] ebMS 3.0 draft configuration examples.
|
Hello Dale,
In case I don't make it tonight, some feedback on
this:
1) In "docExchangeA1",
the MEPBinding values should be "pull" instead of "push",
right?
2) In ebMS3, access to messages by pulling is done
only by MPC name, not by values for From and To PartyId. The example in ebMS3
CD-07, section 5.3.2 makes this clear as a pull signal does not contain a
PartyInfo element, so it does not provide information about "who" is attempting
to pull messages from "whom". Section 7.10 of ebMS3 defines a way to define
authorization mechanisms for MPCs.
- If an organization wants to use CPA to configure MPC
channels to be polled by partners, do we need a restriction that a specific
channel can only be pulled by one organization, or more
precisely, can only be defined by one (active) CPA? Otherwise
the server from which messages are polled would need to inspect all active CPAs
for the MPCs they define, to build an access list (e.g. usernames and
passwords ) for each of the MPCs.
- More an ebMS3 question perhaps: Thinking about this
further, shouldn't the default ebMS3 MPC a partner pulls from be something like
"http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/PartyType/PartyId"
rather than "http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC"?
Pim From: Dale Moberg [mailto:dmoberg@us.axway.com] Sent: 26 June 2007 10:21 To: OASIS ebXML CPPA TC Subject: [ebxml-cppa] ebMS 3.0 draft configuration examples. Hi, I am attaching what I am able to
complete on the examples whose features were specified during the last TC
teleconference, June 22, 2007. I have asked ebMS TC to provide
“summary” URIs for their conformance profile values. (I did not see URIs for
them in the latest ebMS conformance draft.) There are also some Reliability
features that need some more discussion that I will put on the agenda for the
next meeting. The security parameters need focused
review also. In particular we need to decide what to do about configurability of
order of encryption and signature (if anything) and about specifications about
what parts/elements are signed and/or encrypted. The attachments include one ebBP 2.0
instance, two CPPs, one CPA, and the new XSD that supports all this stuff. I
discovered that we needed one additional change in Transport to deal with the
“pull” (poll) MEP which is that we needed to allow Server Security for the
Sender (of business document). The schema had apparently assumed that Receivers
would always have Transport Server Security
configurations. There are probably several
refinements that need to be made before these examples are correct but in the
interest of leaving more time for review, they are in a zip file, disguised with
the ZZZ file extension for subverting security attachment
policies. Note that you will need to change
the schema location values for your environment. Also pending are the sample SOAP 1.2
message examples that conform with ebMS 3 schema and these CPPA and ebBP
artifacts. Probably another week or so for those. Editor
mode |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]