OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-iic message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [ebxml-iic] Issues from the CPPA database related to iic


1) Category Security
 Submitter Collier
 Issue ID 97
 Issue Encouragement of selected protocols
 Description In order to encourage maximum interoperability, the
following standard
 mechanisms are identified and vendors are encouraged to implement them:

  When exchanging identity information, use X.509v3 Certificates that
follow the
 IETF profile (RFC2459 and its successors). [PKIX]
  When symmetric-key encryption is needed, use  3DES or the AES.
  When asymmetric encryption is needed, use RSA encryption with the
OAEP
 encryption scheme and a key size of 1024 or 2048 bits.
  When hashing (or digesting) is needed, use SHA-1.
 When transport-level security is required, use SSLv3 or TLS with RSA
keys and
 the RC4 (or ARC4) stream cipher.
 Location
 Origin ebXML Technical Architecture Risk
 Date of Origin
 Reference
 Status
 Target Version 1.1
 Responsible Party
 Notes Out of scope; forward to suitable group such as IIC

2) Category BPSS
 Submitter Sachs
 Issue ID 135
 Issue Technical report on interoperability across Messaging, BPSS and
CPPA specs
 Description We might want to consider a technical report on
interoperability across the
 Messaging, BPSS and CPPA specifications. Dale agreed with the idea and
felt
 that someone needs to draft it, but wasn't sure who.
 Location
 Origin call
 Date of Origin 8/6/2001
 Reference
 Status
 Target Version 1.1
 Responsible Party Unal
 Notes Contribute to work of IIC (M. Wang)

3) Category Messaging
 Submitter Sachs
 Issue ID 135
 Issue Technical report on interoperability across Messaging, BPSS and
CPPA specs
 Description We might want to consider a technical report on
interoperability across the
 Messaging, BPSS and CPPA specifications. Dale agreed with the idea and
felt
 that someone needs to draft it, but wasn't sure who.
 Location
 Origin call
 Date of Origin 8/6/2001
 Reference
 Status
 Target Version 1.1
 Responsible Party Unal
 Notes Contribute to work of IIC (M. Wang)

4) Category Security
 Submitter Collier
 Issue ID 96
 Issue Key Management
 Description Key management is a major issue that needs to be addressed
with respect to the
  capabilities of the TR& P Message Service Handler. In particular, if
the MSH will
 be called upon to apply digital signatures, the appropriate private
keys must be
 available to the MSH. Private keys must be managed very carefully and
 deliberately. Thus, some configuration will be necessary to establish
the key
 management mechanisms to be used by the MSH.
 Location
 Origin ebXML Technical Architecture Risk
 Date of Origin
 Reference
 Status
 Target Version
 Responsible Party
 Notes "IIC best practices"

5)
Category Messaging
 Submitter Sachs
 Issue ID 133
 Issue Clarify MSH, Middleware, and their relationship
 Description Marty wants to make sure that we distinguish between the
formal definition of
 MSH [editorial: which is not entirely clear] and related middleware.

  Returning to syntax checking as part of receipt acknowledgement, it
was
 mentioned that the MSH could provide a plug in. This again raises
questions
 about the scope of MSH and division of labor among middleware
components.
 Someone (Engkee?) asked if the Interoperability committee might address
such
 Location
 Origin call
 Date of Origin 8/6/2001
 Reference
 Status
 Target Version 1.1
 Responsible Party
 Notes






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC