[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: T2 Minor Inconsistency in Section 12.2
Arvola, Thanks for restating the reference. Presumably the missing third bullet should refer to the security definitions is the transport section of the CPA (mainly SSL right now). There is no "message" section of the CPA. The document-exchange section covers all CPA aspects of the Messaging Service including security. Under NonRepudiation, the CPA spec states that it covers signing of the message. I believe that this is in sync with what the MSH does. However in the security discussions towards the end of the first phase of ebXML and subsequently, it has become apparent that the CPA needs a lot more on security under document exchange. Things that the CPPA team needs to give closer attention to include signing of message vs signing of payload and signing of signals as well as signing of the "application-level" message. Some of this is touched upon by the attributes of the Characteristics element but we probably need to do a lot more. Regards, Marty ************************************************************************************* Martin W. Sachs IBM T. J. Watson Research Center P. O. B. 704 Yorktown Hts, NY 10598 914-784-7287; IBM tie line 863-7287 Notes address: Martin W Sachs/Watson/IBM Internet address: mwsachs @ us.ibm.com ************************************************************************************* ------------------ Forwarded by Martin W Sachs/Watson/IBM on 07/30/2001 02:00 PM --------------------------- "Arvola Chan" <arvola@tibco.com> on 07/29/2001 09:33:21 PM To: Martin W Sachs/Watson/IBM@IBMUS cc: "ebXML Msg" <ebxml-msg@lists.oasis-open.org> Subject: Re: T2 Minor Inconsistency in Section 12.2 Marty: I am referring to the following sub-section from the Messaging Service spec: 12.2 Collaboration Protocol Agreement The configuration of Security for MSHs may be specified in the CPA. Three areas of the CPA have security definitions as follows: · The Document Exchange section addresses security to be applied to the payload of the message. The MSH is not responsible for any security specified at this level but may offer these services to the message sender. · The Message section addresses security applied to the entire ebXML Document, which includes the header and the payload. ----- Original Message ----- From: "Martin W Sachs" <mwsachs@us.ibm.com> To: "Arvola Chan" <arvola@tibco.com> Cc: "ebXML Msg" <ebxml-msg@lists.oasis-open.org> Sent: Sunday, July 29, 2001 7:18 PM Subject: Re: T2 Minor Inconsistency in Section 12.2 Arvola, Unfortunately there are three different "versions" of version 1.0 in circulation: The copy approved on May 10, the slightly reformatted copy, and the more recent reformatted copy. Apparently the line numbering does not agree among them. Please re-post this comment, referring to the section number. Everyone, if you refer to line numbers, please be sure you are looking at the original approved version(labelled "normative document" on the ebXML web site). It would be safest always to include section numbers in your comments. Regards, Marty ************************************************************************************* Martin W. Sachs IBM T. J. Watson Research Center P. O. B. 704 Yorktown Hts, NY 10598 914-784-7287; IBM tie line 863-7287 Notes address: Martin W Sachs/Watson/IBM Internet address: mwsachs @ us.ibm.com ************************************************************************************* Arvola Chan <arvola@tibco.com> on 07/26/2001 07:14:26 PM To: ebXML Msg <ebxml-msg@lists.oasis-open.org> cc: Subject: T2 Minor Inconsistency in Section 12.2 Line 1978 talks about three areas of the CPA that have security definitions. This is followed by only two bullets. The first bullet says "The MSH is not responsible for any security specified at this level but may offer these services to the message sender". This seems contradictory. If the MSH offers these services, isn't it responsible for doing the necessary encryption and decryption? What does "not responsible for any security specified at this level" really mean? The second bullet refers to a Message section in the CPA. No such section can be found in the schema (Appendix D in the CPPA spec). -Arvola ------------------------------------------------------------------ To unsubscribe from this elist send a message with the single word "unsubscribe" in the body to: ebxml-msg-request@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC