OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: T2 Minor Inconsistency in Section 12.2


Arvola,

Thanks for restating the reference.  Presumably the missing third  bullet
should refer to the security definitions is the transport section of the
CPA (mainly SSL right now).

There is no "message" section of the CPA.  The document-exchange section
covers all CPA aspects of the Messaging Service including security.  Under
NonRepudiation, the CPA spec states that it covers signing of the message.
I believe that this is in sync with what the MSH does. However in the
security discussions towards the end of the first phase of ebXML and
subsequently, it has become apparent that the CPA needs a lot more on
security under document exchange.  Things that the CPPA team needs to give
closer attention to include signing of message vs signing of payload and
signing of signals as well as signing of the "application-level" message.
Some of this is touched upon by the attributes of the Characteristics
element but we probably need to do a lot more.

Regards,
Marty

*************************************************************************************

Martin W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY 10598
914-784-7287;  IBM tie line 863-7287
Notes address:  Martin W Sachs/Watson/IBM
Internet address:  mwsachs @ us.ibm.com
*************************************************************************************
------------------ Forwarded by Martin W Sachs/Watson/IBM on 07/30/2001
02:00 PM ---------------------------

"Arvola Chan" <arvola@tibco.com> on 07/29/2001 09:33:21 PM

To:   Martin W Sachs/Watson/IBM@IBMUS
cc:   "ebXML Msg" <ebxml-msg@lists.oasis-open.org>
Subject:  Re: T2 Minor Inconsistency in Section 12.2






Marty:

I am referring to the following sub-section from the Messaging  Service
spec:

12.2 Collaboration Protocol Agreement

The configuration of Security for MSHs may be specified in the  CPA. Three
areas of the CPA have security definitions as follows:


· The Document Exchange section addresses  security to be applied to the
payload of the message. The MSH is not responsible  for any security
specified at this level but may offer these services to the  message
sender.


· The Message section addresses security  applied to the entire ebXML
Document, which includes the header and the  payload.

----- Original Message -----
From: "Martin W Sachs" <mwsachs@us.ibm.com>
To: "Arvola Chan" <arvola@tibco.com>
Cc: "ebXML Msg" <ebxml-msg@lists.oasis-open.org>
Sent: Sunday, July 29, 2001 7:18 PM
Subject: Re: T2 Minor Inconsistency in Section  12.2



Arvola,

Unfortunately there are three different "versions" of  version 1.0 in
circulation:  The copy approved on May 10, the slightly  reformatted copy,
and the more recent reformatted copy.  Apparently the  line numbering does
not agree among them.

Please re-post this comment,  referring to the section number.

Everyone, if you refer to line numbers,  please be sure you are looking at
the original approved version(labelled  "normative document" on the ebXML
web site). It would be safest always to  include section numbers in  your
comments.

Regards,
Marty

*************************************************************************************

Martin  W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY  10598
914-784-7287;  IBM tie line 863-7287
Notes address:   Martin W Sachs/Watson/IBM
Internet address:  mwsachs @  us.ibm.com
*************************************************************************************



Arvola  Chan <arvola@tibco.com> on 07/26/2001  07:14:26 PM

To:   ebXML Msg <ebxml-msg@lists.oasis-open.org>
cc:
Subject:  T2 Minor Inconsistency in Section  12.2




Line 1978 talks about three areas of the CPA that   have security
definitions. This is followed by only two bullets.

The  first bullet says "The MSH is not  responsible for any  security
specified at this level but may offer these  services to the  message
sender". This seems contradictory. If the MSH offers  these  services,
isn't
it responsible for doing the necessary encryption and   decryption? What
does "not responsible for any security specified at this  level"  really
mean?

The second bullet refers to a Message  section in  the CPA. No such section
can be found in the schema  (Appendix D in the CPPA   spec).

-Arvola






------------------------------------------------------------------
To  unsubscribe from this elist send a message with the single word
"unsubscribe"  in the body to: ebxml-msg-request@lists.oasis-open.org







[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC