OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [ebxml-msg] RE: [ebxml-cppa] isConfidential


Forwarding from ewtg list

*************************************************************************************

Martin W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY 10598
914-784-7287;  IBM tie line 863-7287
Notes address:  Martin W Sachs/Watson/IBM
Internet address:  mwsachs @ us.ibm.com
*************************************************************************************
----- Forwarded by Martin W Sachs/Watson/IBM on 03/12/2002 10:34 AM -----
                                                                                                                                                   
                      Buchinski.Ed@tbs-                                                                                                            
                      sct.gc.ca                To:       pallavi.g.malu@intel.com, ebtwg-bps@lists.ebtwg.org                                       
                                               cc:       Buchinski.Ed@tbs-sct.gc.ca                                                                
                      03/12/2002 10:17         Subject:  RE: [ebxml-cppa] isConfidential                                                           
                      AM                                                                                                                           
                                                                                                                                                   
                                                                                                                                                   



I can understand the argument being made but security has to extend beyond
mere data transfer.  The efforts and success achieved by ebXML in creating
a
"contractually binding" environment should not be compromised by lax
security at the application end.   My understanding is that we are
conveying
business semantics - not how to ensure persistence.

 -----Original Message-----
From:              Malu, Pallavi G [mailto:pallavi.g.malu@intel.com]
Sent:        March 11, 2002 3:11 PM
To:          'ebtwg-bps@lists.ebtwg.org'
Cc:          'Buchinski.Ed@tbs-sct.gc.ca'
Subject:           FW: [ebxml-cppa] isConfidential



-----Original Message-----
From: Christopher Ferris [mailto:chris.ferris@sun.com]
Sent: Monday, March 11, 2002 12:33 PM
To: Tony Weida
Cc: CPPA
Subject: Re: [ebxml-cppa] isConfidential


I took that as a given. However, as I indicated, it
really has nothing to do with "persistence on some
media". The fact that I use XML Encryption on a message
does not necessarily require any manner of persistence
(e.g. storage on some form of media such as hard disk).

The confidentiality accorded a message that is characterized
as "isConfidential='persistent' is a function of the message
itself. isConfidential='transient-and-persistent' is a
function BOTH of the communications protocol that is used
to exchange the message between two adjacent network nodes
and of the message itself, independent of the mechanism
used to convey the message between network nodes.

The fact that a message that has used a persistent form
of confidentiality *might* be stored (locally or elsewhere)
on some form of storage media is secondary to the definition
of what this property means.

Cheers,

Chris

Tony Weida wrote:

> The isConfidential attribute has four potential values: "none",
"transient",
> "persistent", and "transient-and-persistent".  The cited text applies to
the
> persistent cases.  Sorry for omitting the qualification.  THe motivation
is
> to address the case of confidential exchange between applications, not
> merely MSHs.
>
> ----- Original Message -----
> From: "Christopher Ferris" <chris.ferris@sun.com>
> To: "Tony Weida" <rweida@hotmail.com>
> Cc: "CPPA" <ebxml-cppa@lists.oasis-open.org>
> Sent: Monday, March 11, 2002 2:09 PM
> Subject: Re: [ebxml-cppa] isConfidential
>
>
>
>>Why would persistence (I assume on some media) be a
>>consideration? True, the confidentiality is "persistent",
>>but persistent only to the degree that the feature is
>>not a function of the transfer or transport mechanism
>>but of the message itself.
>>
>>Tony Weida wrote:
>>
>>
>>>Here's the text we arrived at during the last call to characterize
>>>isConfidential:
>>>
>>>
>>>
>>>    "...persisted locally in encrypted form, and made available to the
>>>    application in accordance with local security policies implemented
>>>    to preserve confidentiality."
>>>
>>>
>>>
>>>Tony
>>>
>>>
>>
>>
>



----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.ebtwg.org/ob/adm.pl>






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC