OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Note about CPA hash in ebXML message

Hi ebMS team
During a recent ebMS phone conference I brought up the thought of having a CPA hash in addition to the CPA ID.
Here a short description.
If ebXML messages are based upon ebXML CPA's as their underlying agreement it is suggested that the ebXML message not only uses the CPA ID as the reference to the agreement but to also use the MD5 hash value of the actual CPA file.
The anomaly of an agreement is that both parties must deploy the same agreement. It is important that the underlying agreement is not changed by one party (would result in a different MSH behaviour and potential inconsitencies). If an agreement must be changed it is important that both parties replace their current agreement with the new agreement.
Just checking the reference to the underlying agreement does not explicitly assure that the agreement has not been modified. Using the MD5 hash of the actual CPA file as an optional ebXML message header element provides the assurance that the agreement has not been changed.
A different MD5 hash of the CPA indicates that the CPA has been modified and that the two MSH system might be mis-aligned.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]