OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Notes from 1/27, F2F Day 2

Notes from 1/27, Day 2 of F2F
-----------------------------
Guests Present:
  Alan Weissberger, NEC
  Hamid Ben Malek, Fujitsu

> 2. Review and completion of WS-Security inclusion

** Issue: Do we want to require support for complete attachment signing,
  or attachment content only?
** Issue: Do we want to require support for encrypting attachment content
  only, or content and headers?

Jeff recommends that in both cases, we require a minimum of content-only,
for interoperability purposes.  General agreement.

** What, if anything, do we need to say about SOAP intermediaries?
  WS-Reliability does not address them (its headers are end-to-end only).
  Any other intermediary header processing will be transparent, as far
  as the MSH is concerned.

If we no longer have a need for ebMS intermediaries, NextMSH actor can
be removed; this also simplifies the XPath transform used for enveloped
signing of the SOAP envelope.

What about actor=next?  Do we need a second signature to protect those?
Maybe, but it would be the responsibility of whoever added the such
elements also to add a separate signature targeted at next, which is
verified by intermediary.

The enveloped transform is easy to use and specify, but WS-Security
advises against it (SHOULD NOT).  An alternative is to include a Reference
for each element to be signed in the Signature block.  (This includes
the path and hash of each element.)

** Issue: This allows insertion of headers by a man-in-the-middle,
although they would be unsigned.  Is this a security risk that we wish
to disallow?  Should we require that receiver only honor headers that
are signed and trusted?  (This is a change from the 2.0 signature
functionality, which would fail completely if headers were inserted.)

** Which headers do we encrypt?  Include WS-R headers?  Consider SOAP
  Intermediaries, and access to headers that they require.

Is it true that we cannot encrypt eb:To and eb:From, needed for routing
purposes?

Do we need to have an exposed header to identify a message as being ebMS?
Probably not, as long as we mandate that Security headers are processed
(and relevant decryptions occur) prior to ebMS headers.

In other words, Reliability headers need to be exposed/made available to
the Reliability processor.  And ebMS headers need to be made available
to the ebMS processor.  We need to be careful that our wording does not
dictate any specific implementation model.

Can we say anything more specific than, "encrypt whichever elements
(and/or attachments) you wish"?

Hamid would like to enable a processing model in which selective,
"just-in-time" decryption can be performed in stages.  So encrypted
elements need to be identified in some manner, in order to decide which
ones a particular processing stage wishes to decrypt.

** Conformance: What do we want to require, as far as a base level of
security functionality?  We've already agreed that Reliability is a
required core feature; in 2.0, it was optional, but has conformance
requirements for those who choose to implement it.

We could state that all headers that exist at the time our security
mechanisms are applied MUST be signed, for example.  Or leave it up to
a policy / service agreement?  CPA issue; can CPA express this?

Proposal: State that if signing is done, sending MSH SHOULD sign all
elements and attachments.  Same for encryption.

** Possibly need to recommend method(s) of key identification.
Embed or reference certificate/BinarySecurityToken?

** Issue of determining whether or not policy has been adhered to.
(In other words, will we require that conformance to CPA be validated
on the receiving side?)  We did in 2.0.

** Need to discuss composability of WS-Security & WS-Reliability further?


> 3. Completion of Payload services

Email from Doug includes a question about complexity of PayloadInfo
and Processing.

Agreed to remove the PayloadInfo container element and move Payload to our
top level.  Keep the name PayloadInfo for the element, however, instead
of Payload.  Similarly, collapse Processing and Step elements into
ProcessingStep.

Jacques wonders whether we need to specify that some steps may be done
in parallel.  Agreed to keep it sequential; no need to introduce this
level of workflow complexity.

** Is there a need for overall payload processing steps, or do we only
need them per payload, as in the current schema draft?  If we need to
add overall steps, how do we specify sequencing constraints between these
and the payload-specific steps?

Agreed to remove sequence attribute; rely on element order to specify
processing step order (as well as payload processing order).
Specify that element order dictates processing sequence.


Agreed to specify Payload Services module in the main spec; concretize
examples and move them to an appendix.

PreProcessing/PostProcessing have been removed.  Sender needs to obtain
its processing instructions from somewhere (e.g. CPA); message contains
only the receiver's processing instructions so that the necessary message
self-describes its processing requirements.

Potential user requirements for Payload Services:

Jacques believes we have a requirement for handling "batched", unrelated
payloads within a single message.  One use case is to apply encryption
or compression to the entire batch as a whole, rather than to each
payload individually, which can be much more expensive.  To accomplish
this, we could either predefine a Service/Action that recursively
unbundles multiple payloads and submits them as individual messages,
or specify a payload service that does this.

Doug wonders whether there is really a need for such EDI-style batch
processing.

Jacques wonders about chunking/packetizing very large messages, and
defining a reassembly service.
Also notes requirement for flow control, or store-and-forward signaling
with occasionally connected parties.

As long as we're discussing potential requirements, Doug reads through
our 10/2002 requirement list to see if we've missed anything.


Discussion about status of WS-Addressing, and potential for using it
for our addressing & routing needs.

** Issue:  When an MSH receives a message, how does it know whether it is
participating in a simple push MEP (in which case there is no response),
or a sync req/resp MEP (in which case it maintains the connection until
the response is available to be transmitted)?  (There is no indication
in the message header.)  Possibly need to re-add the SyncReply element.

** Corollary: When a message is Submitted to MSH and it contains a
RefToMessageId, how is/was it determined what the callback address is
to deliver this response?  CPA?  WS-Addressing ReplyTo element?


> 4. Complete review of specification identify outstanding work
>    Examples
>    Bindings
>    Appendices

** Rename 5.4 "Modes of Operation" to something more accurate.

> 5. Requirements for future work and F2F

> 6. BPSS alignment & CPA version control / identification

-- 
Pete Wenzel <pete@seebeyond.com>
Senior Architect, SeeBeyond
Standards & Product Strategy
+1-626-471-6311 (US-Pacific)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]