OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Better, more secure exchanges - a fresh look at ebXML messaging (again!)

I've noticed the concern in the news around cyber vulnerabilities of networked infrastructure.
Funny how the wheel rolls full circle and we get back to where we were five years ago - reviewing how to securely use the internet to exchange ebusiness information with XML.
The work we've been doing here at NIH to package the Hermes ebMS is instructive in using the ebXML approach to develop mechanisms that are strong and robust and able to be quickly adapted as needed.
Techniques and tools have developed over the past five years - and now we have firmware components such as Big-IP that manage intrusion threats - but regardless - the mainstays of digital certificates and SSL along with configuration via the CPA provide a significant level of security. 
Particularly important is the ability to componentize the CPA so that across a community of partners - default settings can be quickly re-routed and the changes propagated in response to threats or server outages due to network failures and the like without necessarily having to update each CPA and setup individually.
Clearly in terms of crisis response - whether it is a natural disaster or manmade emergency - its crucial to know that your base design is able to support rapid changes and new relationships dynamically.
Similarly - leveraging the CPA itself to make partner setup details private and secure - limit the ability for eavesdropping / spoofing and the like - while at the same time allowing secure rapid addition of new partners in emergency situations.  Allied to this is the need to support rule-driven information integration as part of the message exchange solution. 
We're not quite there yet in terms of integrating rules engine tools such as CAM directly with Hermes - but we have done some initial prototyping on that - so that gap is closing.  Again the CPA already supports business process and actions and transactions mapping - allowing routing and transformation linkage - and the new CPA v3.0 is providing direct coupling there.  The new CPA v3 is also supporting PULL as a interaction model along with enhanced signalling - and that also is crucial for alert mechanisms - and being able to avoid overloading networks by deferring actions as needed.
Having this capability built-in via a set of operational guidelines and a verifiable open source implementation is clearly a significant advantage to meeting the challenges of SOA and secure network infrastructures.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]