OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: [Fwd: ebMS 9/12/2006: Questions Raised re: Non-Repudiation of Receipt]

Team,

	this is a question that appear relevant to our recent discussion
on exactly what we say about delivery and acknowledgements a part of the
Version 3 Core spec.


Ian Jones
Chair OASIS ebXML Messaging Services TC 
Email: ian.c.jones@bt.com
 

-----Original Message-----
From: Monica.Martin@Sun.COM [mailto:Monica.Martin@Sun.COM] 
Sent: 13 September 2006 00:33
To: Dale Moberg; Jacques Durand; Jones,IC,Ian,XDT63 R
Cc: Breininger, Kathryn R
Subject: [Fwd: ebMS 9/12/2006: Questions Raised re: Non-Repudiation of
Receipt]

For some reason, I get permanent failures when trying to post to this
list. May be an error still lingering from the email issues (don't
know).
Please complete TOI.

=======
The CPPA and ebBP teams received this question from Steve Capell
regarding non-repudiation of receipt, and synergy/compatibility between
CPPA/ebBP/ebMS. As the inquiry came to Dale Moberg and I, we answered
briefly. [1]

References:
http://lists.oasis-open.org/archives/ebxml-bp/200608/msg00027.html
http://lists.oasis-open.org/archives/ebxml-bp/200608/msg00029.html

This was briefly discussed on the JC call on Monday, and some
observations provided by Ian Jones and Jacques Durand.
This is a transfer of information. Thanks.

[1] I've attached the two references. The original question is provided
below as it bounced the list when sent:

22 August 2006
Hello all,
It has been a while since I posted to this group..  
I have an implementation question about the interpretation of the
business transaction characteristics in both the BPSS and the CPA from
the point of view of expected BSI behaviour.

Here is my understanding - from both specifications and from previous
correspondence on this issue:
1    The business meaning of the transaction characteristics in both the
BPSS and the CPA are the same.  The values in the CPA simply overrule
the values in the BPSS if different.  This allows a global process to be
defined with a set of default transaction characteristics but also
allows specific
bilateral relationships to modify them.  2    The transaction 
characteristics are transport and messaging protocol neutral.  They are
implemented with business signals such as ReceiptAcknowledgement and
AcceptanceAcknowledgement.  So, for example, if
"isNonRepudiationReceiptRequired" = "true" then a sending BSI will
expect to create and send a signed receiptAcknowledgement business
signal and a receiver BSI should validate the signature and persist the
signed 
receipt.  3    The form of the business signal should be defined by a 
schema.  In
BPSS 1.1 there is no place to do that so it is left to CPA Package
element.
There is no explicit link of the business signal definition to the
corresponding transaction activity in which it is used - but CPA2.0
defines a controlled vocabulary of names for the signals so a BSI will
just look for a signal definition "receiptAcknowledgement" (for example)
in a CPA. BPSS 2.0 overcomes this slight ambiguity and explicitly
defines the signals and related them to the transaction.

So far, so good.  My problem is with how to implement non-repudiation of
receipt:
1    The CPA spec says that when transaction characteristic
"isNonRepudiationReceiptRequired" = "true" then the CHANNEL should
specify (through ebXML messaging binding) that the ebXML technical
acknowledgement should be signed.
2    The BPSS spec says that when "isNonRepudiationReceiptRequired" =
"true" then the receiptAcknowledgement business signal (which is NOT the
same thing as the ebXML MS technical ack) should be signed.

So the risk is that we have two message handlers from two different
vendors, both consuming a CPA with a transaction that says
"isNonRepudiationReceiptRequired" = "true".  One might interpret that to
mean that the ebXML MS technical ack should be signed.  The other might
interpret that to mean that a receipt acknowledgement business signal
must be created and signed (and persisted).  Both could argue they are
correct.
But the result is an interoperability failure.

In my opinion, the CPA is treading on dangerous territory when it starts
to express business semantics like that.  I would say that
"isNonRepudiationReceiptRequired" = "true" means that a signed
receiptAcknowledgement business signal.  And that is the only
interpretation.  If, in the CPA, the Chanel specifies that technical
acknowledgements should be signed then that is a totally separate thing
- validated by the MSI only and not associated with the setting of the
transaction characteristic - which should ALWAYS be regarded as a parter
specific override of the global values in the BPSS.

For me this needs clarification or the specifications are not
implementable.

Comments?
Steve Capell
Red Wahoo
www.redwahoo.com p: + 61 2 94383700
m:+ 61 410 437854
f:  + 61 2 94392738

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]