OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Signed Errors

Hi Pim

Apologies for the delay - am on holiday with the family. Hope the following will suffice. I have copied this to the list should there be any further comment or input

Re: ebMS3/AS4 Signed and/or Encrypted Error Handling

Dear AS4 Developer/Administrator/Vendor

It has come to our attention that  there is no explicit method to ensure that ebMS3 error messages should be signed or encrypted either in the ebMSV3 core specification or in the AS4 Profile.

It would be useful, particularly in cases where it is not possible to provide other means such as access control lists (ACLs) to ensure authorised connectivity, to  authenticate and validate that the MSH that is posting an error with the MSH to which the original message in error was sent and not from some other source. This, in particular, for asynchronous errors, and also inline with the required behaviour for signed receipts as per the AS4 Profile.

It is, however, our understanding that for current implementations neither synchronous or asynchronous error messages are signed and/or encrypted and requiring this as for signed receipts may cause interoperability implications for existing systems.

With that, and prior to making a change to either the ebMSV3 core spec or to the AS4 profile we would like to obtain your opinion on the above matter. Please respond to this by answering the following questions and also feel free to provide any further input on this that you may feel appropriate

o  - Do not sign errors caused by signed messages, ie. leave as is: Yes/No

o -  Always sign errors if the originating message causing an error condition was signed: Yes/No

o - Optionally sign errors for signed messages that caused an error condition: Yes/No

Sincerely

OASIS EBXML Messaging Technical Committee

Related Documents

OASIS ebXML Messaging Services Version 3.0 Part 1: Core Features. 01 October 2007. OASIS Standard. http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/core/ebms_core-3.0-spec.html.

AS4 Profile of ebMS 3.0 Version 1.0. 23 January 2013. OASIS Standard. http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/AS4-profile-v1.0.html.


On 28 Apr 2014, at 09:01 , Pim van der Eijk <pvde@sonnenglanz.net> wrote:

> 
> OK,  feel free to update the text.   As you may see at http://ebxml.xml.org/,   the number of vendors implementing AS4 is increasing rapidly ..
> 
> Pim
> 
> On 04/27/2014 12:39 PM, Theo Kramer wrote:
>> I've been thinking of adding some options eg. Leave as is, always sign, or make it optional to be agreed by parties before sending.
>> 
>> Regards
>> Theo
>> Sent from typo enabled phone
>> 
>>> On 27 Apr 2014, at 11:45, Pim van der Eijk <pvde@sonnenglanz.net> wrote:
>>> 
>>> 
>>> Hi Theo,
>>> 
>>> Did you want to discuss this on the TC,  or shall I forward this as is?
>>> 
>>> Kind regards,
>>> 
>>> Pim
>>> 
>>>> On 04/19/2014 08:23 AM, Pim van der Eijk wrote:
>>>> 
>>>> 
>>>> Hi Theo,
>>>> 
>>>> This looks fine to me,   and I can forward this to some of the vendors that are not in OASIS/on the TC.
>>>> 
>>>> We could indeed add a PMode parameter to the core spec and profile AS4 to have behaviour like we do with receipts.  I agree we (practically) only need signing and not encryption.
>>>> 
>>>> Good Easter,
>>>> 
>>>> Pim
>>>> 
>>>> 
>>>> 
>>>> 
>>>>> On 04/19/2014 08:08 AM, Theo Kramer wrote:
>>>>> Hi Pim
>>>>> 
>>>>> Following on from our discussion on Signing Errors I thought we could send out the following to some of the current AS4 Implementation vendors, developers and system administrators.
>>>>> 
>>>>> ------------------------------------------
>>>>> Re: ebMS3/AS4 Signed and/or Encrypted Error Handling
>>>>> 
>>>>> Dear AS4 Developer/Administrator/Vendor
>>>>> 
>>>>> It has come to our attention that  there is no explicit method to ensure that ebMS3 error messages should be signed or encrypted either in the ebMSV3 core specification or in the AS4 Profile.
>>>>> 
>>>>> It would be useful, particularly in cases where it is not possible to provide other means such as access control lists (ACLs) to ensure authorised connectivity, to  authenticate and validate that the MSH that is posting an error with the MSH to which the original message in error was sent and not from some other source. This in particular for asynchronous errors, and also inline with the required behaviour for signed receipts as per the AS4 Profile.
>>>>> 
>>>>> It is, however, our understanding that for current implementations neither synchronous or asynchronous error messages are signed and/or encrypted and requiring this as for signed receipts may cause interoperability implications for existing systems.
>>>>> 
>>>>> With that, and prior to making a change to either the ebMSV3 core spec or to the AS4 profile we would like to obtain your opinion on the above matter.
>>>>> 
>>>>> Sincerely
>>>>> 
>>>>> OASIS EBXML Messaging Technical Committee
>>>>> 
>>>>> Related Documents
>>>>> 
>>>>> OASIS ebXML Messaging Services Version 3.0 Part 1: Core Features. 01 October 2007. OASIS Standard. http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/core/ebms_core-3.0-spec.html.
>>>>> 
>>>>> AS4 Profile of ebMS 3.0 Version 1.0. 23 January 2013. OASIS Standard. http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/AS4-profile-v1.0.html.
>>>>> 
>>>>> ----------------------------------------
>>>>> 
>>>>> … and now as I write this why not just make this an option with a p-mode such as
>>>>> 
>>>>> PMode[1].ErrorHandling.Report.SignErrors: support not required and only valid for errors generated from signed messages (true/false)
>>>>> 
>>>>> ?

-- 
Regards
Theo

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]