Re: [egov] eGov infrastructure requirements discussion

[Duane Nickull <duane@yellowdragonsoft.com>]

The type of content validation that was being referred to was slightly 
different than the in-registry contetn validation (my read anyways).

 From a pure architectural standpoint, validation to ascertain that 
something is within acceptable constraints should be done at the point 
closest to where a consequence will occur if it is invalid.  If someone 
is using a Registry artifact, it makes sense to validate it at the point 
closest to where it will get consumed (near the client side application 
that will consume it). Validating the artifact before it gets sent 
leaves open the possibility that it become corrupt during its subsequent 
serialization/deserialization from the transport layer or during 
transport itself.

Validating from the POV that the Registry needs to know that the content 
is valid before it accepts the artifact is good.  That should be and is 
done when an item is submitted to the registry.  The machine validation 
(syntax and structure) and possible RA scrutiny are needed to ensure 
that the Registry content does not contain any errant or even malicious 
content.  (Perhaps some small porn site operator tries to register a CPA 
as XXXX Automobile Company?)  Many of you may laugh at thsi but it 
happened in the UDDI reference implementation as well as rumours of 
similar behaviour within the first Biztalk Repository.

I just wanted to point out that there are two different sets of 
requirements for validation.

Duane Nickull

Farrukh Najmi wrote:

>
> Actually, if you view a registry as a general purpose content 
> management system (this is how ebXML Registry has evolved - details 
> available if needed), then semantic validation (not schema based 
> syntax validation)  is  a feature of such a system. An ebXML Registry 
> for example can perform content specific  semantic validation of 
> arbitrary content  using its plug-in based content validation feature.
> Such validation could be done on client side but in general an 
> automated  server side validation is a much better solution to meet 
> the requirements. The way this works in ebXML Registry is:
>
> -A responsible organization that defines a new type of content 
> publishes a content validation service to the registry. Such a service 
> is a simple web service conforming to a normative interface. For 
> example the ebXML CPPA team may publish a CPP validation service .
>
> - a use submits content that is an instance of a content type (e.g. 
> ebXML CPP).
>
> -The registry checks if there is a validation service registered for 
> that content type.
>
> -If a validation service exists then registry invokes it automatically 
> and validates the content.
>
> -If the content is valid accoding to teh validation service then it is 
> accepted by the registry. If not valid then it is rejected with an 
> appropriate error message.
>
> Above feature of ebXML Registry makes me wonder why one would need any 
> validation requirements to be met on the client side.
>

-- 
***************************************************
Yellow Dragon Software - http://www.yellowdragonsoft.com
Professional Software Development & Metadata Management
Project Team Lead - UN/CEFACT eBusiness Architecture
Direct:  +1 (604) 726-3329 - Canada: Pacific Standard Time