OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Use Cases and Requirements -- Strawman Draft 2

Here are some quick inputs to the latest Strawman Draft of the 
Use Case Requirements set.

I basically have 2 use cases that seem relevant to include
in the "Group 2: B2B Scenario Variations":

1) B2B Transaction using Message Oriented Middleware and S/MIME
A B2B Transaction oriented scenario using a message oriented
middleware (MOM) protocol, possibly over a secure transport like
SSL, that employs S/MIME to protect the message payload and 
involves a B2B portal exchange that authentictes the message sending 
party via processing of Credential, producing a Named Assertion 
and any applicable entitlements. 

2) B2B Transaction using different protocols
A B2B Document Exchange Transaction that involves two trading
parties such that sending party (e.g., Buyer) uses one
messaging/transport protocol (e.g., OBI) and receiving party 
(e.g., Supplier) uses a another messaging/transport protocol 
(e.g., ebXML). A B2B exchange service provide must provide
relevant interoperability services such that authenticated
Named Assertions and Entitlements can be propagated from one
messaging protocol onto another, preserving the security semantics 
of the the transaction between the two parties across two 
protocols and via atleast one intermediary portal exchange.

3) B2B Transaction over mutliple Portals
Same as Use Case#3 with variation of a multi-hop portal
scenario where the messages may end up traversing over between
possiblly more than 2 intermediary portals, involving two
trading parties.

Last use case was discussed a few ago in the Security Binding
Conf Call.

I can elaborate on both of these use cases further in our Use Case 
tele-conf tomorrow. Furthemore, I'll be happy to formally expand 
on these use cases/issues in the future.

Any comments/feedback welcomed, and sorry for the late response.


Zahid Ahmed                     Commerce One, Inc.
Commerce Security Architect
email: zahid.ahmed@commerceone.com
v:   (408)-517-3903

-----Original Message-----
From: Evan Prodromou [mailto:evan@outlook.net]
Sent: Friday, February 09, 2001 11:05 PM
To: security-use@lists.oasis-open.org
Subject: Use Cases and Requirements -- Strawman Draft 2

Attached is a copy of the 2nd straw man version of the use cases and
requirements document. It has some fairly significant changes
including the following:

	* Added set of high-level use cases to capture the
	  similarities between many of the scenarios. Maintained a
	  group of detailed use-case scenarios.

        * Changed diagrams of detailed use case scenarios to use
	  interaction diagrams instead of use case diagrams.

        * Added a description of each use-case scenario and list of
          requirements flowing from the scenario.

        * Added draft glossary (as link). Thanks, Jeff!

	* Added issues list (as link). Collected from Darren's
          high-level list and re-formatted. As many issues as have
          come up on 

	* Gave requirements labelled names for easier

	* Incorporated and merged requirements list from Core
	  Assertions subcommittee of Oasis Security Services
	  TC (by Philip Hallam-Baker).

        * Corrected various editorial mistakes.

By far, the most text and time have been put into the issues list, and
I encourage people -- no, I BESEECH people B-) -- to check that list
to make sure that 1) issues they have brought up have been addressed
and 2) that the characterization of issues is clear, fair, and

If I was to characterize the lifecycle of our output as a
subcommittee, I'd say that we began with an outline and generated a
large number of issues. I think that our next step, before the first
draft that will go to the main TC, is to resolve these issues and
squeeze them back into the main document, as best as possible.

We've talked a bit about how to resolve issues on the list. One part
is breaking up the issues into digestible chunks -- what the issues
list is about -- and posting one email per issue to the list, for

I think the next part we have to decide is how to -resolve-
issues. Perhaps, using Robert's Rules, at some point in the discussion
someone can make a motion that we vote on one or more of the potential
resolutions for the issue, and we can use the evite voting system to
close the items. Another possibility is that someone move that we have
consensus and that we resolve the issue without a vote, unless there's
an objection. (Crumb, looks like I need to read R's R again).

Anyhow, I plan on posting emails for each issue this weekend, to meet
the first requirement. I guess we can talk about resolution at the
next concall.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC