[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ebbp 3/20/2005: Comment re: documentSecurity (wd10/schema 2-22)
Everyone, as we discussed Tuesday, there are dependencies or expectations that may exist given the transaction patterns selected and the expectations of the involved parties. Here is a summary documenting our discussion and proposed changes either to the technical specification or schema. Unless the team indicates, I see no specific changes required in the BT patterns matrix. I ask that we get comments from the team on any concerns, open questions or changes requested. * Summary details o Need to separate business and reliable messaging layers. Such as: Reliable messaging protocol may have security and non-repudiation happening with every message as the default. That may not be raised to business layer where it is persisted. o Assumptions may be upgraded in the CPPA. o For Business Transaction and Notification, these attributes are required. + Where required in the schema and specified with a default, and the partners fail to make a selection, the attributes are required and the default applies. o For all others: + Where required in the schema and no default is specified, and the partners fail to make a selection, the matrix characteristics apply first. # Else if the matrix specifies that the involved partners make the selection for documentSecurity, no persistence required. + Where optional and the partners don't make a selection for documentSecurity, it is assumed to be no persistence required. * Open items o QUESTION: Do we go any further by specifying any relationship with the quality attribute group (isIntelligibleCheckRequired, isNonRepudiationRequired, isNonRepudiationReceptRequired, TimetoAcknowledgeAcceptance, isAuthorizationRequired and RetryCount)? Note, I believe we decided to take a pragmatic approach - indicating some well-formedness rules while requesting more business requirements. Updates proposed: ============================================================================================================ Section 4.7.3 Change from: Trading partners MAY wish to conduct legally enforceable business transactions over ebXML. Change to: Trading partners MAY wish to conduct intentional business transactions over ebXML. Section 4.7.5 Change from: .....Typically, this occurs in intentional situations. Change to: .....Typically, this occurs in intentional situations where authentication and tamper detection are particularly important to support enforceability. In such cases, it is recommended that the parties also specify the channel is confidential. Otherwise, document security is specified by the parties involved. See the patterns matrices earlier in Section 4 for other details. In those instances where intent is specified regardless of pattern, documentSecurity attributes apply. For example, where non-repudiation of content is required, documentSecurity SHOULD apply although this is subject to the agreement of the parties. Updates MAY also be made in the CPA. ============================================================================================================ Dale, please advise given these discussions if any schema changes may be required other than annotations, which I can complete after we agree on the direction. Thanks everyone.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]