Minutes of CPPA Negotiation
Conference Call
Attendees: Marty Sachs, Monica Martin, Dale Moberg, Neelakantan Kartha
Kartha has completed and posted an NDD schema and instance document. He needs to wrap up his work on the NDD by the end of next week. Everyone needs to review the NDD documents and post comments as soon as possible.
The discussion focused on the draft specification.
Dale asked that the difference between a draft CPA and a CPA template be clarified. This mainly concerns how much information about the offeree is in the initial-offer CPA. Dale will draft some text for the specification.
Dale wondered if an additional construct is needed in the NDD to identify an element for which the offeree must supply a value (such as partyId) but which is not, strictly speaking, negotiable. He will consider this further and propose a definition.
Kartha asked about negotiability of extensions; he isn’t sure what could be negotiated. Dale said that most or all of the extensibility elements (ANY elements) were removed from the CPPA specification for version 2 because the team did not reach agreement on extensions. He believes that extensibility is important and expects that the CPPA team will revisit it for version 2.1. Meanwhile, we will include negotiability of extensions in the futures document.
Kartha opened a discussion of negotiation of security details. Dale replied that the main thing is trust anchors and what can be negotiated about them, such as adding a trust anchor. He will review the current NDD schema to see if it can handle negotiability of trust anchors.
Kartha described problems validating an NDD instance document that contains a Schema duration. The conclusion is that he is doing the correct thing and there appears to be a bug in the version of the XML editor that he is using.
Monica asked about how to deal with self-signed certificates in the context of Section 9 (Preconditions for Negotiation). Dale replied that the trust anchor chain has to be augmented to include a self-signed certificate. She also questioned the requirement that there be a certificate authority in common between the two parties. It was decided that this should not be a precondition; the negotiation protocol can perform whatever alignment is needed between the two parties’ trust chains. This point will be deleted.
Monica asked, regarding section 8.4 (Security of the Negotiation Process) whether all these items are in scope for version 1. Dale will review this material and suggest improvements.
Monica asked, regarding section 8.2 (Transport) whether it is really necessary to require that in the NCPA, replies be defined as synchronous. Dale explained that the reason was to avoid having to know a URL for the response. One possibility is to include the URL in the request message. Dale will review the message schema to see if it provides a place to state the URL for the response.
There was a further discussion of bootstrap issues for the NCPA. There were some concerns that we have not adequately addressed bootstrap issues and that the NCPA in the draft specification is unnecessarily complex.
The call was adjourned at
Respectively submitted,
Marty Sachs