Re: [egov] eGov infrastructure requirements discussion - Duane Nickull - org.oasis-open.lists.egov

28 messages in org.oasis-open.lists.egovRe: [egov] eGov infrastructure requir...

From	Sent On	Attachments
David RR Webber - XML ebusiness	May 17, 2003 7:22 am
Paul Spencer	May 19, 2003 1:41 am
Farrukh Najmi	May 19, 2003 8:34 am
David RR Webber - XML ebusiness	May 19, 2003 8:46 am
David RR Webber - XML ebusiness	May 19, 2003 9:14 am
Chiusano Joseph	May 19, 2003 9:32 am
Paul Spencer	May 19, 2003 10:43 am
Duane Nickull	May 19, 2003 12:50 pm
Chiusano Joseph	May 19, 2003 3:48 pm
Duane Nickull	May 20, 2003 9:16 am
Chiusano Joseph	May 20, 2003 10:17 am
Farrukh Najmi	May 20, 2003 10:46 am
Chiusano Joseph	May 20, 2003 10:51 am
David RR Webber - XML ebusiness	May 20, 2003 12:04 pm
Duane Nickull	May 20, 2003 12:11 pm
David RR Webber - XML ebusiness	May 20, 2003 8:07 pm
Monica J. Martin	May 20, 2003 8:43 pm
Duane Nickull	May 20, 2003 9:33 pm
Duane Nickull	May 20, 2003 9:37 pm
Farrukh Najmi	May 21, 2003 3:14 am
Monica J. Martin	May 21, 2003 6:14 am
David RR Webber - XML ebusiness	May 21, 2003 6:15 am
David RR Webber - XML ebusiness	May 21, 2003 6:26 am
Duane Nickull	May 21, 2003 10:46 am
Zachary Alexander	May 21, 2003 12:55 pm
Duane Nickull	May 21, 2003 1:24 pm
David RR Webber - XML ebusiness	May 21, 2003 8:52 pm
Monica J. Martin	May 22, 2003 9:06 pm

Subject:	Re: [egov] eGov infrastructure requirements discussion
From:	Duane Nickull (dua...@yellowdragonsoft.com)
Date:	May 21, 2003 1:24:43 pm
List:	org.oasis-open.lists.egov

Registry Federation - I think so but I would like to hear directly from the government users who are thinking of using Registry. I am a huge fan of listening to what users want as opposed to telling them what they want ;-)

Validation between registries - assuming federation is a go, the federate() methods would be logically capable of comparing two registy objects (or their metadata) to determine if they are the same or different. I see that federation would likely be done by passing references (RIM metadata only) as opposed to passing the actual object so validating an object that another registry has already validated may not be necessary (or possible). Will one registries intrinsic object become anothers extrinsic object? I am not sure. I would really again like to defer the question to the end user community who can pass their requirements to this group. We can then map those requirements to the existing technology and make notes of any gaps. The gaps should be forwarded to the Regrep group, IMO.

Zachary Alexander wrote:

Duane,

Do you think there is a requirement for registry federation and is there a need for validation between registries?

-----Original Message----- From: Duane Nickull [mailto:dua...@yellowdragonsoft.com] Sent: Wednesday, May 21, 2003 1:00 PM To: Farrukh Najmi Cc: David RR Webber - XML ebusiness; OASIS eGov list; Chiusano Joseph Subject: Re: [egov] eGov infrastructure requirements discussion

The type of content validation that was being referred to was slightly different than the in-registry contetn validation (my read anyways).

From a pure architectural standpoint, validation to ascertain that something is within acceptable constraints should be done at the point closest to where a consequence will occur if it is invalid. If someone is using a Registry artifact, it makes sense to validate it at the point

closest to where it will get consumed (near the client side application that will consume it). Validating the artifact before it gets sent leaves open the possibility that it become corrupt during its subsequent

serialization/deserialization from the transport layer or during transport itself.

Validating from the POV that the Registry needs to know that the content

is valid before it accepts the artifact is good. That should be and is done when an item is submitted to the registry. The machine validation (syntax and structure) and possible RA scrutiny are needed to ensure that the Registry content does not contain any errant or even malicious content. (Perhaps some small porn site operator tries to register a CPA

as XXXX Automobile Company?) Many of you may laugh at thsi but it happened in the UDDI reference implementation as well as rumours of similar behaviour within the first Biztalk Repository.

I just wanted to point out that there are two different sets of requirements for validation.

Actually, if you view a registry as a general purpose content management system (this is how ebXML Registry has evolved - details available if needed), then semantic validation (not schema based syntax validation) is a feature of such a system. An ebXML Registry for example can perform content specific semantic validation of arbitrary content using its plug-in based content validation feature. Such validation could be done on client side but in general an automated server side validation is a much better solution to meet the requirements. The way this works in ebXML Registry is:

-A responsible organization that defines a new type of content publishes a content validation service to the registry. Such a service

is a simple web service conforming to a normative interface. For example the ebXML CPPA team may publish a CPP validation service .

- a use submits content that is an instance of a content type (e.g. ebXML CPP).

-The registry checks if there is a validation service registered for that content type.

-If a validation service exists then registry invokes it automatically

and validates the content.

-If the content is valid accoding to teh validation service then it is

accepted by the registry. If not valid then it is rejected with an appropriate error message.

Above feature of ebXML Registry makes me wonder why one would need any

validation requirements to be met on the client side.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets