|Subject:||[ebxml-cppa] Re: Arvola's comments on version 1.01|
|From:||Tony Weida (rwe...@hotmail.com)|
|Date:||Jan 3, 2002 12:05:57 pm|
My responses inline ...
----- Original Message ----- From: "Arvola Chan" <arv...@tibco.com> To: "Tony Weida" <rwe...@hotmail.com>; "CPPA" <ebxm...@lists.oasis-open.org> Sent: Thursday, January 03, 2002 1:36 PM Subject: Re: Arvola's comments on version 1.01
I agree that it is OK to remove the following text from the 1.02 spec:
TW: My proposal was to remove the comment, not the text. Although I understand the point of the comment, I believe that the 1.0 team wanted to offer a bit of optional guidance (not requirements) pending more detailed treatment of intermediaries in a future version. To me, that still seems like a reasonable approach.
"In this initial version of this specification, this MAY be accomplished by creating a CPA between each Party and the intermediary in addition to the CPA between the two Parties. The functionality needed for the interaction between a Party and the intermediary is described in the CPA between the Party and the intermediary. The functionality needed for the interaction between the two Parties is described in the CPA between the two Parties."
Regarding the confidentiality attribute section, I just feel that the following statement is a little bit too strong:
TW: Partners who feel strongly about confidentiality must be able to make such a strong statement in their agreement, backed up corresponding language in the CPPA spec. It might be OK to provide for weaker statements as well, which would suggest a finer grained machanism than confidentiality = true or false.
"It MUST be encrypted above the level of the transport and delivered, encrypted, to the application."
Some clarification along the lines used in the exchanges you have with Marty may be helpful.
----- Original Message ----- From: "Tony Weida" <rwe...@hotmail.com> To: "Arvola Chan" <arv...@tibco.com>; "CPPA" <ebxm...@lists.oasis-open.org> Sent: Thursday, January 03, 2002 7:29 AM Subject: Arvola's comments on version 1.01
Regarding two comments you included for version 1.01 (the version I distributed to the list, with changes highlighted):
1. You commented about lines 339-343: "It was agreed in the joint MSG-CPPA meeting in October that the 1.1 CPP/A spec will not address the requirements for interacting with intermediaries."
I believe the identified text is broadly informational in nature and doesn't conflict with your comment, so I'd be inclined to remove that comment from version 1.02. Okay?
2. You commented on the confidentiality attribute, lines 1503-1504) as follows: "I think the last part of the sentence "and delivered, encrypted, to the application" should be struck out. The encryption might have happened before the ebXML message is packaged and signed. The middleware on the receiver side probably should pass the decrypted payload to the destination application."
In response, I commented: "I thought the intent of this attribute was to specify confidential delivery between applications, and thus the sentence should remain intact." Is that agreeable, or shall I record this as an issue?