OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [ebxml-dev] signed acknowledgement - BSI's role?

No. BSI doesn't play a role in sending/receiving acks at MSH level.

There are different acknowledgments that are to be dealt at the BSI layer
implied by some attributes in BPSS instance document. These include
the "ReceiptAcknowledgment" and the "AcceptanceAcknowledgment".

So in that sense as MSH has control over the MSH Acks, it has to have
control over the keys to sign the acknowledgments.


Nandini Ektare wrote:

As this question has been raised, I want to add to the question.

I agree sending receipt acknowledgement is the responsibility of MSH but is it also true that creation of the ack automatically is MSH's responsibility. >From what Patrick has asked I get a picture that Acknowledgements are 'traded' just between the MSH at both ends.

As a layer above MSH in the ebXML stack, a BSI may want to alter the ack before sending (say) to state the reason for negative ack. (the <FreeFormText> element in the standard ReceiptAcknowledgement dtd could be used). Similarly  the BSI wants to receive the ack in order to (say) send a separate "Notification of failure" in case of a -ve  ack which is treated as a business protocol exception by the BSI.

All in all, doesn't the BSI play a role in sending/receiving Acknowledgements - whether Receipt or Acceptance?

And if BSI does play a role, the key/passwd per appln need not necessarily be stored in MSH keystore.


Patrick Yee wrote:

Dear all, I have a question about messaging service. According to the specification, the sender of a message can request an acknowledgement from the receiver, and optionally, the sender can request that acknowledgement to be signed. Since the acknowledgement sending is done automatically by the MSH, does that imply the MSH should keep the application's private key and password to the keystore for signing automatically? Will that cause any vulnerability problem? Thanks in advance. Regards,-Patrick--
Patrick Yee
System Architect
Center for E-Commerce Infrastructure Development (CECID)
Dept. of Computer Science and Information Systems
The University of Hong Kong
Tel: (852) 22415674
Fax: (852) 25474611

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC