As this question has been raised, I want to add to the question.
I agree sending receipt acknowledgement is the responsibility of MSH
but is it also true that creation of the ack automatically is MSH's responsibility.
>From what Patrick has asked I get a picture that Acknowledgements are
'traded' just between the MSH at both ends.
As a layer above MSH in the ebXML stack, a BSI may want to alter the
ack before sending (say) to state the reason for negative ack. (the <FreeFormText>
element in the standard ReceiptAcknowledgement dtd could be used). Similarly
the BSI wants to receive the ack in order to (say) send a separate "Notification
of failure" in case of a -ve ack which is treated as a business protocol
exception by the BSI.
All in all, doesn't the BSI play a role in sending/receiving Acknowledgements
- whether Receipt or Acceptance?
And if BSI does play a role, the key/passwd per appln need not necessarily
be stored in MSH keystore.
thanks,
Nandini
Patrick Yee wrote:
Dear
all, I have a question about
messaging service. According to the specification, the sender of a message
can request an acknowledgement from the receiver, and optionally, the sender
can request that acknowledgement to be signed. Since the acknowledgement
sending is done automatically by the MSH, does that imply the MSH should
keep the application's private key and password to the keystore for signing
automatically? Will that cause any vulnerability problem?Thanks in advance.
Regards,-Patrick--
Patrick Yee
System Architect
Center for E-Commerce Infrastructure
Development (CECID)
Dept. of Computer Science and Information
Systems
The University of Hong Kong
Tel: (852) 22415674
Fax: (852) 25474611