Subject: Re: How is this supposed to work?
David, Your statement below makes absolutely no sense at all. A TPA is an agreement between two parties. What you cite as a possible DoS attack point is in fact not possible because the two parties agreed to the orchestration of the message exchange, including the response URI for a given message. I would agree that RR needs to examine carefully which features of TR&P are suitable for its use, and most certainly agree that if there are deficiencies in the features available, that we will need to address these in a subsequent version of the MS spec. The POC effort will help us (TR&P) to identify weak areas of the specification which need either improvement, redefinition or better explanation. We (TR&P) look forward to receiving this valuable feedback based on real experience, not simply conjecture. Cheers, Chris David RR Webber wrote: > > Message text written by Farrukh Najmi > > > JP, > > You are right that the response is sent to the URI that is looked up in the > TPA > based on DUNS number. > <<<<<<<<<<<<<<<< > > Farrukh, > > At some point we need to raise this as an issue with TRP. > > Unlike TRP exchanges that require some business process, > RegRep Requests are to the large part automated. > > This therefore leaves open the possiblity that inadvertently or > deliberately someone could exploit this to send junk messages > endlessly to someone else. This is a 'feature' of TRP that > RegRep does not need IMO. > > It also highlights the need for us to examine in a transport > neutral way exactly what functionality we really need for RegRep. > I'd be much more comfortable with creating such a transport > requirements base set. Then allowing people to show how > TRP fulfils that, and so on. Time did not permit this for the PoC > but this should definately be revisited. > > Thanks, DW.
Powered by eList eXpress LLC