Re: How is this supposed to work?

[Christopher Ferris <chris.ferris@east.sun.com>]

David,

Your statement below makes absolutely no sense
at all. A TPA is an agreement between two parties.
What you cite as a possible DoS attack point
is in fact not possible because the two parties
agreed to the orchestration of the message exchange,
including the response URI for a given message.

I would agree that RR needs to examine carefully
which features of TR&P are suitable for its use, and 
most certainly agree that if there are deficiencies
in the features available, that we will need to 
address these in a subsequent version of the MS spec.

The POC effort will help us (TR&P) to identify
weak areas of the specification which need either
improvement, redefinition or better explanation.
We (TR&P) look forward to receiving this valuable
feedback based on real experience, not simply
conjecture.

Cheers,

Chris


David RR Webber wrote:
> 
> Message text written by Farrukh Najmi
> >
> JP,
> 
> You are right that the response is sent to the URI that is looked up in the
> TPA
> based on DUNS number.
> <<<<<<<<<<<<<<<<
> 
> Farrukh,
> 
> At some point we need to raise this as an issue with TRP.
> 
> Unlike TRP exchanges that require some business process,
> RegRep Requests are to the large part automated.
> 
> This therefore leaves open the possiblity that inadvertently or
> deliberately someone could exploit this to send junk messages
> endlessly to someone else.  This is a 'feature' of TRP that
> RegRep does not need IMO.
> 
> It also highlights the need for us to examine in a transport
> neutral way exactly what functionality we really need for RegRep.
> I'd be much more comfortable with creating such a transport
> requirements base set.  Then allowing people to show how
> TRP fulfils that, and so on.  Time did not permit this for the PoC
> but this should definately be revisited.
> 
> Thanks, DW.