RE: [PartyId "type" negotiation]

[Krishna Sankar <ksankar@cisco.com>]

Hi,

	I agree with Prasad on this (and do not differ with William as well ;-)).
Here are a few of my observations:

	1.	For all purposes, one need not have full and implicit trust on a
Registry. The point here is, trust only the ones you need to trust.

	2.	In normal circumstances, the content would be signed by the Submitting
Organization and the registry would keep the documents with the signature.
When one receives a document from the registry, one can determine if one
wants to trust the document based on the SO's signature.

		There could be documents without any signature and the receiving systems
can trust or reject the document.

	3.	The Registry does not validate any content. It is more of a central
store, capable of answering queries about it's repository.

	4.	The above are the assumptions (or non-assumptions) for a normal registry
which implements the ebXML specs.

	5.	Having said all these, I can think of scenarios where one trusts a
registry.
		For example, an organization like D&B or some other commercial entity can
have a trusted registry service, which validates the content. In this case
one can trust this RA and the documents would be signed by this RA as well.

	just my 2c.

cheers

|-----Original Message-----
|From: Prasad Yendluri [mailto:pyendluri@webmethods.com]
|Sent: Monday, April 02, 2001 8:14 PM
|Cc: ebxml-tp@lists.ebxml.org
|Subject: Re: [PartyId "type" negotiation]
|
|
|"William J. Kammerer" wrote:
|
|> Prasad Yendluri said "If one party uses arbitrary partyId 'type' (for
|> their own partyId), the receiving party may not have the framework to
|> verify the Id to be a valid one per the 'type' (say DUNS)."
|>
|> Why would you need to validate the DUNS of your potential trading
|> partner at all? Wouldn't the registry have done that when the CPP was
|> registered?
|
|Nope! Registry does not "validate" the content submitted to it.
|
|> For example, why would a registry knowingly allow someone
|> to use General Motors' DUNS in a CPP unless the registrant were known to
|> be General Motors? You should be able to trust the CPP belongs to whom
|> it purports to belong to, and the registry has a vested interest in
|> ensuring so.
|
|Registry is not responsible for validating all attributes of content you
|submit. You can submit binary data into registry.
|
|> Assuming I trust the registry, I should be able to trust the CPPs
|> contained within it.
|
|That is an incorrect assumption :)
|
|>  If a "registry" of the decrepit old EDI model -
|> say, Sterling Commerce - tells me that Roadway Express is accessible on
|> their network using either SCAC "RDWY" or DUNS "006998397", then I can
|> trust them.  If my ISA says send this EDI interchange to whomever has
|> the SCAC of "RDWY" I want that data only to go to Roadway Express in
|> Akron, Ohio.  Can't ebXML do the same?
|>
|
|
|------------------------------------------------------------------
|To unsubscribe from this elist send a message with the single word
|"unsubscribe" in the body to: ebxml-tp-request@lists.ebxml.org
|