[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: ebxml packaging and transport conference call
At 13:36 30/11/99 -0600, you wrote: Rik, I have realized just now that you have fixed the conference call for December 2... As I told you I am not able to attend the meeting as I will be in a conference tomorrow.... I initially thougth that you had changed the date of the meeting, but I see now that you haven't, probably because it is more suitable the 2ond for other people. Anyway, perhaps you can send me an email summarising the discussion. As for me, I am specially interested in security, and there is a couple of things that I have to comment: 1. In the document circulated in the list by David, and under the Security topic, appear requirements on signatures and confidentiality, but nothing is said on secure acknowledge of reception and non repudiation of receipt. I am talking about something that it is a real requirement in business process: the sender of a signed document wants to receive a signed document by the receiver saying that he has received the document he sent, and he wants to receive something that can demonstrate that indeed the document was received by the recipient As I said, this is a real requirement: in Spain we have set up a pilot on use of EDI on internet among EANCOM users, and the first thing they put on the table was that they wanted to have something demonstrating that the message had reached the recipient. In EDIFACT a special message has been defined for this purpose, the AUTACK message, that contains references to the messages received and digital signatures of these messages, which provides to the sender with a proof of that the recipient actually received the message. I think that some similar development is needed in XML/EDI: a message, with a defined structure so that the non-repudiation of receipt is provided in the same way always. 2. On my contribution to the work of the group, I would like to focus on security issues mainly. In this way, I think that we should start by doing two things: a. Agreeing in the security services we would like to see in the XML/EDI messages. b. As it seems that the other thing we should do is to carry out a review of existing security standards, we should agree in a structure of the review documents, in terms of producing something coherent that facilitates comparisons and summaries, and not get a set of documents completelly different.... b. Reviewing existing security services and infrastructures documents and standards. I put on the table the parts 5, 6, 7 and 9 of ISO9735 (EDIFACT syntax), and I can commit myself to provide a reviewing document on them, but I can also participate in the review of other security standards and documents (PKCS, OFTP, W3Consortium document on digital signatures, S-MIME, PKI documents, etc.). I think that we should arrive in the February meeting with this document produced and a decision taken on what our activity in the security field should be afterwards (whether we will produce additional specifications for other services, etc.) Regards. Juan Carlos. >ebxml conference call for packaging and transport wg on December 2, 1999 at >8:00 pacific standard time for one hour at most. > >phone number: 212 293-3102 USA > >Rik > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC