RE: Security Meeting in Boston

[Philippe DeSmedt <PDeSmedt@viquity.com>]

All,

 

Glad to see that good progress is being made at the ebXML security meeting. To briefly chime in, I'd like to suggest that we make sure that whatever sinature and/or encryption schemes we come up with, still allow for multi-hop (intermediary-based) routing. Thanks.

 

-Philippe

_______________________________
Philippe De Smedt
Architect
Viquity Corporation (www.viquity.com)
1161 N. Fair Oaks Avenue
Sunnyvale, CA 94089-2102
(408) 548-9722
(408) 747-5586 (fax)
pdesmedt@viquity.com

-----Original Message-----
From: Burdett, David [mailto:david.burdett@commerceone.com]
Sent: Thursday, December 07, 2000 2:10 PM
To: 'Ralph Berwanger'; Ebxml-Transport (E-mail)
Subject: RE: Security Meeting in Boston

Ralph

 

There was some discussion way back on whether we wanted one single header, or multiple headers. The basic argument was that a single header would be simpler but would mean you could not change it if it was signed. It was recognized that XML Signature was making good progress and therefore would likely be available around the same time as ebXML. Therefore the consensus was that we should have a single message header and, if it needed to be signed, the whole header would be signed. Although this means you could not do multihop routing it was thought that a simpler structure and alignment with XML Signature was the way to go.

 

Just some historical background ...

 

David

-----Original Message-----
From: Ralph Berwanger [mailto:rberwanger@bTrade.com]
Sent: Thursday, December 07, 2000 1:33 PM
To: Ebxml-Transport (E-mail)
Subject: Security Meeting in Boston

So far we have had a very lively discussion regarding satisfaction of the security requirements for the Message Servicing Specification.  Based on the discussions the following items were agreed.

 

1.       Payload security is not the responsibility of the MSH.  The function may be performed on a B2B server that also hosts the MSH; however the MSH does not own the operations.  There was agreement that the MSH would not alter the payload.

2.       Applications should be able to sign payloads using S/MIME, PGP/MIME, or XML-DSig.  The POC will be asked to ensure that signed payloads can be reliably communicated between MSH agents.

3.       Applications should provide confidentiality using S/MIME or PGP/MIME.  The POC will be asked to ensure that encrypted payloads can be reliably communicated between MSH agents.

4.       The MSH must support the signing of an entire ebXML document.  There are two alternatives on the table—one using XML/DSig another using S/MIME.  These two proposals impact the current version of the MSH specification (0.8).  The XML/DSig solution will allow us to use the ebXML header, as it is currently defined.  The S/MIME signing does inject difficulties, especially where they involve multiple signatures or message routing. 

5.       The MSH must support selective encryption of data within the ebXML header.  It was agreed that this requirement could not be satisfied in phase 1,2, or 3.   It was suggested that S/MIME be used to satisfy this requirement—that will require significant restructuring of the ebXML Header.  It was also suggested that we wait and employ XML-encryption once that standard becomes available.  Assuming that the XML-encryption work takes a form similar to the XML/DSig product, we should be able to use the XML-encryption standard with the current structure of the ebXML header.

 

Chris and Maryann are pleading for a teleconference to discuss points 4 and 5. The major question is whether the group is prepared to restructure the ebXML document header to support the broad security requirement (as they apply to the entire ebXML document).  It is important that TRP think about the proposals that are going to come from the security group and that they are prepared to discuss them during the face-to-face scheduled for January (London).   Formal notification of this request will be coming directly from Maryann, the chairperson of the Security Work Group.