[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Registry Security Spec Version 003
I agree with Marty on the API. Best regards, Henry PS: Hey, Marty, next time you're in Boston, I'll take you to a Bricks-and-Mortar store that has more desk lamps than you can shake a stick at -- you can touch and turn on and return if necessary. Oops, shouldn't say this on an ebXML list ;-) -------------------------------------------- At 08:02 PM 12/29/2000 -0500, Martin W Sachs wrote: > >David, > >I think that we are in agreement with "API" question but just to be sure: > >We cannot enforce that implementers provide a rich API but we can certainly >encourage it by completing and publishing the service interface >specification even if it is (and probably should be) non-normative. The >more non-normative discussion of possibilities there is in a specification, >the more likely that implementers will take the hint. > >This isn't only a question of implementer business decisions. In many >cases, I suspect that the problem is that the people doing the design and >coding simply don't have a sufficiently broad and deep understanding of the >issues. Lots of non-normative discussion can do a lot of educating. > >I recently tried to buy a desk lamp from a web service. I searched their >catalog for lamps and got a couple of hundred hits on clipboards and paper >clips which obscured my lamp. The reason turned out to be that the catalog >was giving me clamps in addition to lamps. In that catalogue, "clamp" is a >category code which includes paperclips and clipboards. That's a case of >someone not knowing the difference between searching on text strings and >searching on words. The more discussion we include, the more we can help >to avoid such errors. > >Regards, >Marty > >**************************************************************************** >********* > >Martin W. Sachs >IBM T. J. Watson Research Center >P. O. B. 704 >Yorktown Hts, NY 10598 >914-784-7287; IBM tie line 863-7287 >Notes address: Martin W Sachs/Watson/IBM >Internet address: mwsachs @ us.ibm.com >**************************************************************************** >********* > > > >"Burdett, David" <david.burdett@commerceone.com> on 12/27/2000 03:40:26 PM > >To: "'Krishna Sankar'" <ksankar@cisco.com>, ebxml-regrep@lists.ebxml.org, > Ebxml Transport <ebxml-transport@lists.ebxml.org>, Ebxml-Ta-Security > <ebxml-ta-security@lists.ebxml.org> >cc: >Subject: RE: Registry Security Spec Version 003 > > > >>>>if there is only an anemic MAY, then all applications which use the TRP >would have to specify alternate ways (for signature and encryption) as >well.<<< > >I disagree. If the specification provides for a wire format that meets all >the signature and encryption requirements of an application then there >should be no reason why an application should not be able to use it, if >they >want to. If the software that an implementer has chosen doesn't allow it >then it is the implementers problem for choosing the wrong software. > >IMO, I think we need to encourage the availability of software that >provides >a rich inteface to high level applications so that they can examine and >process any data in an ebXML message **without requiring all solutions >provide it**. For one thing you can't make software developers implement a >rich API if they don't want to. > >However you can let software developers create solutions that meet >customers >needs. So if customers need access to the inner details of an ebXML message >then they will demand, and solution providers will presumably develop, >solutions that meet that need. Similarly, if there is a demand, solutions >that hide all the lower level details from the application will be >developed. > >Once we do get the infamous Service Interface Specification developed then >software vendors will be able to claim compliance with it and therefore >provide the richer functionality you seek. > >Either way I honestly don't see how the specification can mandate the use >of >an API for the software, you just need to make sure that the specification >encourages it but doesn't prevent it. > >Cheers !! > >David > >-----Original Message----- >From: Krishna Sankar [mailto:ksankar@cisco.com] >Sent: Wednesday, December 27, 2000 11:46 AM >To: Burdett, David; ebxml-regrep@lists.ebxml.org; Ebxml Transport; >Ebxml-Ta-Security >Subject: RE: Registry Security Spec Version 003 > > >David, > > Sorry David, if there is only an anemic MAY, then all applications >which >use the TRP would have to specify alternate ways (for signature and >encryption) as well. Which is fine, so long as this is what the TRP specs >says. But I would rather see a crisp specification which deals with what >things would be done rather than possibilities. > > Remember, we are talking about what and not how and when. > > cheers > >> -----Original Message----- >> From: Burdett, David [mailto:david.burdett@commerceone.com] >> Sent: Wednesday, December 27, 2000 11:30 AM >> To: 'Krishna Sankar'; ebxml-regrep@lists.ebxml.org; Ebxml Transport; >> Ebxml-Ta-Security >> Subject: RE: Registry Security Spec Version 003 >> >> >> I really think we are debating specification vs implementation. >> You say that >> SSL stips of the signature so that you can't see it. I haven't used SSL >> myself, but I guess what you are actually saying is that SSL >> implementations >> strip of the signature and do not pass it to a higher level app. >> Or does the >> SSL **spec** require that signatures are stripped. I could imagine that a >> particular SSL implementation could make the signature available >> if this was >> important. >> >> What I think you are looking for in the ebXML TRP specs is >> wording along the >> following lines ... >> >> "Any or all of the data contained in the data communication protocol, >MIME >> envelopes and the ebXML Header Document, MAY be made available by the >> Message Service Handler to an application or other process that is >> processing the message. How this is done is implementation dependent >> although ebXML Service Interface specification (to be developed) >> provides a >> non-normative design for how this may be done." >> >> David >> >> -----Original Message----- >> From: Krishna Sankar [mailto:ksankar@cisco.com] >> Sent: Wednesday, December 27, 2000 10:21 AM >> To: Burdett, David; ebxml-regrep@lists.ebxml.org; Ebxml Transport; >> Ebxml-Ta-Security >> Subject: RE: Registry Security Spec Version 003 >> >> >> David, >> >> Thanks for the e-mail. My comments are embedded. >> >> cheers >> >> > -----Original Message----- >> > From: Burdett, David [mailto:david.burdett@commerceone.com] >> <snip ../> >> > >> > The answer to this question depends on whether you are defining: >> > a) a wire specification with a description of the behavior of >> the software >> > at each end, or >> > b) a software solution that implements the specification defined in a) >> > >> >> Yep, we are doing a wire specification. No problems here. >> >> > I think we are doing the former - the wire specification. More >> > specifically >> > we are saying the following: >> > 1) You can have a XML Dsig compliant signature in the ebXML >> > header which can >> > potentially sign anything, and >> > 2) The MIME part that is the payload may be digitally signed >> > using, S/MIME, >> > PGP/MIME or XML Dsig. >> > >> > However whether or not software that supports the ebXML specification >is >> > able to sign a payload really is an implementation decision of >> > the software >> > designer. >> > >> >> David, you are addressing specification Vs implementation. I am not even >> talking about implementation. If the software does not implement security >> stuff, then that particular installation will not have the capability. >> >> The question is whether the *specification* says the TRP is a black box >or >> not. It is a question of visibility to the upper layers - an >> architectural/specification issue. Pl read on. >> >> > So to answer your question ... "Is the TRP going to be a black box with >> > regard to applications or will it "communicate" with the layers >> > above ?" The >> > real answer is it depends on how you build your solution or the >> > features of >> > the ebXML solution you buy. >> >> I disagree. If the specification leaves the architecture issues to the >> implementer then we are asking for trouble ! For the lack of better words >> "communicate with the layers above" is *not* an implementation issue. >> >> Remember my question is not whether it is *available* or not, but whether >> there is an interface from the TRP layer to the upper application layer. >> This need not be APIs or services, could be just elements in the XML - >for >> example if the signature is OK, the TRP puts an element >> <SignatureVerified>Yes</SignatureVerified> in the header for the >> application >> to read - This is just an example. >> >> The visibility example can be best amplified by SSL. Even though SSL does >> encryption et al, the application cannot get to the signatures or the >> encrypted payload. So even if the transport layer (actually the message >> layer to be politically correct) uses SSL, the application still has to >> specify how to sign a payload, how to encrypt it etc. >> >> Again, as there are well known standards, the specification has to do >only >> the semantics and syntax not the algorithms. >> >> > >> > So for your spec, I would focus on describing the requirement >> rather than >> > the solution to the requirement. For example if you wanted allow >> > the payload >> > resulting from a reg-rep query to be digitally signed, then I would use >> > words along the lines of: >> > >> > >>>"The Payload of the Reg-Rep query MAY be signed using a XML >Signature >> > within the ebXML Header Document, etc...<<< >> >> This approach I like. We can specify the requirements. But by saying that >> the header MAY be signed, we are saying that the semantics and >> syntax of the >> operation is described somewhere, hopefully in the TRP specification. >> >> Again my question is, if the TRP specifies how to sign a header >> separately, >> then I can do what you say. But then the header - with the signature - >> should be available at the application layer. In other words, if the >> application can "see" the signature, then we can leverage the TRP >> specs. But >> if the TRP strips off the signature, we need to have some other scheme. >> >> Same is true with the payload signature. If the TRP verifies the payload >> signature and strips it, then the application not only has to specify >what >> is required, but it needs to specify the XML elements as well. >> >> It is this interaction that I was abstracting as the black-box >> behavior. May >> be the idea all along was to pass on the header signature and payload >> signature/encryption to the application layer. I have a related question >- >> have you folks discussed using SSL at the TRP layer ? If so, how will it >> play ? Will an SSL implementation satisfy the TRP security requirements ? >> >> Hopefully, I have made the points more clearer. >> >> cheers >> >> >> > >> > David >> > >> > -----Original Message----- >> > From: Krishna Sankar [mailto:ksankar@cisco.com] >> > Sent: Tuesday, December 26, 2000 11:55 AM >> > To: ebxml-regrep@lists.ebxml.org; Ebxml Transport; Ebxml-Ta-Security >> > Subject: RE: Registry Security Spec Version 003 >> > >> > >> > Chris, >> > >> > Comments embedded. >> > cheers >> > >> > > -----Original Message----- >> > > From: christopher ferris [mailto:chris.ferris@east.sun.com] >> > > Sent: Tuesday, December 26, 2000 7:24 AM >> > > To: Krishna Sankar >> > > Cc: ebxml-regrep@lists.ebxml.org; Ebxml Transport; Ebxml-Ta-Security >> > > Subject: Re: Registry Security Spec Version 003 >> > > >> > > >> > > Krishna, >> > > >> > > Some comments on your proposal. >> <snip ../> >> > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC