RE: Transport and packaging security standards?

[Maryann Hondo <mhondo@us.ibm.com>]

Dick,
i believe security  was removed from version 8, but
was back in version 9 with the proposal  from chris, but i'm not sure where
it stands after the face to face
this week


Scott,
just for background, security has been bouncing around a bit....

originally we started defining security for "trp payloads", and including
CPP profiles for SMIME & PGP
in the trp spec

we left combined security on the header, optional routing headers and the
payload for a future version...
but this  left us with the fact that the payload should just be a "blob"
from the transport & packaging perspective
which meant the security parts didn't belong in TRP but in the Trading
Partner sub-group which will provide
the tags for security in the cpp (but we needed to co-ordinte moving these
sections to the tp spec which I believe
dale is doing)

 and chris ferris then  put forward a proposal for a default profile for
signing the header & payload using XML DSIG, which I believe was accepted
by the trp group on the last call but i'n not sure which version of the
document will include this

one issue outstanding for TRP is how to provide authentication or
authorization and we are looking
to the evolution of S2ML "tokens" in the header as a possible solution.

hope this helps.

due to the fact that i broke my right wrist, i'm not sure when i'll be able
to produce a document, i'm
trying to rustle up some help......want to volunteer???????

maryann

Dick Brooks <dick@8760.com> on 01/12/2001 11:27:40 AM

Please respond to dick@8760.com

To:   "Parnell, Scott" <Scott.Parnell@usa.xerox.com>,
      ebxml-transport@lists.ebxml.org
cc:
Subject:  RE: Transport and packaging security standards?



Scott,

All the security related verbiage was moved from the TRP spec to the
security spec, which Maryann Hondo mailto:mhondo@us.ibm.com is leading up.

Dick Brooks
Group 8760
110 12th Street North
Birmingham, AL 35203
dick@8760.com
205-250-8053
Fax: 205-250-8057
http://www.8760.com/

InsideAgent - Empowering e-commerce solutions

> -----Original Message-----
> From: Parnell, Scott [mailto:Scott.Parnell@usa.xerox.com]
> Sent: Friday, January 12, 2001 9:06 AM
> To: 'ebxml-transport@lists.ebxml.org'
> Subject: Transport and packaging security standards?
>
>
> Message-id:
>
<B08661D21F0FD311A21A00805FC7D6500154D5F5@usa0845ms1.svcdoc.mc.xerox.com>
> MIME-version: 1.0
> X-Mailer: Internet Mail Service (5.5.2650.21)
> Content-type: text/plain
> Content-transfer-encoding: 7BIT
> List-Owner: <mailto:ebxml-transport-help@lists.ebxml.org>
> List-Post: <mailto:ebxml-transport@lists.ebxml.org>
> List-Subscribe:
> <mailto:ebxml-transport-request@lists.ebxml.org?body=subscribe>
> List-Unsubscribe:
>  <mailto:ebxml-transport-request@lists.ebxml.org?body=unsubscribe>
> List-Archive: <http://lists.ebxml.org/archives/ebxml-transport>
> List-Help: <http://lists.ebxml.org/doc/email-manage.html>,
>  <mailto:ebxml-transport-request@lists.ebxml.org?body=help>
>
> I found this quote apparently originating from Dick Brooks:
>
> >- The ebXML packaging spec references S/MIME (RFC 2633) and PGP/MIME
(RFC
> >2015) standards for encryption and digital signature and the ebXML
header
> >spec references XML Dsig for more granular signature requirements than
> >provided by RFC 2633 and RFC 2015;
>
> at: http://lists.ebxml.org/archives/ebxml-awareness/200007/msg00010.html
>
> but when I couldn't find any reference to specific security mechanisms in
> the 0.8 release of the Transport, Routing, and Packaging spec. The
closest
> reference I could find was to a document titled "ebXML Message Services
> Security Specification." and a comment that it is under
> development If this
> is where it will be defined, is there any outlook on when this
> document will
> be publically available?
>
> Regards,
> Scott