[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Transport and packaging security standards?
All, The security section in the ebXML Message Service specification deals only with the identification and description of the various profiles, declaring XMLDSIG as the REQUIRED technology for signing the ebXML Message (header and payload), and providing a "binding" for XMLDSIG signing of header and payload. The spec should be published to the trp list on Monday. David B is just putting the last finishing touches on the doc (incorporating changes agreed in the face2face). The cut of the security section in v0.9 of the MS spec included much of Maryann's initial draft, but this has been removed as it rightly belongs in the TA document/appendix/addendum. This should deal with the overall description of security through the stack, the description of the risks and countermeasures, etc. The current draft (v0.92) does not address the security profiles for signing payload as it was felt that this wasn't normative since the payload is opaque to the MSH. The descriptions of S/MIME (and PGP/MIME) signing *could* be prepared as non-normative appendicies to the MS spec if people feel that this is important. As for volunteers, I'm on board to help in any way I can. Cheers, Chris Maryann Hondo wrote: > > Dick, > i believe security was removed from version 8, but > was back in version 9 with the proposal from chris, but i'm not sure where > it stands after the face to face > this week > > Scott, > just for background, security has been bouncing around a bit.... > > originally we started defining security for "trp payloads", and including > CPP profiles for SMIME & PGP > in the trp spec > > we left combined security on the header, optional routing headers and the > payload for a future version... > but this left us with the fact that the payload should just be a "blob" > from the transport & packaging perspective > which meant the security parts didn't belong in TRP but in the Trading > Partner sub-group which will provide > the tags for security in the cpp (but we needed to co-ordinte moving these > sections to the tp spec which I believe > dale is doing) > > and chris ferris then put forward a proposal for a default profile for > signing the header & payload using XML DSIG, which I believe was accepted > by the trp group on the last call but i'n not sure which version of the > document will include this > > one issue outstanding for TRP is how to provide authentication or > authorization and we are looking > to the evolution of S2ML "tokens" in the header as a possible solution. > > hope this helps. > > due to the fact that i broke my right wrist, i'm not sure when i'll be able > to produce a document, i'm > trying to rustle up some help......want to volunteer??????? > > maryann > > Dick Brooks <dick@8760.com> on 01/12/2001 11:27:40 AM > > Please respond to dick@8760.com > > To: "Parnell, Scott" <Scott.Parnell@usa.xerox.com>, > ebxml-transport@lists.ebxml.org > cc: > Subject: RE: Transport and packaging security standards? > > Scott, > > All the security related verbiage was moved from the TRP spec to the > security spec, which Maryann Hondo mailto:mhondo@us.ibm.com is leading up. > > Dick Brooks > Group 8760 > 110 12th Street North > Birmingham, AL 35203 > dick@8760.com > 205-250-8053 > Fax: 205-250-8057 > http://www.8760.com/ > > InsideAgent - Empowering e-commerce solutions > > > -----Original Message----- > > From: Parnell, Scott [mailto:Scott.Parnell@usa.xerox.com] > > Sent: Friday, January 12, 2001 9:06 AM > > To: 'ebxml-transport@lists.ebxml.org' > > Subject: Transport and packaging security standards? > > > > > > Message-id: > > > <B08661D21F0FD311A21A00805FC7D6500154D5F5@usa0845ms1.svcdoc.mc.xerox.com> > > MIME-version: 1.0 > > X-Mailer: Internet Mail Service (5.5.2650.21) > > Content-type: text/plain > > Content-transfer-encoding: 7BIT > > List-Owner: <mailto:ebxml-transport-help@lists.ebxml.org> > > List-Post: <mailto:ebxml-transport@lists.ebxml.org> > > List-Subscribe: > > <mailto:ebxml-transport-request@lists.ebxml.org?body=subscribe> > > List-Unsubscribe: > > <mailto:ebxml-transport-request@lists.ebxml.org?body=unsubscribe> > > List-Archive: <http://lists.ebxml.org/archives/ebxml-transport> > > List-Help: <http://lists.ebxml.org/doc/email-manage.html>, > > <mailto:ebxml-transport-request@lists.ebxml.org?body=help> > > > > I found this quote apparently originating from Dick Brooks: > > > > >- The ebXML packaging spec references S/MIME (RFC 2633) and PGP/MIME > (RFC > > >2015) standards for encryption and digital signature and the ebXML > header > > >spec references XML Dsig for more granular signature requirements than > > >provided by RFC 2633 and RFC 2015; > > > > at: http://lists.ebxml.org/archives/ebxml-awareness/200007/msg00010.html > > > > but when I couldn't find any reference to specific security mechanisms in > > the 0.8 release of the Transport, Routing, and Packaging spec. The > closest > > reference I could find was to a document titled "ebXML Message Services > > Security Specification." and a comment that it is under > > development If this > > is where it will be defined, is there any outlook on when this > > document will > > be publically available? > > > > Regards, > > Scott
begin:vcard n:Ferris;Christopher tel;cell:508-667-0402 tel;work:781-442-3063 x-mozilla-html:FALSE org:Sun Microsystems, Inc;XTC Advanced Development adr:;;One Network Drive;Burlington;Ma;01803-0903;USA version:2.1 email;internet:chris.ferris@east.sun.com title:Senior Staff Engineer fn:Christopher Ferris end:vcard
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC