OASIS ebXML Messaging Services TC

  • 1.  RE: [ebxml-msg] Pull messaging - questions

    Posted 12-08-2006 00:58
    Raja,
     
    We may need to go back to some basics on this for you...
     
    How CDC have implemented their ebXML client - I'm fairly certain that is atypical - and I'm not sure how close that is to the actual specification?!
     
    I know they did the ebXML certification - but - when we look at the tests they passed - not sure what their partners had to disable / do / to get it to cover off the CDC use case?
     
    More typically you have the Hermes implementation - where the client really is a full-function server acting as a client.
     
    This was the big differences we saw when we reviewed Hermes / vis CDC - and connected the two together to try see what was happening.
     
    Now - in our case - using Hermes - the push / pull models works differently.  The push consists of a initial message that goes to the partner.  It contains the release information for the real payloads.  We called this "staged delivery" - its push/pull.  So when the remote system is ready to receive - it sends the response back - and that then causes the initiator to queue up the delivery to that partner of the actual payloads. 
     
    That's obviously a different model to a pure client model that can only receive - not initiate - unless you've changed that in the past year?
     
    If you are really worried about security - then those encryption keys need to be exchanged directly via alternate trusted methods.  I believe the ebXML spec's call that out somewhere.
     
    Just trying to distill what the actual landscape is compared to what the specification is doing with push/pull.
     
    Thanks, DW
     


    "The way to be is to do" - Confucius (551-472 B.C.)





  • 2.  RE: [ebxml-msg] Pull messaging - questions

    Posted 12-08-2006 13:07
    David,
     
    You're right. As I mentioned earlier, PHINMS has some custom extensions, including:
     
    (1) Chunking (handling of large messages)
    (2) Push/pull messaging via a gateway (we call it "Route-Not-Read", since the intermediary only routes the message but does not read it since it is encrypted with the polling site's key)
     
    These extensions were needed since ebMS 2.0 did not include them. These extensions are used only by a small percentage of PHIN messaging use cases though. Majority of our messaging uses "direct-send" (sending node sends directly to receiving node, which has an Internet presence). However, a few nodes do not allow inbound connections, hence they can only receive by polling an intermediary, and to support this, we are using the Route-not-Read approach.
     
    Raja

    "David RR Webber (XML)" <david@drrw.info> wrote:
    Raja,
     
    We may need to go back to some basics on this for you...
     
    How CDC have implemented their ebXML client - I'm fairly certain that is atypical - and I'm not sure how close that is to the actual specification?!
     
    I know they did the ebXML certification - but - when we look at the tests they passed - not sure what their partners had to disable / do / to get it to cover off the CDC use case?
     
    More typically you have the Hermes implementation - where the client really is a full-function server acting as a client.
     
    This was the big differences we saw when we reviewed Hermes / vis CDC - and connected the two together to try see what was happening.
     
    Now - in our case - using Hermes - the push / pull models works differently.  The push consists of a initial message that goes to the partner.  It contains the release information for the real payloads.  We called this "staged delivery" - its push/pull.  So when the remote system is ready to receive - it sends the response back - and that then causes the initiator to queue up the delivery to that partner of the actual payloads. 
     
    That's obviously a different model to a pure client model that can only receive - not initiate - unless you've changed that in the past year?
     
    If you are really worried about security - then those encryption keys need to be exchanged directly via alternate trusted methods.  I believe the ebXML spec's call that out somewhere.
     
    Just trying to distill what the actual landscape is compared to what the specification is doing with push/pull.
     
    Thanks, DW
     

    "The way to be is to do" - Confucius (551-472 B.C.)






    ______________________________
    Raja Kailar, Ph.D.
    CTO, Business Networks International, Inc.
    Ph: (770) 399 0433
    Cell: (678) 358 6553
    Fax: (770) 234 6685
    kailar@bnetal.com
    http://www.bnetal.com
    http://www.managesecure.net