OASIS ebXML Messaging Services TC

 View Only

  • 1.  AS4 Section 5.1.8 Generating Receipts Profiling Rule (a) confusion

    Posted 05-14-2013 13:33
    Hi Section 5.1.8 Generating Receipts Profiling Rule (a) of the AS4 spec reads as follows When a Receipt is to be used solely for reception awareness, the sender of the Receipt MUST contain a copy of the eb:UserMessage structure of the received AS4 message. This is open to misinterpretation as it could mean that either the receipt must contain a copy of the eb:UserMessage structure or the Sender must keep a copy of that. My thinking is that it should read as one the following 1 When a Receipt is to be used solely for reception awareness, the sender of the Receipt MUST retain a copy of the eb:UserMessage structure of the received AS4 message. or 2 When a Receipt is to be used solely for reception awareness, the sender must include a copy of the eb:UserMessage structure of the received AS4 message in the receipt. Comments or other suggestions ? -- Regards Theo


  • 2.  RE: [ebxml-msg] AS4 Section 5.1.8 Generating Receipts Profiling Rule (a) confusion

    Posted 05-14-2013 15:27
    Hello Theo, Hello Theo, The document definitely wants to specify your number (2) rather than (1). Sorry if the language is not clear enought. For reception awareness there does not seem to be a need to keep copies of acknowledged user messages. Please file a JIRA issue so we can track this. Pim
    Original Message


  • 3.  RE: [ebxml-msg] AS4 Section 5.1.8 Generating Receipts Profiling Rule (a) confusion

    Posted 05-14-2013 15:34
    It might be that both provisions are to be required: that is, the sender of the receipt must retain the structure of the received message and the receipt sent must contain the structure. I agree we should decide these issues before we decide on a solution for the errata (text and/or schema) that are needed. Retention of the received message would also retain (implicitly) the structure. Normally retention of business documents is subject to various contractual and/or legal agreements-- especially how long they are retained. If that is so, the specification might be addressing what pertains to the wire format, rather than the archiving policy. It makes sense that even for receipt awareness, the receipt must contain some identifying information of the message that the receipt signals as having been received! Somehow the current sentence reads like it got "garbled" during editing somehow.
    Original Message


  • 4.  Receipt required and Non-Repudiation of receipt when the original user message is signed

    Posted 07-01-2013 19:26
    Hi Theo and all, I have a question about receipt generation. First if the original User Message is digital signed, is the receipt required to be generated and sent back by the message receiver? Secondly, if the receipt is to be generated, does the receipt have to be non-repudiation (signed) also in the case that the original User Message is signed? Or it can just be Reception Awareness? The spec seems not mandate these but I would like to ask for confirmation. Thanks, Rong


  • 5.  RE: [ebxml-msg] Receipt required and Non-Repudiation of receipt when the original user message is signed

    Posted 07-01-2013 20:56
    Rong, Whether or not a user message is (expected to be) signed is determined by the Pmode[].Security.Sign parameter. Whether or not a receipt is (expected to be) returned is determined by the Pmode[].Security.SendReceipt parameter. AS4 section 5.1.8 ties the two: receipts are to be signed if and only if the message they are receipts for are (expected to be) signed. Appendix B illustrates this using XSLT. Issue https://tools.oasis-open.org/issues/browse/EBXMLMSG-15 suggests that for AS4 the same should be said for errors. The ebMS 3.0 Core specification is missing a mechanism to specify expected security of receipts and signals as Pmode parameters. Pim
    Original Message


  • 6.  Re: [ebxml-msg] Receipt required and Non-Repudiation of receipt when the original user message is signed

    Posted 07-02-2013 04:32
    Hi Rong Piim summarises it nicely below - this really means that an AS4 MSH should cater for all these possibilities. On 01 Jul 2013, at 22:56 , Pim van der Eijk <pvde@sonnenglanz.net> wrote: > > Rong, > > Whether or not a user message is (expected to be) signed is > determined by the Pmode[].Security.Sign parameter. > > Whether or not a receipt is (expected to be) returned is > determined by the Pmode[].Security.SendReceipt parameter. > > AS4 section 5.1.8 ties the two: receipts are to be signed > if and only if the message they are receipts for are > (expected to be) signed. Appendix B illustrates this using > XSLT. > > Issue https://tools.oasis-open.org/issues/browse/EBXMLMSG-15 > suggests that for AS4 the same should be said for errors. > > The ebMS 3.0 Core specification is missing a mechanism to > specify expected security of receipts and signals as Pmode > parameters. > > Pim > > >
    Original Message


  • 7.  Re: [ebxml-msg] Receipt required and Non-Repudiation of receipt when the original user message is signed

    Posted 07-02-2013 06:59
    Pim, Thanks a lot for the explanation, which clarified my wonderings. Rong On 7/1/13 1:56 PM, "Pim van der Eijk" <pvde@sonnenglanz.net> wrote: > >Rong, > >Whether or not a user message is (expected to be) signed is >determined by the Pmode[].Security.Sign parameter. > >Whether or not a receipt is (expected to be) returned is >determined by the Pmode[].Security.SendReceipt parameter. > >AS4 section 5.1.8 ties the two: receipts are to be signed >if and only if the message they are receipts for are >(expected to be) signed. Appendix B illustrates this using >XSLT. > >Issue https://tools.oasis-open.org/issues/browse/EBXMLMSG-15 >suggests that for AS4 the same should be said for errors. > >The ebMS 3.0 Core specification is missing a mechanism to >specify expected security of receipts and signals as Pmode >parameters. > >Pim > > >
    Original Message


Related Content