Draft Notes OASIS Ebxml CPPA TC Teleconference June 22, 2007

Draft Notes OASIS ebXML CPPA TC Teleconference July 13 and 27, 2007

Attendance at July Meetings

Pete Wenzel Dale Moberg Monica Martin Pim van der Eijk

Regrets

Sacha Schlegel

The documentation of the review of PMode examples conducted on July 13 is at http://lists.oasis-open.org/archives/ebxml-cppa/200707/msg00005.html with the agenda for that meeting at http://lists.oasis-open.org/archives/ebxml-cppa/200707/msg00000.html

The July 27 2007 meeting notes are as follows:

The draft meeting agenda is at http://lists.oasis-open.org/archives/ebxml-cppa/200707/msg00006.html

1. Access Tokens. Monica asked to what extent, if any, current AccessTokens could be used by other protocols, such as XML over HTTP, that do not involve SOAP 1.1 or 1.2. Dale will research the issue and post to list. Others wishing to publish views are also encouraged to do so.

2. Pim provided use cases for sequencing. Dale wondered whether in the first use case (open/close issues regarding a service) a message set would not handle tracking. Pim said that many use cases could probably be treated at the business document design level. Monica mentioned that financial services such as mortgage payments can involve third party services and that distinguishing an extra payment from the monthly payment could be challenging tracking problem and could provide a use case. Pim’s second use case did appear to involve submission of messages in order to processor that itself did not enforce sequence. Sequence was to enforce as submitted. These use cases seemed to be a type where MSH level order and sequence could be of use. Another topic was a sequence with a start but no termination. This seemed possible from a requirements point of view. Will check on whether this is allowed.

3. Final topic was about encrypting and signing elements and/or body parts in different orders. WS Policy does not fully support and leaves these details to be documented in the WWW header. So a Policy about these matters does not yet seem available. Dale noted we could tell users to 1. use policy when support needed for what is encrypted and or signed. Or 2, use existing 2.0 mechanism which presumes all signed but can exclude from signature. (A similar extension for encryption could be added.) Or we could try to augment policy with a more comprehensive solution. Monica wondered how much of this functionality is really going to be requested by business users. Dale agreed that a lot of the WSS functionality is well ahead of end user requirements that he had heard expressed. In fact the most commonly expressed view is that any business data included in a message is important enough to be signed and at least encrypted by transport level security.

We can delay final decision, but consensus seems to favor not doing more work (much beyond what we have) until we hear from end users about precisely what advanced features are needed.