RE: Security Question from bhaugen on 2002-08-06 (www-ws-arch@w3.org from August 2002)

From: bhaugen <linkage@interaccess.com>
Date: Tue, 06 Aug 2002 12:47:42 -0500
To: www-ws-arch@w3.org
Message-id: <002001c23d71$5e118340$b8eafea9@default>

Hal Lockhart wrote:

> As I stated in a previous email, I agree with the general notion of
avoiding
> ambiguity, however I think Mark's idea of not depending on anything
external
> is unrealistic. Every business transaction depends on shared
understandings
> about the goods or services involved, the terms and conditions of sale
and a
> host of other things not explicitly spelled out in the network
messages. Of
> course, many of these are defined by centuries of commercial practice
as
> well as laws and regulations. However, others may vary depending on
the
> legal system, industry and over time.

Ok, you're right.  I took Mark's statement in its original context,
which was default values popping in from schemas, that is,
alteration of the message contents.  If you take it in the
context you explained very well above, it's not true.

But for all of the other dependencies, if they are Web resources
hyperlinked from the resource that the subject of the transaction
(e.g. an order), then it would still be possible to have a
definite answer to enough questions to be able to do
business.

> I believe the most practical approach, which is currently happening,
is for
> industry consortia to establish standards for the syntax and semantics
of
> common transactions in their industry. By making use of these
standards, it
> should be possible to avoid a semantic misunderstanding (deliberate or
not).
> A party who claims to have reason to use semantics which are contrary
to the
> established standards for the relevant industry will face a very
difficult
> burden of proof.

Most but not all of the industry consortia are focusing on document
contents alone.  The business processes, transaction handling
rules, etc. also need to be spelled out for anything resembling
proof.

For a simple example, did the seller agree to be bound
by the buyer's order, or not?  How can you tell from the order
document alone? Is an explict acceptance response
required?  What if the response comes after the price
is reduced? What if the buyer cancels the order?
What if the seller delivers the goods later than promised?
...and on and on...

-Bob Haugen

Received on Tuesday, 6 August 2002 15:58:56 UTC