- From: Cutler, Roger (RogerCutler) <RogerCutler@chevrontexaco.com>
- Date: Mon, 20 May 2002 15:15:40 -0700
- To: "'Champion, Mike'" <Mike.Champion@SoftwareAG-USA.com>, www-ws-arch@w3.org
- Message-ID: <7FCB5A9F010AAE419A79A54B44F3718E2EADCA@bocnte2k3.boc.chevrontexaco.net>
If there is a need for web services standards for non-repudiation (in the looser sense in which I am using the term) or auditing (perhaps in a stricter sense than the term is often used?) so that such applications can interoperate, then shouldn't that be part of the web services architecture we define? In the context of the usage case I have been working on, I think this capability needs to be part of the infrastructure so that SmallCo can get it as part of a shareware "business functions" web services package it downloads, as opposed to being part of the industry-specific business transaction protocols involved with the payload. The web service "infrastructure package" should do it, not whatever is implementing the business functions, since in some cases the business functions are implemented by hand. Put another way, we would like a web services business implementation from vendor A to implement the function in the same as as one from vendor B not only so we can easily handle communications between a company that uses A and one that uses B, but also so we can within one company get rid of A and plug in B without changing how this works. Given this as desirable, should it not be part of the architecture? I'm sorry, I know I'm not expressing this very well ... -----Original Message----- From: Champion, Mike [mailto:Mike.Champion@SoftwareAG-USA.com] Sent: Monday, May 20, 2002 2:30 PM To: www-ws-arch@w3.org Subject: RE: Non-Repudiation - A Lower Level? -----Original Message----- From: Edgar, Gerald [mailto:gerald.edgar@boeing.com] Sent: Monday, May 20, 2002 1:24 PM To: 'Krishna Sankar'; www-ws-arch@w3.org; 'Cutler, Roger (RogerCutler)' Subject: RE: Non-Repudiation - A Lower Level? Krishna - What Rodger was discussing is more than auditing. There needs to be a mechanism, not only to track (as in auditing) but to require a process that has some controls over it to provide the business some assurance that a request was not made by accident. This would be similar to simply signing a document. Below a certain dollar amount of transaction, there is no need for third party overview for non-repudiation. This sounds like a web services application. Perhaps there is a need for web services standards so that such applications can interoperate.But it's unclear to me why the web services architecture has a requirement to define non-repudiation mechanisms at this level.
Received on Monday, 20 May 2002 18:16:28 UTC