Good answer Steve. I have a question for Jan. When you order the pizza over the phone how do you prove you didn't buy a house?
Paul On 2/21/07, Steve Jones <[EMAIL PROTECTED]> wrote:
Assuming you are using SAML and WS-Security and have kept a log of the messages then its fine as this will contain both their authentication and your own. If however you didn't use security and its an open exchange then you are just going to have fun in the courts. This is one of the key things about Trust (and one of the reasons that security != HTTPS), before you start a transaction you need to trust the other party to deliver or trust that you have recourse if something goes wrong. This plays back to something I asked at a conference back in 2001 (IIRC) (just after my dad had seen a presentation on WS and said "so why is ASCII RPC now a good idea?"). The presenter had outlined the holy trinity of WS including UDDI and talked of a "business" scenario where you would discover automatically a credit card clearance company and select the cheapest one and then complete the transaction. My point then was that this is bollocks as if that were true then I'd set up the world's cheapest credit card clearing company in somewhere with no extradition treaties and then fleece the world. Trust and validity are serious and difficult concepts, its fine for people to argue about document shifting approach X v Y, but if they don't provide a framework for Trust and validity on top of that base then its a pointless argument. SAML, WS-Security, WS-Trust and a decent set of audit logs. Steve On 21/02/07, Jan Algermissen < [EMAIL PROTECTED]> wrote: > > Hi, > > if have SOA-ordered a pizza the other day but yesterday I learned I > sold my house..... > > How do I prove in court that my digitally signed pizza order was > indeed a pizza order and not (as the recipient claims) a house sale? > > Jan > >
-- Paul Fremantle VP/Technology, WSO2 and OASIS WS-RX TC Co-chair http://bloglines.com/blog/paulfremantle [EMAIL PROTECTED] "Oxygenating the Web Service Platform", www.wso2.com
