On 21.02.2007, at 12:38, Paul Fremantle wrote:
Good answer Steve.
I have a question for Jan. When you order the pizza over the phone
how do you prove you didn't buy a house?
Well, assumed I have a witness for what I said, the uttering of "this
is a pizza order, let me have a large magaritha" should sufficiently
prove and state my intent - it is self descriptive (which is a
property of all business documents, BTW).
Jan
Paul
On 2/21/07, Steve Jones <[EMAIL PROTECTED]> wrote:
Assuming you are using SAML and WS-Security and have kept a log of
the messages then its fine as this will contain both their
authentication and your own.
If however you didn't use security and its an open exchange then
you are just going to have fun in the courts. This is one of the
key things about Trust (and one of the reasons that security !=
HTTPS), before you start a transaction you need to trust the other
party to deliver or trust that you have recourse if something goes
wrong. This plays back to something I asked at a conference back
in 2001 (IIRC) (just after my dad had seen a presentation on WS and
said "so why is ASCII RPC now a good idea?"). The presenter had
outlined the holy trinity of WS including UDDI and talked of a
"business" scenario where you would discover automatically a credit
card clearance company and select the cheapest one and then
complete the transaction. My point then was that this is bollocks
as ! if that were true then I'd set up the world's cheapest credit
card clearing company in somewhere with no extradition treaties and
then fleece the world.
Trust and validity are serious and difficult concepts, its fine for
people to argue about document shifting approach X v Y, but if they
don't provide a framework for Trust and validity on top of that
base then its a pointless argument.
SAML, WS-Security, WS-Trust and a decent set of audit logs.
Steve
On 21/02/07, Jan Algermissen < [EMAIL PROTECTED]> wrote:
Hi,
if have SOA-ordered a pizza the other day but yesterday I learned I
sold my house.....
How do I prove in court that my digitally signed pizza order was
indeed a pizza order and not (as the recipient claims) a house sale?
Jan
--
Paul Fremantle
VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
http://bloglines.com/blog/paulfremantle
[EMAIL PROTECTED]
"Oxygenating the Web Service Platform", www.wso2.com
