Yes -- and the same is true of a SOAP message. Typically, SOAP interchanges are stateless. (And they should be.) Therefore the order request will indicate what's being ordered.
Anne On 2/21/07, Jan Algermissen <[EMAIL PROTECTED]> wrote:
On 21.02.2007, at 12:38, Paul Fremantle wrote: Good answer Steve. I have a question for Jan. When you order the pizza over the phone how do you prove you didn't buy a house? Well, assumed I have a witness for what I said, the uttering of "this is a pizza order, let me have a large magaritha" should sufficiently prove and state my intent - it is self descriptive (which is a property of all business documents, BTW). Jan Paul On 2/21/07, Steve Jones <[EMAIL PROTECTED]> wrote: > > Assuming you are using SAML and WS-Security and have kept a log of the > messages then its fine as this will contain both their authentication and > your own. > > If however you didn't use security and its an open exchange then you are > just going to have fun in the courts. This is one of the key things about > Trust (and one of the reasons that security != HTTPS), before you start a > transaction you need to trust the other party to deliver or trust that you > have recourse if something goes wrong. This plays back to something I asked > at a conference back in 2001 (IIRC) (just after my dad had seen a > presentation on WS and said "so why is ASCII RPC now a good idea?"). The > presenter had outlined the holy trinity of WS including UDDI and talked of a > "business" scenario where you would discover automatically a credit card > clearance company and select the cheapest one and then complete the > transaction. My point then was that this is bollocks as ! if that were true > then I'd set up the world's cheapest credit card clearing company in > somewhere with no extradition treaties and then fleece the world. > > Trust and validity are serious and difficult concepts, its fine for > people to argue about document shifting approach X v Y, but if they don't > provide a framework for Trust and validity on top of that base then its a > pointless argument. > > SAML, WS-Security, WS-Trust and a decent set of audit logs. > > Steve > > > > On 21/02/07, Jan Algermissen < [EMAIL PROTECTED]> wrote: > > > > Hi, > > > > if have SOA-ordered a pizza the other day but yesterday I learned I > > sold my house..... > > > > How do I prove in court that my digitally signed pizza order was > > indeed a pizza order and not (as the recipient claims) a house sale? > > > > Jan > > > > > -- Paul Fremantle VP/Technology, WSO2 and OASIS WS-RX TC Co-chair http://bloglines.com/blog/paulfremantle [EMAIL PROTECTED] "Oxygenating the Web Service Platform", www.wso2.com
