Re: AS#2 Transport Protocol/Security

[drummond@xxxxxxxxxx (Rik Drummond)]

At 10:36 AM 9/20/96, Y. John Jiang wrote:
>On Sep 20,  9:58am, Rik Drummond wrote:
>> Subject: Re: AS#2 Transport Protocol/Security
>> At 10:32 AM 9/18/96, Y. John Jiang wrote:
>> >On Sep 18,  8:58am, Rik Drummond wrote:
>> >> Subject: Re: AS#2 Transport Protocol/Security
>> >> I think we are back to requirments again. What are the requirments for two
>> >> WEB servers to exchange EDI in real time?
>> >>
>> >> I would assume we need things like signature, encryptions, non repudiation
>> >> of source WEB server, response-time expectations across all levels of the
>> >> protocol stack. Do we need a secure channel between the two servers, in
>> >> addtion to signature and encryption at the EDI message level?
>> >
>> >No, there is no need.  I believe it is necessary to have a guideline on
>> >in what situation the EDI level security can be left out when
>> >a low level secure channel such as SSL is in place.
>>
>> There is no technical need...I know that because the channel is
>> encrypted...whowever there is a business need. Signatures of the source
>> document (PO) and NRR may be required to show that a legal binding has
>> taken place..This is not always the case...but it will be needed.
>
>We don't have disagreement.  If the EDI message level provides
>all the functionalities as desired, there is no need for the low
>level secure channel.
>

Great!..Thanks....Rik




snip...



------------------------------------------------------
|         Rik Drummond - The Drummond Group          |
|   5008 Brentwood Ct., Ft. Worth, TX 76132   USA    |
|      Voice: 817 294 7339    Fax: 817 294 7950      |
------------------------------------------------------