Workshop on Capabilities and Policies


The following paragraphs outline the position taken by Cyclone Commerce with respect to some of the issues and topics posed for the upcoming W3C workshop on Capabilities and Policies.

Problem Domain: Business Collaboration Protocols

The specific problem domain of capabilities and constraints for business collaboration protocols includes allowed data types and formats, security and PKI alignment, reliability, transfer protocol and more.

The OASIS ebXML CPPA TC specifies Collaboration Protocol Profile and a Collaboration Protocol Agreement documents. The CPA agreement documents the technical details for two businesses collaborating in specific business processes. Profiles (or equivalently, agreement templates), however, advertize the capabilities and preferences of a business process participant for technical options (either user selectable or optionally implementable features) of collaboration protocols.

It is our position that the features and parameters identified by the CPPA specifications are ones that should at least be captured by the approach taken in a possible W3C working group in this area so that the W3C approach can be applied to the domain of collaboration protocols.

In addition, the CPPA TC has worked under the assumption that the granularity of policy variability and agreement can be on a per participant, per participant role (such as "buyer" or "seller"), per service, or per action (or "operation") basis. It does not require (and, for some features, does not allow) that an agreement can be on a message-by-message basis. The ability to configure on a "channel" basis, so that all messages using a given channel, conform with the given conventions, is an essential requirement for business collaboration with a given "quality of service."

Comment on Proposed Use Case

The workshop description also included the following use case:

A Web service wishes to stipulate that clients are required support a reliable messaging protocol, and encrypt a specific header with WS-Security using a X.509 or user name security token in order to send an acceptable request message. Furthermore, the service has a P3P policy associated with its operations.

It is then asked whether this use case is considered inappropriate, and if such a use case is inappropriate, why it is inappropriate and what should be considered instead.

Such a use case could be part of an agreement template for a collaboration protocol.

Finally, under relationship to existing effort(s), the OASIS ebXML CPPA group has a draft of a business process describing the negotiation patterns for arriving at an agreement on configuration and policies. The negotiation process is describable as an interaction between two web services, or as a simple exchange of messages. It is hoped that the W3C effort could specify equivalent functionality.