Electronic Commerce Modeling Language (ECML) Version 2 Specification
draft-ietf-trade-ecml2-spec-13
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
13 | (System) | post-migration administrative database adjustment to the Yes position for Scott Hollenbeck |
2012-08-22
|
13 | (System) | post-migration administrative database adjustment to the No Objection position for Ted Hardie |
2012-08-22
|
13 | (System) | post-migration administrative database adjustment to the No Objection position for Russ Housley |
2004-12-07
|
13 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2004-12-06
|
13 | Amy Vezza | IESG state changed to Approved-announcement sent |
2004-12-06
|
13 | Amy Vezza | IESG has approved the document |
2004-12-06
|
13 | Amy Vezza | Closed "Approve" ballot |
2004-12-06
|
13 | Scott Hollenbeck | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Scott Hollenbeck |
2004-11-17
|
13 | Scott Hollenbeck | [Ballot Position Update] Position for Scott Hollenbeck has been changed to Yes from Discuss by Scott Hollenbeck |
2004-10-25
|
13 | (System) | New version available: draft-ietf-trade-ecml2-spec-13.txt |
2004-10-19
|
12 | (System) | New version available: draft-ietf-trade-ecml2-spec-12.txt |
2004-10-19
|
13 | Steven Bellovin | [Ballot discuss] For certificates, what forms of URL are acceptable? All? Is this a pointer to a certificate chain? What format is the certificate in? … [Ballot discuss] For certificates, what forms of URL are acceptable? All? Is this a pointer to a certificate chain? What format is the certificate in? Users don't necessarily use passwords just because they have pre-established accounts. Nor does a certificate necessarily suffice if there's no prior account setup. |
2004-10-12
|
13 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Discuss by Ted Hardie |
2004-10-12
|
13 | Scott Hollenbeck | [Ballot discuss] Multiple XML Schema errors need to be fixed. |
2004-10-12
|
13 | Scott Hollenbeck | [Ballot Position Update] New position, Discuss, has been recorded for Scott Hollenbeck by Scott Hollenbeck |
2004-10-11
|
13 | Russ Housley | [Ballot comment] A better reference for CMS is RFC 3852. |
2004-10-11
|
13 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley |
2004-10-11
|
13 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2004-10-11
|
11 | (System) | New version available: draft-ietf-trade-ecml2-spec-11.txt |
2004-06-09
|
13 | Scott Hollenbeck | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Scott Hollenbeck |
2004-06-09
|
13 | Scott Hollenbeck | Still waiting for -11 with schema included. |
2004-06-09
|
10 | (System) | New version available: draft-ietf-trade-ecml2-spec-10.txt |
2004-06-07
|
13 | Scott Hollenbeck | State Changes to IESG Evaluation::AD Followup from IESG Evaluation::Revised ID Needed by Scott Hollenbeck |
2004-06-07
|
13 | Scott Hollenbeck | Note field has been cleared by Scott Hollenbeck |
2004-04-29
|
09 | (System) | New version available: draft-ietf-trade-ecml2-spec-09.txt |
2004-03-10
|
13 | Scott Hollenbeck | Shepherding AD has been changed to Scott Hollenbeck from Ned Freed |
2003-12-04
|
13 | Amy Vezza | Removed from agenda for telechat - 2003-12-04 by Amy Vezza |
2003-12-04
|
13 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for by Amy Vezza |
2003-12-04
|
13 | Ned Freed | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::Revised ID Needed by Ned Freed |
2003-12-04
|
13 | Ned Freed | Lots of changes are likely to be needed to address IESG concerns, so this document needs fairly comprehensive re-review once it is updated. |
2003-12-04
|
13 | Ned Freed | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::Revised ID Needed by Ned Freed |
2003-12-04
|
13 | Ned Freed | Lots of changes are likely to be needed to address IESG concerns, so this document needs fairly comprehensive re-review once it is updated. |
2003-12-04
|
13 | Ned Freed | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Ned Freed |
2003-12-04
|
13 | Ned Freed | [Note]: 'Lots of changes are likely to be needed to address IESG concerns, so this document needs fairly comprehensive re-review once it is updated.' added … [Note]: 'Lots of changes are likely to be needed to address IESG concerns, so this document needs fairly comprehensive re-review once it is updated.' added by Ned Freed |
2003-12-04
|
13 | Ned Freed | Lots of changes are likely to be needed to address IESG concerns, so this document needs fairly comprehensive re-review once it is updated. |
2003-12-04
|
13 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for by Bert Wijnen |
2003-12-04
|
13 | Thomas Narten | [Ballot Position Update] New position, No Objection, has been recorded for by Thomas Narten |
2003-12-04
|
13 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for by Bill Fenner |
2003-12-04
|
13 | Margaret Cullen | [Ballot Position Update] New position, No Objection, has been recorded for by Margaret Wasserman |
2003-12-04
|
13 | Jon Peterson | [Ballot Position Update] Position for Jon Peterson has been changed to No Objection from Undefined by Jon Peterson |
2003-12-04
|
13 | Jon Peterson | [Ballot comment] I think I understand the "Important Note" at the beginning of 2.1.1 - the minimum size values given in the field list are … [Ballot comment] I think I understand the "Important Note" at the beginning of 2.1.1 - the minimum size values given in the field list are recommendations for the smallest length of the text input buffer for field values that implementers could safely present to users of these forms (i.e. if the buffer were shorter, users would almost certainly want to provide values that exceeded the buffer). However, it took me several readings to arrive at this conclusion, and the text itself could be a lot clearer. 2.1.2, footnote 8: The international access code in the NANP is not "1", it is "011". "1" is the direct distance dialing prefix. And yes, as Steve notes, we have large documents in the IETF (RFC2806 and its bis) that describe the proper representation of telephone numbers. Finally, along the lines of Russ's Discuss, I'm really surprised that channel security is touted in the Sec Cons rather than object security. For a payment token, I'd think that non-repudiation would be a valuable security property. While non-repudiation is mentioned in the document, it is attributed to an alphabet soup of presumably complementary technologies without any specific indication of where one should turn if this property is desired. |
2003-12-04
|
13 | Jon Peterson | [Ballot Position Update] New position, Undefined, has been recorded for by Jon Peterson |
2003-12-02
|
13 | Steven Bellovin | [Ballot discuss] There are standards for representing telephone numbers. These should be cited.... For certificates, what forms of URL are acceptable? All? Is this a … [Ballot discuss] There are standards for representing telephone numbers. These should be cited.... For certificates, what forms of URL are acceptable? All? Is this a pointer to a certificate chain? What format is the certificate in? Users don't necessarily use passwords just because they have pre-established accounts. Nor does a certificate necessarily suffice if there's no prior account setup. |
2003-12-02
|
13 | Steven Bellovin | [Ballot Position Update] New position, Discuss, has been recorded for by Steve Bellovin |
2003-12-02
|
13 | Ted Hardie | [Ballot discuss] In section 2.2, there is a note giving the ECMA Schema version as: (20) URI [RFC 2396]] indicating version of … [Ballot discuss] In section 2.2, there is a note giving the ECMA Schema version as: (20) URI [RFC 2396]] indicating version of this set of fields. Usually a hidden field. Equal to "http://ecml.trade.wg.ietf.arpa/version/2.0" for this version. This looks like dereferencable URI, but there is no ietf.arpa in the current DNS, and I know of no plans for one. I'd suggest using one of the IANA registries like RFC 3553 params (the params namespace registry is present, but unpopulated, see: http://www.iana.org/assignments/params) That same section says: (26) A URL that can be invoked to inquire about the transaction. This is usually a hidden field. and (35) Uniform Resource Locator [RFC 2396]. (referring to: user certificate Ecom_User_Certificate_URL 128 (35)) Any limits to the URL schema allowed? Is this mailto: style, or http: style in terms of what "inquire about" means? Lastly, this pair: user data gender Ecom_UserData_Gender 1 (36) and its list: (36) A single capital letter, M=male, F=Female, N=Neuter, H=Hermaphrodite, U=Unknown. sets off every alarm bell in my California-saturated head. If this list is derived from somewhere else and a reference can be given, fine. But having the IETF decide that these 5 were the listable genders seems like a reeeeaaallly bad idea. Punting this to someone else's lawyers if at all possible would make me breathe easier. |
2003-12-02
|
13 | Ted Hardie | [Ballot discuss] In section 2.2, there is a note giving the ECMA Schema version as: (20) URI [RFC 2396]] indicating version of … [Ballot discuss] In section 2.2, there is a note giving the ECMA Schema version as: (20) URI [RFC 2396]] indicating version of this set of fields. Usually a hidden field. Equal to "http://ecml.trade.wg.ietf.arpa/version/2.0" for this version. This looks like dereferencable URI, but there is no ietf.arpa in the current DNS, and I know of no plans for one. I'd suggest using one of the IANA registries like RFC 3553 params (the params namespace registry is present, but unpopulated, see: http://www.iana.org/assignments/params) That same section says: (26) A URL that can be invoked to inquire about the transaction. This is usually a hidden field. and (35) Uniform Resource Locator [RFC 2396]. (referring to: user certificate Ecom_User_Certificate_URL 128 (35)) Any limits to the URL schema allowed? Is this mailto: style, or http: style in terms of what "inquire about" means? Lastly, this pair: user data gender Ecom_UserData_Gender 1 (36) and its list: (36) A single capital letter, M=male, F=Female, N=Neuter, H=Hermaphrodite, U=Unknown. sets off every alarm bell in my California-saturated head. If this is list is derived from somewhere else and a reference can be given, fine. But having the IETF decide that these 5 were the listable genders seems like a reeeeaaallly bad idea. Punting this to someone else's lawyers if at all possible would make me breathe easier. |
2003-12-02
|
13 | Ted Hardie | [Ballot discuss] Frankly, I have general problems with the scope of this work; it seems to need a much tighter applicability statement (given that they … [Ballot discuss] Frankly, I have general problems with the scope of this work; it seems to need a much tighter applicability statement (given that they are defining a "Voucher Component and VTS-API specifications" but not a standard protocol). I also think this needs a good bit more review by folks who might have to use it, as a lot of seems to be based on assumptions that might or might not hold true generally. A good example of this is in the "Conditions" processing (sections 4 & 6.10). The initial description of the Conditions in section 4 says: Condition Component Provides any other applicable restrictions. This is intended to cover contracts between the issuer and holder of the voucher in natural language form. "Natural language form" implied to me "free text" as opposed to "structured text", but the description in 6.10 says: The element may contain any element used to specify any other restrictions or conditions applied that limit the use of the voucher. The sub-elements contained in this element are depending on the application of the voucher and are left to the other domain-specific specifications. Domain-specific elements can be extended as sub-elements using [XML-ns]. That seems to imply that can be structured in certain contexts, but that the structure there might relate only to the context, which leaves it a bit up in the air as to whether someone getting a voucher needs to preserve markup here. The last line related to is: If the element is omitted, it will be generally interpreted that there are no other restrictions or conditions on using the voucher. If the structure of this is application dependent, the interpretation of this pretty much has to be as well. There is no way to prevent someone from saying "in my application, no conditions will mean there are no conditions under which you can use this". If this is retained, it seems like it has to be given as deployment advice, rather than a default configuration. |
2003-12-02
|
13 | Ted Hardie | [Ballot Position Update] New position, Discuss, has been recorded for by Ted Hardie |
2003-12-01
|
13 | Ned Freed | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Ned Freed |
2003-12-01
|
13 | Ned Freed | [Note]: 'Four week last call requested' has been cleared by Ned Freed |
2003-12-01
|
13 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2003-12-01
|
13 | Russ Housley | [Ballot discuss] The first paragraph of the security considerations says: The information called for by many of these fields is sensitive and should … [Ballot discuss] The first paragraph of the security considerations says: The information called for by many of these fields is sensitive and should be secured if being sent over the public Internet or through other channels where it can be observed. Mechanisms for such protection are not specified herein but channel encryption such as TLS [RFC 2246] or IPSec [RFC 2411] would be appropriate in many cases. This discussion should be expanded to cover integrity and authentication. The specification includes support for digital signatures, and this feature should be highlighted here. Also, is there any reason that an application-layer encryption is not appropriate, such as XMLENC or CMS? |
2003-12-01
|
13 | Russ Housley | [Ballot Position Update] New position, Discuss, has been recorded for by Russ Housley |
2003-11-25
|
13 | Ned Freed | Placed on agenda for telechat - 2003-12-04 by Ned Freed |
2003-11-25
|
13 | Ned Freed | [Ballot Position Update] New position, Yes, has been recorded for Ned Freed |
2003-11-25
|
13 | Ned Freed | Ballot has been issued by Ned Freed |
2003-11-25
|
13 | Ned Freed | Created "Approve" ballot |
2003-11-25
|
13 | (System) | Ballot writeup text was added |
2003-11-25
|
13 | (System) | Last call text was added |
2003-11-25
|
13 | (System) | Ballot approval text was added |
2003-11-03
|
13 | Amy Vezza | Last call sent |
2003-11-03
|
13 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2003-11-03
|
13 | Ned Freed | State Changes to Last Call Requested from Publication Requested by Ned Freed |
2003-11-03
|
13 | Ned Freed | [Note]: 'Four week last call requested' added by Ned Freed |
2003-04-30
|
13 | Ned Freed | Shepherding AD has been changed to Freed, Ned from Faltstrom, Patrik |
2003-02-06
|
13 | Patrik Fältström | Request arrived from Donald. |
2003-02-06
|
13 | Patrik Fältström | Draft Added by Faltstrom, Patrik |
2003-01-29
|
08 | (System) | New version available: draft-ietf-trade-ecml2-spec-08.txt |
2003-01-17
|
07 | (System) | New version available: draft-ietf-trade-ecml2-spec-07.txt |
2002-11-26
|
06 | (System) | New version available: draft-ietf-trade-ecml2-spec-06.txt |
2002-11-06
|
05 | (System) | New version available: draft-ietf-trade-ecml2-spec-05.txt |
2002-07-24
|
04 | (System) | New version available: draft-ietf-trade-ecml2-spec-04.txt |
2002-04-30
|
03 | (System) | New version available: draft-ietf-trade-ecml2-spec-03.txt |
2001-10-18
|
02 | (System) | New version available: draft-ietf-trade-ecml2-spec-02.txt |
2001-07-09
|
01 | (System) | New version available: draft-ietf-trade-ecml2-spec-01.txt |
2001-02-26
|
00 | (System) | New version available: draft-ietf-trade-ecml2-spec-00.txt |