James, Thanks for putting this together. I'm looking at the Signature Profile and wondering if it buys us anything that Mutual Authentication (X.509) does not. Can we do away with the HL7-Signature header?
R, rahul On Jul 30, 2012, at 7:20 PM, James Agnew wrote: > Hi Everyone, > > The very first draft of a proposed specification for HL7 over HTTP has been > posted here: http://hl7api.sourceforge.net/hapi-hl7overhttp/specification.html > > The spec as it stands incorporates most of the feedback I received on > Blogspot and on the HAPI mailing list, so it's probably time to start getting > feedback on how that all looks on paper. > > Some areas I'm particularly interested on opinions on: > For the internet protocol crowd: Is it really wise to specify that only the > parts of RFC 2616 which are explicitly referenced in HoH are required to be > supported? My hope is that this leads to an easier to implement spec (since > features like redirect, multipart content, cache-control, etc. are not > relevant to transactional system-to-system messaging). My fear is that we'll > miss something critical (my first attempt skipped the "Host" header, which I > then learned is an absolute must according to HTTP/1.1) > For the security crowd: Is SHA512 with RSA a good signature algorithm for > message non-repudiation? At a glance it seems like it might be too > java-centric. (Would a CMS signature be better? A CMS signed message?) > I've also got a reference implementation started, with the hope that it will > be usable in a wide variety of circumstances (e.g. servlet, standalone > application, drop-in LLP implementation) and even in applications that don't > otherwise use HAPI in order to encourage adoption. More to come on that, but > please get in touch if you would like to get involved. > > Cheers, > James > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ > Hl7api-devel mailing list > Hl7api-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/hl7api-devel
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Hl7api-devel mailing list Hl7api-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hl7api-devel
