ebXML CPA validation

A CPA must be validated to make sure it is integer in itself. There are about 3 or 4 levels of validation:

  1. is the ebXML CPA XML schema valid?
  2. is the ebXML CPA in itself consistent.
    • no dangling ID references
    • ThisPartyActionBinding matches OtherPartyActionBinding
    • Matching Transport, DocExchange pairs etc.
  3. does the system support such an ebXML CPA?
    • are the tranport protocols supported?
    • is the transport security protocol and its version supported?
    • are the security algorithms supported?
    • are the private keys of the parties published certificates in the CPA installed in the system?
  4. NEW ... when an ebXML system loads multiple ebXML CPA's so that the individual CPA's do not interfere with each other
    • example:
      • CPA 1 has endpoint: https://host:port/path with trust anchors CERT_1, CERT_2
      • CPA 2 has endpoint: https://host:port/path with trust anchore CERT_5, CERT_6
    • there will be only one HTTPs server serving that one URL and that one HTTPs server will only be able to link to one client Certificate Authority directory holding trusted certificates.

Implementation of ebXML CPA validation

Schematron is an option to validate an ebXML CPA. Previous work showed that a one pass schematron check was not possible so a multi-pass check is the right thing to do.

Beauty about Schematron: It is programming language implementation independent because the Schematron rules are expressed in XML.