Arvola,
This
is my understanding of the non-repudiation problem.
I am
assuming the general case of n partners in a business
process.
If
n=2, it is incidental.
The
persistent copy of the message (including payloads)
will
be stored as "archives" for a long time. Without these
archives,
nonrepudiation is not possible. Some
specific
issues/comments below.
1.
What is the archival policy?
There are three broad types of
archival policies.
- archived
till a fixed date ("fixed policy")
- archived
relative to today, say for 7 years ("relative")
- always
keep an archive of k backups taken at the end of a predefined
interval.
When the time period elapses, the earliest back up is trashed and a new one is
added
2.
Are there regulations that mandate any of the archival
policy?
Some industries do have such
requirements. I fairly sure banking industry has one.
3.
When there are multiple partners, the CPA, if it has the archival policy,
then
should be same for all the partners
in the business process. However, it is also
possible that the same trading partner may be
involved with multiple business
processes involving different
archival policies.
Needless to say, non-repudiation is a vital
requirement for business.
Comments 2 & 3 above lead me to believe that
non-repudiation requirements (archival
policy, and any other piece of info for processing
the archives) will likely need to be
represented in the CPA, and will likely be
specific to the business process. Hope this helps!
On
the other question of logging, I don't think I quite understand the
question.
I
would say logging is neither below nor above but along side!
Cheers,
-Suresh
Don't non repudiation of origin and non repudiation of
receipt imply that the recipient has to keep a persistent copy of the
message for some rather long period of time (typically of the order of
years)?
Is this duration implicit (i.e., has the same value for
all cases) or should it be represented explicitly in the CPA?
Another related question is whether the logging
functionality to support non repudiation belongs above or below the Message
Service Interface.
-Arvola