is my understanding of the non-repudiation problem.
assuming the general case of n partners in a business
n=2, it is incidental.
persistent copy of the message (including payloads)
be stored as "archives" for a long time. Without these
nonrepudiation is not possible. Some
What is the archival policy?
There are three broad types of
till a fixed date ("fixed policy")
relative to today, say for 7 years ("relative")
keep an archive of k backups taken at the end of a predefined
When the time period elapses, the earliest back up is trashed and a new one is
Are there regulations that mandate any of the archival
Some industries do have such
requirements. I fairly sure banking industry has one.
When there are multiple partners, the CPA, if it has the archival policy,
should be same for all the partners
in the business process. However, it is also
possible that the same trading partner may be
involved with multiple business
processes involving different
Needless to say, non-repudiation is a vital
requirement for business.
Comments 2 & 3 above lead me to believe that
non-repudiation requirements (archival
policy, and any other piece of info for processing
the archives) will likely need to be
represented in the CPA, and will likely be
specific to the business process. Hope this helps!
the other question of logging, I don't think I quite understand the
would say logging is neither below nor above but along side!
Don't non repudiation of origin and non repudiation of
receipt imply that the recipient has to keep a persistent copy of the
message for some rather long period of time (typically of the order of
Is this duration implicit (i.e., has the same value for
all cases) or should it be represented explicitly in the CPA?
Another related question is whether the logging
functionality to support non repudiation belongs above or below the Message