OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Non Repudiation & Confidentiality in Figure 52

Hi Folks,

I dug a little deeper into the Issues of Non Repudiation and 
Confidentiality in Figure 52 Secure Interaction, and I still come down 
on the side of the original version of the diagram where these classes 
are connected between Stakeholder and Participant more than between 
Stakeholder or Participant and Action. My reason is that the definitions 
pertain to parties first and foremost and only to action if that action 
is sending a message. My contention is that the key relationship is 
between parties more than between any party and the action.

I offer the following definitions to support this position. The bold and 
capped words are my additions for emphasis and in Confidentiality the 
term 'PARTIES' in square brackets is added as the antecedent to which 
the word 'those' refers.I don't offer these definitions as the ultimate 
authoritative definitions, simply as appropriate and representative. My 
conclusion follows.

Non Repudiation:

Non-repudiation is the concept of ensuring that *A PARTY* in a dispute 
cannot repudiate, or refute the validity of a *STATEMENT OR CONTRACT*. 
Although this concept can be applied to any* TRANSMISSION*, including 
television and radio, by far the most common application is in the 
verification and trust of signatures.

Regarding digital security, the cryptological meaning and application of 
non-repudiation shifts to mean:[1]

A service that provides proof of the integrity and origin of data.
An authentication that with high assurance can be asserted to be genuine.

Source: Wikipedia: http://en.wikipedia.org/wiki/Non-repudiation


nonrepudiation: In reference to digital security, nonrepudiation means 
to ensure that a* TRANSFERRED MESSAGE* has been sent and received by the 
*PARTIES* claiming to have sent and received the message. Nonrepudiation 
is a way to guarantee that the sender of a message cannot later deny 
having sent the message and that the recipient cannot deny having 
received the message.
nonrepudiation can be obtained through the use of:

digital signatures -- function as a unique identifier for an 
*INDIVIDUAL*, much like a written signature.
confirmation services -- the *MESSAGE* transfer agent can create digital 
receipts to indicated that messages were sent and/or received.
timestamps -- timestamps contain the date and time a document was 
composed and proves that a document existed at a certain time.
Source: Webopedia: http://www.webopedia.com/TERM/N/nonrepudiation.html


Confidentiality has been defined by the International Organization for 
Standardization (ISO) in ISO-17799 as "ensuring that information is 
accessible only to those [(sic)*PARTIES*] authorized to have access" and 
is one of the cornerstones of information security.

My conclusion is that Non Repudiation and Confidentiality must be 
applied between the Stakeholder with Authority to make Policy and the 
Participant who will perform the Action in order for the Action to be 
possible for Secure Interaction.


Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-898-0670

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]