[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Non Repudiation & Confidentiality in Figure 52
Hi Folks,
I dug a little deeper into the Issues of Non Repudiation and
Confidentiality in Figure 52 Secure Interaction, and I still come down
on the side of the original version of the diagram where these classes
are connected between Stakeholder and Participant more than between
Stakeholder or Participant and Action. My reason is that the definitions
pertain to parties first and foremost and only to action if that action
is sending a message. My contention is that the key relationship is
between parties more than between any party and the action.
I offer the following definitions to support this position. The bold and
capped words are my additions for emphasis and in Confidentiality the
term 'PARTIES' in square brackets is added as the antecedent to which
the word 'those' refers.I don't offer these definitions as the ultimate
authoritative definitions, simply as appropriate and representative. My
conclusion follows.
------------------------------------------------------------------------
Non Repudiation:
Non-repudiation is the concept of ensuring that *A PARTY* in a dispute
cannot repudiate, or refute the validity of a *STATEMENT OR CONTRACT*.
Although this concept can be applied to any* TRANSMISSION*, including
television and radio, by far the most common application is in the
verification and trust of signatures.
Regarding digital security, the cryptological meaning and application of
non-repudiation shifts to mean:[1]
A service that provides proof of the integrity and origin of data.
An authentication that with high assurance can be asserted to be genuine.
Source: Wikipedia: http://en.wikipedia.org/wiki/Non-repudiation
Nonrepudiation:
nonrepudiation: In reference to digital security, nonrepudiation means
to ensure that a* TRANSFERRED MESSAGE* has been sent and received by the
*PARTIES* claiming to have sent and received the message. Nonrepudiation
is a way to guarantee that the sender of a message cannot later deny
having sent the message and that the recipient cannot deny having
received the message.
nonrepudiation can be obtained through the use of:
digital signatures -- function as a unique identifier for an
*INDIVIDUAL*, much like a written signature.
confirmation services -- the *MESSAGE* transfer agent can create digital
receipts to indicated that messages were sent and/or received.
timestamps -- timestamps contain the date and time a document was
composed and proves that a document existed at a certain time.
Source: Webopedia: http://www.webopedia.com/TERM/N/nonrepudiation.html
Confidentiality
Confidentiality has been defined by the International Organization for
Standardization (ISO) in ISO-17799 as "ensuring that information is
accessible only to those [(sic)*PARTIES*] authorized to have access" and
is one of the cornerstones of information security.
------------------------------------------------------------------------
My conclusion is that Non Repudiation and Confidentiality must be
applied between the Stakeholder with Authority to make Policy and the
Participant who will perform the Action in order for the Action to be
possible for Secure Interaction.
Cheers,
Rex.
--
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-898-0670
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]