[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Non Repudiation & Confidentiality in Figure 52
Hi Folks, I dug a little deeper into the Issues of Non Repudiation and Confidentiality in Figure 52 Secure Interaction, and I still come down on the side of the original version of the diagram where these classes are connected between Stakeholder and Participant more than between Stakeholder or Participant and Action. My reason is that the definitions pertain to parties first and foremost and only to action if that action is sending a message. My contention is that the key relationship is between parties more than between any party and the action. I offer the following definitions to support this position. The bold and capped words are my additions for emphasis and in Confidentiality the term 'PARTIES' in square brackets is added as the antecedent to which the word 'those' refers.I don't offer these definitions as the ultimate authoritative definitions, simply as appropriate and representative. My conclusion follows. ------------------------------------------------------------------------ Non Repudiation: Non-repudiation is the concept of ensuring that *A PARTY* in a dispute cannot repudiate, or refute the validity of a *STATEMENT OR CONTRACT*. Although this concept can be applied to any* TRANSMISSION*, including television and radio, by far the most common application is in the verification and trust of signatures. Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean:[1] A service that provides proof of the integrity and origin of data. An authentication that with high assurance can be asserted to be genuine. Source: Wikipedia: http://en.wikipedia.org/wiki/Non-repudiation Nonrepudiation: nonrepudiation: In reference to digital security, nonrepudiation means to ensure that a* TRANSFERRED MESSAGE* has been sent and received by the *PARTIES* claiming to have sent and received the message. Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. nonrepudiation can be obtained through the use of: digital signatures -- function as a unique identifier for an *INDIVIDUAL*, much like a written signature. confirmation services -- the *MESSAGE* transfer agent can create digital receipts to indicated that messages were sent and/or received. timestamps -- timestamps contain the date and time a document was composed and proves that a document existed at a certain time. Source: Webopedia: http://www.webopedia.com/TERM/N/nonrepudiation.html Confidentiality Confidentiality has been defined by the International Organization for Standardization (ISO) in ISO-17799 as "ensuring that information is accessible only to those [(sic)*PARTIES*] authorized to have access" and is one of the cornerstones of information security. ------------------------------------------------------------------------ My conclusion is that Non Repudiation and Confidentiality must be applied between the Stakeholder with Authority to make Policy and the Participant who will perform the Action in order for the Action to be possible for Secure Interaction. Cheers, Rex. -- Rex Brooks President, CEO Starbourne Communications Design GeoAddress: 1361-A Addison Berkeley, CA 94702 Tel: 510-898-0670
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]