[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] Non Repudiation & Confidentiality in Figure 52
Thanks Danny, I appreciate your position, and I'm not about to delay progress further just because I respectfully disagree. I will accept the decision in favor of action if that's the consensus. Cheers, Rex Thornton, Danny R (IS) wrote: > Here are the descriptions from the RA for Confidentiality and > Non-repudiation: > > Confidentiality > > Confidentiality concerns the protection of privacy of participants in > their interactions. > Confidentiality refers to the assurance that unauthorized entities are > not able to read messages or > parts of messages that are transmitted. > Note that confidentiality has degrees: in a completely confidential > exchange, third parties would > not even be aware that a confidential exchange has occurred. In a > partially confidential exchange, > the identities of the participants may be known but the content of the > exchange obscured. > > Non-repudiation > > Non-repudiation concerns the accountability of participants. To foster > trust in the performance of > a system used to conduct shared activities it is important that the > participants are not able to later > deny their actions: to repudiate them. Non-repudiation refers to the > means by which a participant > may not, at a later time, successfully deny having participated in the > interaction or having > performed the actions as reported by other participants. > > > Granted, if non-repudation is being called into question it will be > because some party disputes another party's actions. I would not use "a > Party" in the security section though since the section defines > principles for the underlying SOA mechanisms that provide secure > interactions and the defintions and descriptions are currently related > to Section 3 Figure 4, "Actors, Participants, and Delegates". The > underlying SOA mechanisms are providing confidentiality and > non-repudation for actions which is why I think that is a more > appropriate association for the RA. > > Danny > > -----Original Message----- > From: Rex Brooks [mailto:rexb@starbourne.com] > Sent: Friday, July 31, 2009 7:05 AM > To: soa-rm-ra@lists.oasis-open.org RA > Subject: [soa-rm-ra] Non Repudiation & Confidentiality in Figure 52 > > Hi Folks, > > I dug a little deeper into the Issues of Non Repudiation and > Confidentiality in Figure 52 Secure Interaction, and I still come down > on the side of the original version of the diagram where these classes > are connected between Stakeholder and Participant more than between > Stakeholder or Participant and Action. My reason is that the definitions > pertain to parties first and foremost and only to action if that action > is sending a message. My contention is that the key relationship is > between parties more than between any party and the action. > > I offer the following definitions to support this position. The bold and > capped words are my additions for emphasis and in Confidentiality the > term 'PARTIES' in square brackets is added as the antecedent to which > the word 'those' refers.I don't offer these definitions as the ultimate > authoritative definitions, simply as appropriate and representative. My > conclusion follows. > ------------------------------------------------------------------------ > > Non Repudiation: > > Non-repudiation is the concept of ensuring that *A PARTY* in a dispute > cannot repudiate, or refute the validity of a *STATEMENT OR CONTRACT*. > Although this concept can be applied to any* TRANSMISSION*, including > television and radio, by far the most common application is in the > verification and trust of signatures. > > Regarding digital security, the cryptological meaning and application of > non-repudiation shifts to mean:[1] > > A service that provides proof of the integrity and origin of data. > An authentication that with high assurance can be asserted to be > genuine. > > Source: Wikipedia: http://en.wikipedia.org/wiki/Non-repudiation > > Nonrepudiation: > > nonrepudiation: In reference to digital security, nonrepudiation means > to ensure that a* TRANSFERRED MESSAGE* has been sent and received by the > *PARTIES* claiming to have sent and received the message. Nonrepudiation > is a way to guarantee that the sender of a message cannot later deny > having sent the message and that the recipient cannot deny having > received the message. > nonrepudiation can be obtained through the use of: > > digital signatures -- function as a unique identifier for an > *INDIVIDUAL*, much like a written signature. > confirmation services -- the *MESSAGE* transfer agent can create digital > receipts to indicated that messages were sent and/or received. > timestamps -- timestamps contain the date and time a document was > composed and proves that a document existed at a certain time. > > Source: Webopedia: http://www.webopedia.com/TERM/N/nonrepudiation.html > > Confidentiality > > Confidentiality has been defined by the International Organization for > Standardization (ISO) in ISO-17799 as "ensuring that information is > accessible only to those [(sic)*PARTIES*] authorized to have access" and > is one of the cornerstones of information security. > ------------------------------------------------------------------------ > > My conclusion is that Non Repudiation and Confidentiality must be > applied between the Stakeholder with Authority to make Policy and the > Participant who will perform the Action in order for the Action to be > possible for Secure Interaction. > > Cheers, > Rex. > > -- > Rex Brooks > President, CEO > Starbourne Communications Design > GeoAddress: 1361-A Addison > Berkeley, CA 94702 > Tel: 510-898-0670 > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > > -- Rex Brooks President, CEO Starbourne Communications Design GeoAddress: 1361-A Addison Berkeley, CA 94702 Tel: 510-898-0670
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]