OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] WSS: Non-Repudiation Proposal

The word "Trust" has similar problems.  To we technicians it means
(something like) you have an authentic copy of someone's credential.  To the
legal community it means you hold them to an extraordinary standard of
behaviour.  We should either be very clear that we are using the terms in
the technical sense or not use them at all.  All the best.  Tim.

-----Original Message-----
From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com]
Sent: Saturday, April 26, 2003 8:59 AM
To: [wss oasis] (E-mail)
Subject: RE: [wss] WSS: Non-Repudiation Proposal


Experience from the PKIX group has taught me that calling
any specification 'Non Repudiation' is inadvisable. 

I don't care what the content is, I am opposed to any protocol
with that name.

Non-repudiation is a term used in legal circles, it is
also a term in some obscure European legislation that is
an obsession in certain parts of France.

The non repudiation bit in the PKIX specification has been
debated for six years and it is very clear that the subject
is a grade one rathole.

I have been driven to meetings of the ABA together with
Russ Housely, Tim Polk and Denis Pinkas to listen to
interminable debates on the subject with no conclusion.

I really think it is a bad idea to persue any spec that
has that name or contains the term 'non-repudiation' as 
a claim of what it does.

		Phill

> -----Original Message-----
> From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
> Sent: Friday, April 25, 2003 4:06 PM
> To: [wss oasis] (E-mail)
> Subject: RE: [wss] WSS: Non-Repudiation Proposal
> 
> 
> 
> 
> 
> 
> Ahh ... its a marriage between BPEL, WS-ReliableMessaging (not
> WS-Reliability) and WSS SOAP Message Security. This is pretty 
> much laid out
> in the  WS-ReliableMessaging Roadmap, which covers most of 
> the items were
> WS-Reliability fell short :-)
> 
> Anthony Nadalin | work 512.436.9568 | cell 512.289.4122
> 
> 
> |---------+---------------------------->
> |         |           Tim Moses        |
> |         |           <tim.moses@entrus|
> |         |           t.com>           |
> |         |                            |
> |         |           04/25/2003 03:01 |
> |         |           PM               |
> |---------+---------------------------->
>   
> >-------------------------------------------------------------
> --------------------------------------------------------------
> ---------------------|
>   |                                                           
>                                                               
>                        |
>   |       To:       "'Eric Gravengaard'" 
> <eric@reactivity.com>, "[wss oasis] (E-mail)" 
> <wss@lists.oasis-open.org>                                  |
>   |       cc:                                                 
>                                                               
>                        |
>   |       Subject:  RE: [wss] WSS: Non-Repudiation Proposal   
>                                                               
>                        |
>   
> >-------------------------------------------------------------
> --------------------------------------------------------------
> ---------------------|
> 
> 
> 
> 
> Colleagues - Is not the right answer to this problem some marriage of
> WS-Reliability and WS-Security?  All the best.  Tim.
>       -----Original Message-----
>       From: Eric Gravengaard [mailto:eric@reactivity.com]
>       Sent: Friday, April 11, 2003 12:59 PM
>       To: [wss oasis] (E-mail)
>       Subject: [wss] WSS: Non-Repudiation Proposal
> 
>       Reactivity would like to submit this document to the TC for
>       consideration and inclusion in the Web Services Security: SOAP
>       Message Security specification. The Web Services Security:
>       Non-Repudiation proposal (WSNR) defines a standard mechanism for
>       voluntary non-repudiation of receipt.
> 
>       The goal of this proposal is to enable the exchange of 
> SOAP messages
>       in an environment where the SOAP Message sender has 
> cryptographic
>       proof that the SOAP Message responder received the 
> request unaltered.
>       This proposal makes use of the XML Signature 
> specification to provide
>       cryptographic proof of integrity and the WSS:SOAP 
> Message Security
>       Core to allow the transport of both receipt requests 
> and receipts
>       within a <Security> header.
> 
>       This submission is made under the OASIS rules regarding 
> intellectual
>       property rights. Reactivity intends the contents of 
> this document to
>       be available for license royalty free.
> 
>       See attached file: web-services-non-repudiation-05.pdf
> 
> 
>       Eric Gravengaard
>       Reactivity, Inc.
>       Secure XML
>       650-551-7891 (office)
>       eric@reactivity.com
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]