W3C home > Mailing lists > Public > public-ws-chor@w3.org > November 2003

Security requirements

From: Fletcher, Tony <Tony.Fletcher@choreology.com>
Date: Wed, 19 Nov 2003 21:14:17 -0000
Message-ID: <221369570DEDF346AE42821041345E893A97E9@exchange1.corp.choreology.com>
To: <public-ws-chor@w3.org>
Dear Colleagues,
On the teleconference last night I kind of agreed to kick the ball into
play on drafting some security requirements.  So here goes.
It seems to me that the CDL can be declarative with regard to security.
In other words it should support notation for flagging that certain
security requirements have to be met at this point but can then rely on
the 'stack' below the Choreography language layer to 'make it so'.
It should be possible to flag that a certain policy applies from this
point in the choreography until the choreography ends or another flag is
Should be able to refer out to standard policy sets or state specific
requirements explicitly.  These should include ability to require:
authentication of the partner and or the message content source
that a secure audit log is made
that a message is protected from change (integrity)
that the contents of a message are hidden (confidentiality)
that the sending of a message is non-repudiable
that the receipt of a message is non-repudiable
that the message or message exchange is protected against replay
that the time of sending of a message is recorded
that the time of receiving of a message is recorded
that a time (/date) stamp is attached to a message when sent.
I am sure I have missed various things, but I hope that will encourage
others to add / correct / rephrase.

Best Regards,



Tony Fletcher

Technical Advisor 
Choreology Ltd.
68, Lombard Street, London EC3V 9L J   UK


+44 (0) 870 7390076


+44 (0) 7801 948219


+44 (0) 870 7390077


 <http://www.choreology.com/> www.choreology.com


Business transaction management software for application coordination

Work: tony.fletcher@choreology.com 

Home: amfletcher@iee.org

(image/gif attachment: image002.gif)

Received on Wednesday, 19 November 2003 16:18:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:01:02 UTC