W3C home > Mailing lists > Public > www-ws-arch@w3.org > June 2002

D-AR006.6 proposal

From: Christopher Ferris <chris.ferris@sun.com>
Date: Thu, 06 Jun 2002 10:04:27 -0400
Message-ID: <3CFF6BEB.6060808@sun.com>
To: wsawg public <www-ws-arch@w3.org>

D-AR006.6 reads:
	The security framework must include Non-repudiation
	between transacting parties.

This one hasn't been discussed much lately (much of the
discussion around NR was focused on the authentication of
data D-AR006.2.2) but it occured to me that maybe by relocating
this item to the business goals (D-AC017) section, that
we might be able to come to closure on this.

My understanding of NR is that it is a business function, not a
security function. NR may leverage security mechanisms, but it isn't
part of a security framework (again, IMO). Clearly, NR places
specific requirements on the technologies, policies and processes
that enable it.

I would propose that we relocate D-AR006.6 under D-AC017
and rephrase it something like:

	"The Web Services Architecture must support(enable?) non-repudiation
	of both origin and receipt between transacting parties"

Comments?

Cheers,

Chris
Received on Thursday, 6 June 2002 10:07:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:00 GMT