D-AR006.6 reads: The security framework must include Non-repudiation between transacting parties. This one hasn't been discussed much lately (much of the discussion around NR was focused on the authentication of data D-AR006.2.2) but it occured to me that maybe by relocating this item to the business goals (D-AC017) section, that we might be able to come to closure on this. My understanding of NR is that it is a business function, not a security function. NR may leverage security mechanisms, but it isn't part of a security framework (again, IMO). Clearly, NR places specific requirements on the technologies, policies and processes that enable it. I would propose that we relocate D-AR006.6 under D-AC017 and rephrase it something like: "The Web Services Architecture must support(enable?) non-repudiation of both origin and receipt between transacting parties" Comments? Cheers, ChrisReceived on Thursday, 6 June 2002 10:07:38 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:00 GMT