W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

RE: Non-Repudiation - A Lower Level?

From: Cutler, Roger (RogerCutler) <RogerCutler@chevrontexaco.com>
Date: Mon, 20 May 2002 15:15:40 -0700
Message-ID: <7FCB5A9F010AAE419A79A54B44F3718E2EADCA@bocnte2k3.boc.chevrontexaco.net>
To: "'Champion, Mike'" <Mike.Champion@SoftwareAG-USA.com>, www-ws-arch@w3.org
If there is a need for web services standards for non-repudiation (in the
looser sense in which I am using the term) or auditing (perhaps in a
stricter sense than the term is often used?) so that such applications can
interoperate, then shouldn't that be part of the web services architecture
we define?
In the context of the usage case I have been working on, I think this
capability needs to be part of the infrastructure so that SmallCo can get it
as part of a shareware "business functions" web services package it
downloads, as opposed to being part of the industry-specific business
transaction protocols involved with the payload.  The web service
"infrastructure package" should do it, not whatever is implementing the
business functions, since in some cases the business functions are
implemented by hand.
Put another way, we would like a web services business implementation from
vendor A to implement the function in the same as as one from vendor B not
only so we can easily handle communications between a company that uses A
and one that uses B, but also so we can within one company get rid of A and
plug in B without changing how this works.  Given this as desirable, should
it not be part of the architecture?
I'm sorry, I know I'm not expressing this very well ...
-----Original Message-----
From: Champion, Mike [mailto:Mike.Champion@SoftwareAG-USA.com] 
Sent: Monday, May 20, 2002 2:30 PM
To: www-ws-arch@w3.org
Subject: RE: Non-Repudiation - A Lower Level?


-----Original Message-----
From: Edgar, Gerald [mailto:gerald.edgar@boeing.com]
Sent: Monday, May 20, 2002 1:24 PM
To: 'Krishna Sankar'; www-ws-arch@w3.org; 'Cutler, Roger (RogerCutler)'
Subject: RE: Non-Repudiation - A Lower Level?

Krishna - What Rodger was discussing is more than auditing. There needs to
be a mechanism, not only to track (as in auditing) but to require a process
that has some controls over it to provide the business some assurance that a
request was not made by accident. This would be similar to simply signing a
document. Below a certain dollar amount of transaction, there is no need for
third party overview for non-repudiation.  

This sounds like a web services application.   Perhaps there is a need for
web services standards so that such applications can interoperate.But it's
unclear to me why the web services architecture has a requirement to define
non-repudiation mechanisms at this level.
Received on Monday, 20 May 2002 18:16:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:56 UTC