- From: Christopher Ferris <chris.ferris@sun.com>
- Date: Thu, 06 Jun 2002 10:04:27 -0400
- To: wsawg public <www-ws-arch@w3.org>
D-AR006.6 reads: The security framework must include Non-repudiation between transacting parties. This one hasn't been discussed much lately (much of the discussion around NR was focused on the authentication of data D-AR006.2.2) but it occured to me that maybe by relocating this item to the business goals (D-AC017) section, that we might be able to come to closure on this. My understanding of NR is that it is a business function, not a security function. NR may leverage security mechanisms, but it isn't part of a security framework (again, IMO). Clearly, NR places specific requirements on the technologies, policies and processes that enable it. I would propose that we relocate D-AR006.6 under D-AC017 and rephrase it something like: "The Web Services Architecture must support(enable?) non-repudiation of both origin and receipt between transacting parties" Comments? Cheers, Chris
Received on Thursday, 6 June 2002 10:07:38 UTC