RE: Non-Repudiation - A Lower Level? from Champion, Mike on 2002-05-20 (www-ws-arch@w3.org from May 2002)

From: Champion, Mike <Mike.Champion@SoftwareAG-USA.com>
Date: Mon, 20 May 2002 13:30:13 -0600
To: www-ws-arch@w3.org
Message-ID: <9A4FC925410C024792B85198DF1E97E4032B8EA1@usmsg03.sagus.com>

-----Original Message-----
From: Edgar, Gerald [mailto:gerald.edgar@boeing.com]
Sent: Monday, May 20, 2002 1:24 PM
To: 'Krishna Sankar'; www-ws-arch@w3.org; 'Cutler, Roger (RogerCutler)'
Subject: RE: Non-Repudiation - A Lower Level?

Krishna - What Rodger was discussing is more than auditing. There needs to
be a mechanism, not only to track (as in auditing) but to require a process
that has some controls over it to provide the business some assurance that a
request was not made by accident. This would be similar to simply signing a
document. Below a certain dollar amount of transaction, there is no need for
third party overview for non-repudiation.  

This sounds like a web services application.   Perhaps there is a need for
web services standards so that such applications can interoperate.But it's
unclear to me why the web services architecture has a requirement to define
non-repudiation mechanisms at this level.

Received on Monday, 20 May 2002 15:30:46 UTC