[rus-wg] RUS Specification - non-repudiation
Sven van den Berghe
Sven.vandenBerghe at uk.fujitsu.com
Thu Apr 7 11:10:15 CDT 2005
Steven,
"Steven Newhouse" <sjn5 at doc.ic.ac.uk> wrote:
>>>> Would it be better to store a digitally signed request?
>
>> I don't think that's what Sven meant.
>
> Each usage record from a resource when stored in the RUS is wrapped in a
> RUSUsageRecord element. Within that element is a RecordHistory element
> which has a StoredBy element which records the DN of the entity
> providing the record - either through https, WS-Security or some other
> unspecified process.
>
>> but this signature is not stored with the message, which I
>> believe is the thing Sven was driving at.
>
> It is stored with the contributed record.
This is what I think is needed, but I cannot see where it is mentioned in
the document.
Also the security section says:
" The data stored in the RUS must also be nonrepudiatable. This can be
achieved by ensuring message integrity between RUS client and RUS, and by
maintaining an audit trail of each write operation on the RUS, where the
identity of the entity performing the write operation and the date and time
of the operation is recorded. "
Which implies that just identity and date an time are sufficient.
>
>> No, I don't think the spec should say things like "you must use
>> WS-Security".
>
> OK. I think we agree on this...
Yes - but non-repudiation does imply that the client must sign the request
and you therefore need to get it from the client somehow.
Sven
--
Sven van den Berghe
Fujitsu Laboratories of Europe
+44 208 606 4651
More information about the rus-wg
mailing list