[rus-wg] RUS Specification - non-repudiation
Steven Newhouse
sjn5 at doc.ic.ac.uk
Fri Apr 8 07:26:05 CDT 2005
> If the submission comes over a connection secured by the
> client certificate, the recipient knows who made the submission,
> but still lacks evidence to _prove_ that the recipient made
> the submission.
Would this be resolved if we stored the original signed message that
came in from the client. This would _requure_ that the client signed the
message.
This would leave are options to be...
1. Lower/remove the requirement for non-repudiation. From what I've
heard this would not satisfy the current deployment requirements.
2. Require that the message is signed by the client before sending to
the RUS. Would need to mandate (minimally) the message signing component
from WS-Security.
> By the way, the policy of some CA's, including the UK
> e-Science CA, does not support the use of its certificates
> for non-repudiation.
I'd suggest we need to draw the line round what we can or can't
consider... this would be outside...?
Steven
--
----------------------------------------------------------------
Dr Steven Newhouse Tel:+44 (0)2380 598789
Deputy Director, Open Middleware Infrastructure Institute (OMII)
Suite 6005, Faraday Building (B21), Highfield Campus,
Southampton University, Highfield, Southampton, SO17 1BJ, UK
More information about the rus-wg
mailing list