Comments on: SOA Security – The Myth of Non-Repudiation

By: Administrator

Administrator — Fri, 16 Apr 2010 00:44:59 +0000

The question is – what’s the legal bar for demonstrating responsibility for the content of the message? In many cases nothing more than a simple log file is necessary. So before using technology we first need to figure out if the use case requires that technology.

By: David Roberts

David Roberts — Thu, 15 Apr 2010 16:44:59 +0000

Thank you for the interesting a helpful discussion. Another interesting case is Health Information Exchange. You may not need to worry about nonrepudiation at the sender/receiver level when using secured channels, however you still need to worry about nonrepudiation of content of the message.

By: Administrator

Administrator — Sat, 23 Sep 2006 22:17:00 +0000

The interesting question is – who needs to authenticate the sender? If company X sends a message to company Y and uses say mutual auth via SSL then when company Y receives the message they can notate that it was received via an authenticated channel and call it a day, even if the message gets bounced around a bunch of places within company Y. From a legal perspective this appears to be more than sufficient (although I freely admit that the case law is thin).

The point isn’t that digital signatures are always unnecessary, it’s just that most of the time most of the use cases for non-repudiation aren’t real.

My personal expectation is that over time as the courts better understand the role of digital signatures it will become expected that they will be used in order to provide ‘reasonable’ security. But there is an educational process that has to happen first and it doesn’t appear to be happening very quickly.

By: Anders Rundgren

Anders Rundgren — Fri, 22 Sep 2006 14:39:03 +0000

I think you are quite right. However, digital signatures have a major function in a SOA context and that is to provide authentication of the sender. Although this can be done in other ways, only digital signatures can pass multiple servers and still authenticate. Data integrity is not too bad either.

By: Gilbert Pilz

Gilbert Pilz — Wed, 09 Nov 2005 21:31:26 +0000

There are others aspects to this as well. Take B2B in the electronics manufacturing sector as an example. The pattern is usually large buyers connecting to small suppliers. The small suppliers are usually dependent on the business of one or two of these large suppliers. If one of these suppliers ever tried to repudiate one of its B2B messages (“I never promised you 5000 parts in Q3!”) the buyer isn’t going to go through the hassle of taking the supplier to court, they’re just going to stop doing business with them. This is more than enough incentive to keep the suppliers honest. For their part the buyers have already pushed the suppliers into the lowest possible profit margins so they have little incentive to play games with them.

Non-repudiation seems like a cool idea but, in this case (and I suspect many others), there are already business structures in place that make the use of non-repudiation services unnecessary. This is not to say that non-repudiation is *never* necessary, but I suspect that the cases where it is needed are relatively few.