[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: ebXML Requirements
> Mike Rawlins wrote: > > > > > > * In X12/EDIFACT, the facilities for signing/encrypting > documents are > > > quite extensive (e.g., signature over signature), whereas existing > work with > > > XML/EDI has only supported communication layer signatures/encryption. > From > > > a business/legal viewpoint, what are the security/privacy > requirements? > > > The expedient thing to do would be to accept > the > > > communications level solution for now, but is it adequate for now? > > > > MCR: That's a very good point. I think it appropriate for us to list > as > > non-functional requirements all of the classic aspects of security such > as > > non-repudiation in various flavors, confidentiality, authentication, > etc. both > > in regard to communications as well as static documents where > appropriate. > > <DUANE> The industry standard RSA encryption techniques that are > available to http bound messages should be good enough to satisfy for now. > Can you please explain where you envision static documents fitting into > the architecture that need to be encrypted? > </DUANE> [MILR] There are often strong business reasons for applying electronic signatures within an application environment (that is, before the data is enveloped for transport) One such example would be a work-flow system, in which document content dictates work flow, including flow to acquire approval signatures. Encryption is most effective when applied as close as possible to source and destination. Enveloping and data transport may be relegated to an in-house server, and it may be a necessity to secure sensitve data before export to the server for transport. [MILR] snip ...
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC