The Future of Web Services Security from sun gave dictionary of security aspects. Here is simplified form of the same:
Term | Protective Goals | Matching Security Technologies |
Confidentiality | Can prying eyes see it? | Key-based digital encryption and decryption. |
Authentication | Are you who you say you are? | Username/password, key-based digital signing and signature verification, challenge-response, biometrics, smart cards, etc. |
Trust | Have I agreed to work with you? | Key-based digital signing and signature verification. |
Non-repudiation | Can you claim that you didn't send or receive it even if you did? | Key-based digital signing and signature verification, message reliability. |
Integrity | Was it altered before I got it? | Message Digest, itself authenticated with a digital signature. |
Authorization | Are you allowed to have it? | Application of policy, access control, digital rights management. |
Auditing | Can I prove what happened? | Various forms of logging, themselves secured to avoid tampering. |
No comments:
Post a Comment