Thursday, March 20, 2003

Security: A Security Shorthand from SUN

The Future of Web Services Security from sun gave dictionary of security aspects. Here is simplified form of the same:

TermProtective GoalsMatching Security Technologies
ConfidentialityCan prying eyes see it?Key-based digital encryption and decryption.
AuthenticationAre you who you say you are?Username/password, key-based digital signing and signature verification, challenge-response, biometrics, smart cards, etc.
TrustHave I agreed to work with you?Key-based digital signing and signature verification.
Non-repudiationCan you claim that you didn't send or receive it even if you did? Key-based digital signing and signature verification, message reliability.
IntegrityWas it altered before I got it?Message Digest, itself authenticated with a digital signature.
AuthorizationAre you allowed to have it?Application of policy, access control, digital rights management.
AuditingCan I prove what happened?Various forms of logging, themselves secured to avoid tampering.




No comments: