File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes What are my options for non-repudiation? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "What are my options for non-repudiation?" Watch "What are my options for non-repudiation?" New topic
Author

What are my options for non-repudiation?

Manny Worden
Greenhorn

Joined: Sep 11, 2004
Posts: 6
I've scanned through your book, and plan on reading it shortly. I have a question on your "security fundamentals" chapter. What options do I have to enforce non-repudiation for an SOA? Is the likely solution to depend on a (vendor specific) implementation of an ESB? Or are there other options?


Manny
Ramesh Nagappan
Author
Ranch Hand

Joined: May 06, 2003
Posts: 159
Originally posted by Manny Worden:
I've scanned through your book, and plan on reading it shortly. I have a question on your "security fundamentals" chapter. What options do I have to enforce non-repudiation for an SOA? Is the likely solution to depend on a (vendor specific) implementation of an ESB? Or are there other options?


Manny


Manny,

Thanks for your interests.

To ensure Non-repudiation in SOA and ESB (assuming a Web Services channel or JMS), the book identifies "Secure Message Router" and "Secure Logger" patterns. The Secure Message Router is an security intermediary that aggreagtes access to multiple service endpoints for both incoming and outgoing messages and dynamically provides the security logic for routing the messages to its ultimate destinations. To ensure NON-REPUDIATION, it makes use of digital signatures and time stamps in messages and also adopts the "Secure Logger" for creating a tamper-proof audit trails.

You will find "Secure Message Router" pattern in Chapter 11.


Hope this helps

/Ramesh


Ramesh Nagappan CISSP<br />Co-Author of "Core Security Patterns"<br />nramesh@post.harvard.edu<br /><a href="http://www.coresecuritypatterns.com" target="_blank" rel="nofollow">www.coresecuritypatterns.com</a>
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: What are my options for non-repudiation?
 
Similar Threads
how to handle non-repudiation if Client Authentication is not used
How's calling my SSL Webservice ?
Structure of Book - Enterprise Java 2 Security
what does Non-repudiation mean?
network monitoring tool