A fair Non-repudiation service in a web services peer-to-peer environment

摘要

"Non-repudiation", a well known concept in security engineering, provides measures to ensure that participants in a communication process cannot deny having participated. This concept is of eminent importance in business cases based on service oriented architectures (e.g. electronic billing). However, there is no sophisticated standard implementing fair Non-repudiation in such an environment. In this paper, we will introduce a framework providing fair Non-repudiation for Web service messages. It implements an arbitrary, pre-defined protocol using Web services technology, but completely hides the protocol execution from the target Web services. To allow the integration of security requirements in an early stage of the development cycle, a model-driven configuration approach is used. Furthermore, the procedure is not tied to Non-repudiation protocols only, which means that a broad range of protocols can be integrated in a similar way. The framework presented in this paper leverages existing standards and protocols for an efficient adoption in service oriented architectures.