Non-repudiation of actions taken is required in order to maintain application integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message.
Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document.
Enforcing non-repudiation of actions requires that each user be identified. Without this identification, events cannot be traced to a user, and a forensic investigation cannot be conducted to determine what exactly happened and who caused the event to occur. By forcing users to authenticate, each auditable event can be tied to a user, and a sequence of events for the user can be determined. This is critical when investigating an issue or an attack. |