/
Handling Non-Repudiation

Handling Non-Repudiation

Owned by Ian Christopher
May 31, 2017

Where data security is important, an action performed by a user must have an authentication that can be assured to be genuine with a high degree of confidence. This is known as non-repudiation.[13] Once a security environment has been established, operational logs consisting of (minimally) the user, application, resource, operation, and date/time information should be maintained to establish a basis for non-repudiation[14] within an Ed-Fi REST API implementation. These logs should be audited on a regular basis.

 

13 Non-repudiation is discussed in detail here. 

14 When all REST API actions are secure and logged, the user purported to have performed an action must actually have done it. Without appropriate security or logging, it cannot be guaranteed that a specific user actually performed an action on the system. 

Related content

Handling Non-Repudiation
Handling Non-Repudiation
Ed-Fi Data Standard v2.2
More like this
Handling Non-Repudiation
Handling Non-Repudiation
Ed-Fi Data Standard v2.0
More like this
Handling Non-Repudiation
Handling Non-Repudiation
Ed-Fi Data Standard v3.0
More like this
Handling Authentication and Authorization
Handling Authentication and Authorization
Ed-Fi Data Standard v3.0
More like this
Handling Authentication and Authorization
Handling Authentication and Authorization
Ed-Fi Data Standard v2.0
More like this
Handling Authentication and Authorization
Handling Authentication and Authorization
Data Standard v2.1
More like this