Term · 7. Security & Standards
Non-repudiation
Definition
Cryptographic property preventing parties from denying their actions — authentication events, transactions, approvals are bound to the responsible identity via digital signature. Foundation for legal accountability in identity systems. Enabled by PKI-based identity (FIDO2 hardware keys, qualified electronic signatures under eIDAS).
- Application
- MidPoint: Non-repudiation is an ability to prove that an event happened, including proof of the originating parties.
- Standards & regulations
-
- NIST SP 800-57 Part 1 Rev. 5 «Non-repudiation: A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party as having originated from »
- NIST SP 800-63-4 «Digital signatures provide authenticity protection, integrity protection, and non-repudiation support but not confidentiality or replay attack protection.»
- NIST SP 800-63A «Digital signatures provide authenticity protection, integrity protection, and non-repudiation support but not confidentiality or replay attack protection.»
- ISO/IEC 27000:2018 «non-repudiation: ability to prove the occurrence of a claimed event or action and its originating entities.»
- ISO/IEC 13888-1:2009 «non-repudiation: property that protects against an individual or entity falsely denying having performed a particular action related to data.»
- ISO/IEC 18014-1:2016 «non-repudiation: property achieved through cryptographic methods to protect against an entity falsely denying having performed a particular action related to time-stamped data.»
- RFC 4949 «non-repudiation (I): A security service that provides protection against false denial of involvement in a communication. (O) /SET/ A service that provides proof of the integrity and origin of data, an»
- RFC 5280 «Non-repudiation (content commitment) is the service that is used to provide proof of the integrity and origin of data. This service may be required in order to resolve disputes about the validity of a»
- ETSI EN 319 102-1 V1.4.1 «non-repudiation: ability to prevent the denial of previous commitments or actions, in conjunction with the ability to identify the originator of a message or transaction, typically by means of digital»
- Sources
-
- NIST SP 800-57 Part 1 Rev. 5 (csrc.nist.gov) primary source
Related terms
-
Confidentiality
Security principle ensuring data is accessible only to authorized identities. One of the CIA triad (Confidentiality, Int …
-
Connector (Conn)
Integration component between IDM/IGA platform and a target system — enables provisioning, deprovisioning, reconciliatio …
-
Decentralized Identifiers (DID)
W3C standard (DID v1.0, 2022) for globally unique identifiers controlled by the identity subject, not a central authorit …
-
DPoP (Demonstration of Proof of Possession) (DPoP)
Demonstration of Proof-of-Possession — IETF RFC 9449, OAuth 2.0 mechanism binding an access token to a private key held …
-
Kerberos
Network authentication protocol developed at MIT (Kerberos v5: IETF RFC 4120, 2005) using symmetric-key cryptography and …
-
OpenID Connect (OIDC)
Identity layer on top of OAuth 2.0 (OpenID Foundation, OIDC Core 1.0). Provides standardized authentication via JWT ID t …