WebApp Sec mailing list archives

Re: Security Issues with Workflow apps

From: Saqib Ali <docbook.xml () gmail com>
Date: Sun, 11 Sep 2005 11:47:08 -0700

workflow emails can be digital signed, however this will require the
workflow application to support verfication of the signature using a
Public key from a Certificate Store. And will also require each
participant to posses a digital certficate if they want to contribute
in the workflow. I believe, Lotus Domino provides this functionality,
but the workflow application has to be built on the Domino platform as
well.

My question was more aimed towards more commonly used workflow apps
that do not provide non-repudiation and authentication using digital
certficates. Actually I was looking for articles that discuss the
security issues with workflow apps that do NOT use digital certs for
authentication and non-repudiation, so that I can make a case for
using Digital Certs.

you may want to use non-repudiation in the workflow system, like signing of digital cert.


-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.

Current thread:

Security Issues with Workflow apps Saqib Ali (Sep 08)
- <Possible follow-ups>
- Re: Security Issues with Workflow apps Anthony Chan (Sep 11)
- Re: Security Issues with Workflow apps Saqib Ali (Sep 11)