WebApp Sec mailing list archives
Re: Security Issues with Workflow apps
From: Saqib Ali <docbook.xml () gmail com>
Date: Sun, 11 Sep 2005 11:47:08 -0700
workflow emails can be digital signed, however this will require the workflow application to support verfication of the signature using a Public key from a Certificate Store. And will also require each participant to posses a digital certficate if they want to contribute in the workflow. I believe, Lotus Domino provides this functionality, but the workflow application has to be built on the Domino platform as well. My question was more aimed towards more commonly used workflow apps that do not provide non-repudiation and authentication using digital certficates. Actually I was looking for articles that discuss the security issues with workflow apps that do NOT use digital certs for authentication and non-repudiation, so that I can make a case for using Digital Certs.
you may want to use non-repudiation in the workflow system, like signing of digital cert.
-- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- Security Issues with Workflow apps Saqib Ali (Sep 08)
- <Possible follow-ups>
- Re: Security Issues with Workflow apps Anthony Chan (Sep 11)
- Re: Security Issues with Workflow apps Saqib Ali (Sep 11)