Chapter 9. Integrity, Nonrepudiation, and Confidentiality

Among the foundational concepts in digital identity are integrity, nonrepudiation, and confidentiality. Integrity ensures a message or transaction has not been tampered with. Nonrepudiation provides evidence for the existence of a message or transaction and ensures its contents cannot be disputed once sent. Confidentiality ensures that only the people or processes authorized to view and use the contents of a message or transaction have access to those contents. In some situations, these properties are unneeded luxuries, but in others, the lack of just one of these properties can lead to disaster. Understanding them, and when to use them, is crucial to a digital identity management strategy:

Integrity

Integrity is a fundamental requirement of a trustworthy identity infrastructure. Identity systems exchange credentials as well as messages and transactions regarding attributes, provisioning information, and other data. Trusting that the contents of these systems have not been tampered with is vital. As an example, consider a document representing identity credentials. To trust those credentials, we must be able to verify they are authentic and have not been changed.

Nonrepudiation

Nonrepudiation is the presentation of unforgeable evidence that a message was sent or received. If messages or transactions can be disputed, then important identity actions can be challenged and jeopardized. These disputes can take two forms. Consider ...