nunogt · October 23, 2022 16:04 · Oct 23, 2022
diff --git a/security-services.md b/security-services.md
@@ -0,0 +1,22 @@
+# Relationship between security services
+---
+```mermaid
+flowchart
+S[Security Services] 
+S --> E[Entity]
+S --> D[Data]
+E --1--> ID[Entity Identity];
+D --2--> DI[Data Integrity];
+D --3--> DC[Data Confidentiality];
+ID --4--> EA[Entity Authentication];
+ID --5--> DOA[Data Origin Authentication];
+DI --6--> DOA --7--> NR[Non-Repudiation];
+```
+---
+1. _Entity Identity_ refers to a user or process interacting with a security service. 
+2. _Data Integrity_ attests whether modification of data occurred.
+3. _Data Confidentiality_, achieved primarily through encryption, generally does **not** provide assurance of who sent the data nor that it is correct (_identity_ and _integrity_).
+4. _Entity Authentication_ attests that a given entity is **involved** and **currently active** in a communication session. It requires a freshness mechanism and is used when accessing resources. It does not necessarily require the _origin_ of any data to be checked.
+5. _Data Origin Authentication_ implies proof of the _Identity_ the data originates from.
+6. _Data Origin Authentication_ implies _Data Integrity_, but not the other way around. If we're not sure about the _origin_ of the data, we cannot attest to its _integrity_.
+7. _Non-Repudiation_ cannot be provided without _Data Origin Authentication_ (and hence _Data Integrity_). In other words, having the assurance that a particular event was performed by an entity, also requires assurances about the _origin_ of the data.