[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Clarification on scope please - What is DSS claiming to be in rel ation to legally binding signatures to people for Non Repudiat ion
Tim, all, If asked, I'd say that legal issues weren't explicit considerations during the design process that produced GSS-API. Some participants were familiar with some relevant legal issues (e.g., crypto export), but I'm not now recalling examples where these aspects were directly debated in the course of evolving the standards. Integration of security services into a technical framework can be a challenging problem in itself, but seems more the sort of problem that I'd expect to address effectively within a protocol standards forum than questions of integrating technology into a legal framework. I can't quantify an impact or schedule estimate for "legal integration", but would expect that it could be quite substantial, especially given that legal constraints vary across borders while protocol matters are largely common on an international basis. --jl -----Original Message----- From: Tim Moses [mailto:tim.moses@entrust.com] Sent: Wednesday, July 09, 2003 3:22 PM To: 'Gray Steve'; dss@lists.oasis-open.org Subject: RE: [dss] Clarification on scope please - What is DSS claiming to be in rel ation to legally binding signatures to people for Non Repudiat ion Personally, I think non-repudiation is a total rat-hole and red herring. Of course, our protocol should allow for actors to be accountable for their actions. But, our discussions should be strictly technical. There are plenty of <soap:boxes> for anyone who wants to argue about (and come to no conclusions over) legal theory. What would John Linn say if we were to ask him whether legal considerations were taken into account in the definition of GSS_API and whether it would be complete today if they had? All the best. Tim. -----Original Message----- From: Gray Steve [mailto:steve.gray@upu.int] Sent: Wednesday, July 09, 2003 2:18 PM To: dss@lists.oasis-open.org Subject: [dss] Clarification on scope please - What is DSS claiming to be in rel ation to legally binding signatures to people for Non Repudiation Dear Colleagues I am seeking general feedback and opinions in relation to the issue of Non-Repudiation (and yes, technically everything can be repudiated) The Posts, through the development of the EPM are addressing requirements so that digital signatures can replace handwritten signatures so that legal documents can remain in electronic form. This is not just a legal issue. It is also a business risk issue. For example, my use case describing the Non Disclosure Agreement describes an end-to-end process of a legal electronic document being created. The NDA could easily be a contract worth millions of dollars and therefore significant business risk. Our objective is to define standards that support the concept of legally binding Non-Repudiation services using digital signatures for electronic documents, transactions, etc. This objective is based on strong market validation involving governments, business, software vendors, etc. But we must address more than just pure technical issues. We must also be making a strong statement about the legal value of an electronic document or message that is digitally signed, by combining information about Who, What When, Why and the strength of the process in gathering this information. A strong chain of trust mitigates the business risks. Basically we need standards with Non-Repudiation in scope, but if the DSS is focused on too low a level it may be too generic and therefore weaken the perception of Non-Repudiation. So my question to the TC ; - Is Non-Repudiation clearly within the scope of DSS as a formal User requirement Perhaps John Messing could also comment from a legal perspective in relation to the eNotarisation use case and the Legal XML TC as to if/how/where you think legally binding Non Repudiation belongs for use cases involving significant business risk. Regards Steve Gray > _________________________________________________ > Steve Gray > Program Manager, e-Business > Postal Technology Centre > International Bureau of the Universal Postal Union > Weltpoststrasse 4 > 3000 Bern 15 > Switzerland > > Tel: +41 31 350 3116 (Direct) > Tel: +41 31 350 3111 (Switchboard) > Fax: +41 31 352 4323 > e-mail: steve.gray@upu.int > Web: http://postinfo.upu.org > http://www.upu.int > > > > > You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]