OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Security - question about nonrepudiation


      "Lurks", my foot.
       Bob's understanding excerpted below is the same as mine.
      There is much more that might be said about the business requirements 
applicable to a transactional system that creates artifacts that would be 
of use in court to prove up a "contract" with a degree of certainty 
comparable to the paper functional equivalent.
       (The isLegallyBinding parameter is one serviceable way, although not 
the only way, to achieve this.  Another valid one would be to say 
"everything we send over the wire is live, and enforceable, every 
time."  But (1) in my experience the latter approach is neither sellable, 
nor easily implemented by most users, nor safe for more of them at 
present.  And (2) where, exactly would you "say" this?  I think the easiest 
answer is to declare it in the standard and then adopt it by adopting the 
standard.  And that's what we did.)
       The key take-away is not to over-rely on isomorphism between 
XML-DSIG (a perfectly good standard for some purposes) and the various 
meanings imputed to a manual physical signature.  In ebXML broadly speaking 
we ARE making DSIG available for use for authentication of sender identity, 
and it MAY to used to hash over some things in a way that provides some 
assurance of integrity as well, but it IS NOT also a determinative 
indicator that the person is (or is not) legally "signing", in the sense of 
a solemnization that is conclusively interpreted by courts as evidence of 
intent to be bound.  It can't do triple duty effectively.
     What may not be immediately apparent to non-lawyers is that there is a 
tremendous amount of legitimate business concern about indeterminacy about 
whether a document does, or does not, evidence intent to be 
bound.   Trading partners will seek to leverage any ambivalence.  It is in 
the interest of counterparties, and standards designers who look to them as 
their early adopter customers, to provide a system that can minimize the 
opportunity for that ambivalence.

Best regards   Jamie

>> > MWS:  There was a lot of discussion of isLegallyBinding on the listservers
>> > a few weeks ago.  I believe that the position of the BP team is that
>> > isLegallyBinding is simply a test vs production indicator and not some
>>kind of legal status issue for the CPA + BPSS instance as a whole.
>
>bhaugen: * * * In contract negotiation, it is often useful to pass trial 
>contract documents
>around until they reach an acceptable state.  In the paper world, the real 
>contracts would
>be differentiated from the trial ones because the real ones would be signed.
>
>We determined that digital signatures could not be used in the same way as
>paper signatures (to differentiate trial contracts from real ones) because 
>digsigs
>have many other purposes, e.g. authentication, and may want to be used for 
>trial
>documents, too.  Thus the 'isLegallyBinding' flag.
>
>It is also useful for test vs production, and probably other situations when
>trading partners want to transmit documents for info purposes that they do 
>not want
>to have any binding effect.
>
>Jamie Clark lurks on this list too, so he may correct me if I messed
>anything up, but I was there when this stuff was decided.
>
>-Bob Haugen


James Bryce Clark
VP and General Counsel
McLure Moynihan Inc.
Chair, ABA Business Law Subcommittee on Electronic Commerce
jamie.clark@mmiec.com,  jbc@lawyer.com
1 818 597 9475   



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC