[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [egov] Re: Secure Workflow. Was: [egov] "Dry" and "Wet" signatures - A definition
+1 And to echo Ed's point, this is where identity comes in. Even if a "document" is permanently mutable, that doesn't necessarily hold for each of the "manifestations" of the document that are created and captured over time (snapshots, if you will). These manifestations (whether you consider then as versions or whatever is a context issue) are - by definition - immutable and can - must - be given identity and can be signed. The "wet" document as a conceptual "work in progress" can also be given an immutable identity but signing this would be pointless as the time-frozen "snapshot" really captures the state at a given moment. You can then build associations between the abstract "work" and the specific, signed, manifestations and make assertions on those associations ("this is the draft submission v2.6 as presented to the auditors on DDMMYYYY...") Where do we want to go with this? Are we looking for a policy framework for recognition of digitally-signed and long-term archived documents? If so, then I think the Austrian government and others in the European Union might be interested, as this is a hot political topic at present. Regards, -Peter -----Original Message----- From: Duane Nickull [mailto:dnickull@adobe.com] Sent: 29 August 2005 21:32 To: John Messing Cc: Ed Chase; eGov OASIS; Anders Rundgren Subject: Re: [egov] Re: Secure Workflow. Was: [egov] "Dry" and "Wet" signatures - A definition John Messing wrote: >I think that is where Anders began the discussion. > > Anders began this thread with a statement that this field is virgin and somewhat open. I felt compelled to point out, as you have, that it is somewhat mature and there are even legislated standards in North America. Summary? The point I felt needed clarification is the set of assumptions and logic pertaining to document mutability. I will assert that all documents are mutable (wet) and one should never make an assumption that the format itself provides protection against change. Even PDF can be changed if you employ the right libraries. A better methodology is to assume from the start that all documents are mutable and ensure your digital signature mechanism can link a specific signature to the exact content that was signed. To completely satisfy legal requirements, even the algorithms used by the agent to present the original electronic content to the one who signs it is important to capture since someone may eventually challenge you to provide proof that the signer saw the exact same document that is being rendered later. Even a change in screen resolution, screen settings (B&W vs 16 bit color vs 256 bit color) and versions of JVM's can present problems on this front. Duane --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]