[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [egov] Re: Secure Workflow. Was: [egov] "Dry" and "Wet" signatures - A definition
I think this is precisely the point. > -------- Original Message -------- > Subject: RE: [egov] Re: Secure Workflow. Was: [egov] "Dry" and "Wet" > signatures - A definition > From: "Peter F Brown" <peter@justbrown.net> > Date: Mon, August 29, 2005 1:02 pm > To: "'Duane Nickull'" <dnickull@adobe.com>, "'John Messing'" > <jmessing@law-on-line.com> > Cc: "'Ed Chase'" <chase@adobe.com>, "'eGov OASIS'" > <egov@lists.oasis-open.org>, "'Anders Rundgren'" > <anders.rundgren@telia.com> > > +1 > And to echo Ed's point, this is where identity comes in. Even if a > "document" is permanently mutable, that doesn't necessarily hold for each of > the "manifestations" of the document that are created and captured over time > (snapshots, if you will). These manifestations (whether you consider then as > versions or whatever is a context issue) are - by definition - immutable and > can - must - be given identity and can be signed. The "wet" document as a > conceptual "work in progress" can also be given an immutable identity but > signing this would be pointless as the time-frozen "snapshot" really > captures the state at a given moment. You can then build associations > between the abstract "work" and the specific, signed, manifestations and > make assertions on those associations ("this is the draft submission v2.6 as > presented to the auditors on DDMMYYYY...") > > Where do we want to go with this? Are we looking for a policy framework for > recognition of digitally-signed and long-term archived documents? If so, > then I think the Austrian government and others in the European Union might > be interested, as this is a hot political topic at present. > > Regards, > > -Peter > > -----Original Message----- > From: Duane Nickull [mailto:dnickull@adobe.com] > Sent: 29 August 2005 21:32 > To: John Messing > Cc: Ed Chase; eGov OASIS; Anders Rundgren > Subject: Re: [egov] Re: Secure Workflow. Was: [egov] "Dry" and "Wet" > signatures - A definition > > > > John Messing wrote: > > >I think that is where Anders began the discussion. > > > > > Anders began this thread with a statement that this field is virgin and > somewhat open. I felt compelled to point out, as you have, that it is > somewhat mature and there are even legislated standards in North America. > > Summary? > > The point I felt needed clarification is the set of assumptions and logic > pertaining to document mutability. I will assert that all documents are > mutable (wet) and one should never make an assumption that the format itself > provides protection against change. Even PDF can be changed if you employ > the right libraries. A better methodology is to assume from the start that > all documents are mutable and ensure your digital signature mechanism can > link a specific signature to the exact content that was signed. > > To completely satisfy legal requirements, even the algorithms used by the > agent to present the original electronic content to the one who signs it is > important to capture since someone may eventually challenge you to provide > proof that the signer saw the exact same document that is being rendered > later. Even a change in screen resolution, screen settings (B&W vs 16 bit > color vs 256 bit color) and versions of JVM's can present problems on this > front. > > Duane > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]