RE: [egov] Re: Secure Workflow. Was: [egov] "Dry" and "Wet" signatures - A definition

[John Messing <jmessing@law-on-line.com>]

I think this is precisely the point.


> -------- Original Message --------
> Subject: RE: [egov] Re: Secure Workflow. Was: [egov] "Dry" and "Wet"
> signatures - A definition
> From: "Peter F Brown" <peter@justbrown.net>
> Date: Mon, August 29, 2005 1:02 pm
> To: "'Duane Nickull'" <dnickull@adobe.com>, "'John Messing'"
> <jmessing@law-on-line.com>
> Cc: "'Ed Chase'" <chase@adobe.com>, "'eGov OASIS'"
> <egov@lists.oasis-open.org>, "'Anders Rundgren'"
> <anders.rundgren@telia.com>
> 
> +1
> And to echo Ed's point, this is where identity comes in. Even if a
> "document" is permanently mutable, that doesn't necessarily hold for each of
> the "manifestations" of the document that are created and captured over time
> (snapshots, if you will). These manifestations (whether you consider then as
> versions or whatever is a context issue) are - by definition - immutable and
> can - must - be given identity and can be signed. The "wet" document as a
> conceptual "work in progress" can also be given an immutable identity but
> signing this would be pointless as the time-frozen "snapshot" really
> captures the state at a given moment. You can then build associations
> between the abstract "work" and the specific, signed, manifestations and
> make assertions on those associations ("this is the draft submission v2.6 as
> presented to the auditors on DDMMYYYY...")
> 
> Where do we want to go with this? Are we looking for a policy framework for
> recognition of digitally-signed and long-term archived documents? If so,
> then I think the Austrian government and others in the European Union might
> be interested, as this is a hot political topic at present.
> 
> Regards,
> 
> -Peter
> 
> -----Original Message-----
> From: Duane Nickull [mailto:dnickull@adobe.com] 
> Sent: 29 August 2005 21:32
> To: John Messing
> Cc: Ed Chase; eGov OASIS; Anders Rundgren
> Subject: Re: [egov] Re: Secure Workflow. Was: [egov] "Dry" and "Wet"
> signatures - A definition
> 
> 
> 
> John Messing wrote:
> 
> >I think that is where Anders began the discussion.
> >  
> >
> Anders began this thread with a statement that this field is virgin and
> somewhat open.  I felt compelled to point out, as you have, that it is
> somewhat mature and there are even legislated standards in North America.
> 
> Summary?
> 
> The point I felt needed clarification is the set of assumptions and logic
> pertaining to document mutability.  I will assert that all documents are
> mutable (wet) and one should never make an assumption that the format itself
> provides protection against change.  Even PDF can be changed if you employ
> the right libraries.  A better methodology is to assume from the start that
> all documents are mutable and ensure your digital signature mechanism can
> link a specific signature to the exact content that was signed. 
> 
> To completely satisfy legal requirements, even the algorithms used by the
> agent to present the original electronic content to the one who signs it is
> important to capture since someone may eventually challenge you to provide
> proof that the signer saw the exact same document that is being rendered
> later.  Even a change in screen resolution, screen settings (B&W vs 16 bit
> color vs 256 bit color) and versions of JVM's can present problems on this
> front.
> 
> Duane
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php