[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [odf-adoption] digital signatures
I guess it depends on what you think the user should be made aware of: 1) The signing state of every document they open, whether unsigned, valid signature or invalid signature? 2) Or only give a more prominent notification in the exceptional case: invalid signature (such as from a tampered document)? There is often the risk of "security fatigue" where if the user is shown too many popups and information, that they become desensitized and fail to notice when the rare, but critical exceptions occur. But I suppose this is really a user preference. In some cases an unsigned document may be the exceptional case that requires a prominent warning, while in other cases this is not a problem. -Rob From: Hanssens Bart <Bart.Hanssens@fedict.be> To: "odf-adoption@lists.oasis-open.org" <odf-adoption@lists.oasis-open.org> Date: 09/11/2009 08:50 AM Subject: [odf-adoption] digital signatures Hi, still working on digital signatures brochure, I'm a bit stuck at the point explaining to a user how to verify the signature of a signed document IMHO, it's still quite hard for an average user to understand what's going on when opening a signed document (also the case in non-ODF applications, by the way) It touches the subject of interoperability and the OASIS DSS-X Visible Signatures Profile, but I think the key of successfully adopting digital signature support is a user-friendly, in-your-face approach, instead of the now somewhat confusing or easy to miss dialogs or (small) messages / icons in a status bar. For instance, when opening a signed document with a valid signature, a green popup / large sidebar could be shown with some basic info and (if available) a picture of the signer (that could be added when signing, using SignerImage) A detail window could show the certificate chain in a nice graphical way without too much detail. Of course, it could be a yellow/orange box when the certificate has expired and a red when the document is changed after signing or something similar I've included a very basic example on how this could look (in attachment), just a thought, but perhaps useful. Best regards, Bart --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]