OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

odf-adoption message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [odf-adoption] digital signatures

I guess it depends on what you think the user should be made aware of:

1) The signing state of every document they open, whether unsigned, valid 
signature or invalid signature?

2) Or only give a more prominent notification in the exceptional case: 
invalid signature (such as from a tampered document)?

There is often the risk of "security fatigue" where if the user is shown 
too many popups and information, that they become desensitized and fail to 
notice when the rare, but critical exceptions occur.

But I suppose this is really a user preference.  In some cases an unsigned 
document may be the exceptional case that requires a prominent warning, 
while in other cases this is not a problem.

-Rob



From:
Hanssens Bart <Bart.Hanssens@fedict.be>
To:
"odf-adoption@lists.oasis-open.org" <odf-adoption@lists.oasis-open.org>
Date:
09/11/2009 08:50 AM
Subject:
[odf-adoption] digital signatures



Hi,


still working on digital signatures brochure, I'm a bit stuck at the point 
explaining
to a user how to verify the signature of a signed document

IMHO, it's still quite hard for an average user to understand what's going 
on when
opening a signed document (also the case in non-ODF applications, by the 
way)

It touches the subject of interoperability and the OASIS DSS-X Visible 
Signatures
Profile, but I think the key of successfully adopting digital signature 
support is a
user-friendly, in-your-face approach, instead of the now somewhat 
confusing or
easy to miss dialogs or (small) messages / icons in a status bar.

For instance, when opening a signed document with a valid signature, a 
green
popup / large sidebar could be shown with some basic info and (if 
available) a
picture of the signer (that could be added when signing, using 
SignerImage)

A detail window could show the certificate chain in a nice graphical way 
without
too much detail.

Of course, it could be a yellow/orange box when the certificate has 
expired and
a red when the document is changed after signing or something similar

I've included a very basic example on how this could look (in attachment), 
just
a thought, but perhaps useful.


Best regards,

Bart
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]