oiic-formation-discuss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [oiic-formation-discuss] List of ODF interop issues that need to beaddressed -- Electronic signatures
- From: robert_weir@us.ibm.com
- To: oiic-formation-discuss@lists.oasis-open.org
- Date: Tue, 1 Jul 2008 14:48:29 -0400
"Hurley, Garry \(L&I - OIT\)" <ghurley@state.pa.us>
wrote on 07/01/2008 02:18:16 PM:
> I think that before we add in the requirement for digital signatures
> to be preserved/included, we need to have a standard definition of
> what an electronic signature is. Is it a digital image of a
written
> signature, a 64-bit key, a 128-bit key, a 1024-bit key, or just a
4-
> bit key? Different applications will recognize different levels
of
> security and "electronic signatures" until a standard definition
is
> decided upon. I would suggest that OASIS or some other standards
> body may want to define, once and for all time, what is and is not
> considered an "electronic signature" (a bit-length key should
> specify only a minimum, to allow it to be expanded as time goes by
> and as needed).
>
Key length is a sensitive issue, since some nations
have restrictions on what they allow for use by private citizens, and some
other nations have restrictions on what can be used in software that is
exported. The net result is that digital signature frameworks, like
the W3C's Digital Signature standard (http://www.w3.org/TR/xmldsig-core/)allow
for a variety of algorithms and key lengths.
The above mentioned standard gives a few examples
of what an XML digital signature looks like, e.g.: http://www.w3.org/TR/xmldsig-core/#sec-o-Simple
ODF 1.2 will include the use of W3C Digital Signatures.
This is also an interesting area to look at for those
who would forbid all ODF extensions. In several cases, governments
have extended the W3C's Digital Signature to add additional elements in
their own name space. These extensions are mandated by regulation
or legislation. Different countries have different requirements,
and these requirements change at a quicker pace than standards change.
Do we forbid conforming ODF applications from fulfilling the mandatory
requirements of these governments? I assure you that those companies
selling proprietary formats will have no hesitation meeting their customer's
needs.
-Rob
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]