[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: InfoPath Digital Signature controversy?


infopath digital signature
In a message dated 29/10/2003 03:24:31 GMT Standard Time, mc@x... writes:

I came across this article in Robin Cover's xml.org newswire ...  
http://www.vnunet.com/News/1145784   with the somewhat inflamatory 
subtitle "World Wide Web Consortium says InfoPath signatures cannot be 
trusted."  A little searching identified what looks like the primary 
source: 
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003OctDec/
0010.html  (hardly an official pronouncement of the W3C!)  The gist 
seems to be:

   "Since InfoPath signs the data only, it is extremely easy to add 
things to the user interface after the user has signed, like fine print 
obligating the user to terms and conditions to which the signer did not 
originally agree "

The article implies that XForms is somehow more secure or friendly to 
DSig than InfoPath, but the posting and followups make clear that 
XForms has no DSig story.

Thoughts, or context on all this, anyone?


Mike,

Apologies for being miles behind in my email.

The context is that I raised a question on security or otherwise of XForms. John Boyer gave a long response which included a very positive view on (his own?) XFDL. At the same time, as I recall, he acknowledged that XForms was lacking digital signatures in XForms 1.0.

I had pointed out that InfoPath has several security features including a form of digital signature that XForms 1.0 lacks. It seems from one of the follow-ups to your post that was interpreted as stating that InfoPath's security is vastly superior to XForms' security. I don't think I said that in those terms but haven't gone back to check.

There is a line of thinking (from the legal profession, in part) that the presentation form (that word again) of a form must be captured as well as the XML (instance) data. That seems to me to be philosophically different from the separation of presentation of data in XForms and, to a slightly lesser extent, in InfoPath.

I understood John Boyer to indicate that neither XForms nor InfoPath would meet those requirements for legal documents which he seemed to view positively. I don't find the failure of either XForms or InfoPath to solve this legal situation problematic since neither technology aims, as far as I am aware, to address such scenarios.

  Nobody in authority at W3C 
has jumped into this have they? 


John Boyer who is on the XForms WG commented.

Andrew Watt

This was cross-posted all over the 

place and I didn't follow the other threads ... anything interesting 
come out in them?



PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.