OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: XML for forms

[ Lists Home | Date Index | Thread Index ]
  • From: Gavin McKenzie <gmckenzi@JetForm.com>
  • To: 'Tim Bray' <tbray@textuality.com>, David Megginson <david@megginson.com>, xml-dev@ic.ac.uk
  • Date: Mon, 5 Jul 1999 16:05:43 -0400


Tim Bray writes:
> Emulating paper isn't the issue; making the transaction admissable
> as evidence is.  

Determining admissible evidence is clearly outside the scope of
responsibility of an e-forms vendor. :-)

> That is why XFDL for example insists on including
> in the form document all the presentational information and so on - 
> the claim is that you have to digitally sign not only the answers to
> the questions but the questions and how they were presented to the 
> user, in order to achieve the goal of non-repudiation.  (Mind you,
> this should be done using CSS or flow objects rather than with
> custom tags as XFDL did).

Sign yes. Include no.  It requires that content (data) and the context
(presentation) be signed, but fusing the data content and the presentation
together isn't necessary; and it is very costly on a number of levels.  

Simply including a fingerprint of the presentation as part of the data
signing is sufficient.  Nothing more is achieved by choosing to store or
incorporate the presentation with the data or vice-versa.

> 
> As a legal illiterate, I'm not sure what the real state of play is
> here - but I still think that a list of context-free name/value
> pairs is a pretty shaky basis for a legally binding transaction. -T.

True.  Hence why incorporating the presentation as a participant in the
signature is so important.  

But also recognize that not all forms require such a heavy hand of security.
Many forms are used in (closed) environments with a higher level of trust.
Other forms are simply 'worksheets' that facilitate the data entry of data
which is completely self-describing and can be signed on its own.  

Some processes do not need to sacrifice the particular aspect of flexibility
that is lost when signing data in concert with presentation -- the
flexibility lost is that the data won't verify in another
presentation...this of course is the primary feature of including the
presentation in the signature, but in some usage contexts this feature is
undesirable.

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo@ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo@ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa@ic.ac.uk)






 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS