[
Lists Home |
Date Index |
Thread Index
]
- From: "Barclay Blair" <barclay@uwi.com>
- To: "Rob McDougall" <RMcDouga@JetForm.com>, <xml-dev@ic.ac.uk>
- Date: Tue, 13 Jul 1999 15:36:52 -0700
Rob,
Sorry, I didn't mean to obfuscate Gavin's intent by "heavily editing" his
original message, which I assume everyone on the list has had a chance to
read by now.
>Signing and persistence are two separate issues.
Clearly, yes.
>Yes, the signing of a form must include the presentation and the content,
but no, the two do not need to be persisted together.
>The signature (which can include the presentation's fingerprint) + the data
is sufficient to determine if the correct presentation is being subsequently
used.
According to whom?
Rob, what exactly do you mean by a "presentation fingerprint" here? How is
this bound to the data and structure of the record?
>If the signature includes the presentation in its digest then it will not
verify with a different presentation.
The issue here is whether or not an independent third party can verify the
exact state of the data, presentation, and structure (the components
necessary to create a binding record) at the time the user applied the
signature.
I'm not totally clear on what you mean when you talk about "a different
presentation." If you are talking about presenting the same data in
multiple formats, then you are actually talking about presenting multiple
documents. If this is the case, then each different "view" needs to be
treated as a different document.
If you refer back to the Cohasset document I pointed out, you will see that
it touches on concepts that are well defined by organizations like AIIM.
These guidelines state that even small alterations in the appearance of a
document can seriously alter its legal weight. I would encourage you to
check this information out.
>One can persist the data and presentation separately with all the attendant
savings.
What type of savings are you referring to?
>Were these legal agents you speak of apprised of this option?
Systems that keep document templates and data in separate places have been
around for ages, so I would guess that they were aware of them.
Barclay
============================================
Barclay Blair -- Industry Relations
UWI.Com -- The InternetForms Company
v: 250-479-8334 x161 fx: 250-479-3772
barclay@uwi.com www.uwi.com
============================================
-----Original Message-----
From: owner-xml-dev@ic.ac.uk [mailto:owner-xml-dev@ic.ac.uk]On Behalf Of
Rob McDougall
Sent: Tuesday, July 13, 1999 2:47 PM
To: xml-dev@ic.ac.uk
Subject: RE: XML for forms
Gavin's intent is clearer in its original context than in the heavily edited
one you provide.
Signing and persistence are two separate issues. Yes, the signing of a form
must include the presentation and the content, but no, the two do not need
to be persisted together. The signature (which can include the
presentation's fingerprint) + the data is sufficient to determine if the
correct presentation is being subsequently used.
If the signature includes the presentation in its digest then it will not
verify with a different presentation. One can persist the data and
presentation separately with all the attendant savings.
Were these legal agents you speak of apprised of this option?
Rob
-----Original Message-----
From: Barclay Blair [mailto:barclay@uwi.com]
Sent: July 13, 1999 5:21 PM
To: Gavin McKenzie; 'Tim Bray'; 'David Megginson'; xml-dev@ic.ac.uk
Subject: RE: XML for forms
Gavin,
I'm interested to know from where you are deriving your opinion that
"persisting presentation and data together isn't required or necessary,"
when legal experts have stated differently. I'd been interested in any
information that you could provide from legal experts who say that it is
better, or even good practice, to separate the questions and answers of
a form.
Barclay
============================================
Barclay Blair -- Industry Relations
UWI.Com -- The InternetForms Company
v: 250-479-8334 x161 fx: 250-479-3772
barclay@uwi.com www.uwi.com
============================================
-----Original Message-----
From: owner-xml-dev@ic.ac.uk [mailto:owner-xml-dev@ic.ac.uk]On Behalf Of
Gavin McKenzie
Sent: Monday, July 05, 1999 1:31 PM
To: 'Tim Bray'; 'David Megginson'; 'xml-dev@ic.ac.uk'
Subject: RE: XML for forms
When I said, "It requires that..." I was not speaking of XFDL, which I
cannot speak for. Rather, I was generally stating that "Non-repudiation
(often) requires that the context and presentation be signed...".
People (customers) have a wide range of requirements that are not best
served by a single simple solution. Persisting presentation and data
together isn't required or necessary.
xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN
981-02-3594-1
To (un)subscribe, mailto:majordomo@ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo@ic.ac.uk the following
message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa@ic.ac.uk)
xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo@ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo@ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa@ic.ac.uk)
|