OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   InfoPath Digital Signature controversy?

[ Lists Home | Date Index | Thread Index ]

I came across this article in Robin Cover's xml.org newswire ...   
http://www.vnunet.com/News/1145784   with the somewhat inflamatory  
subtitle "World Wide Web Consortium says InfoPath signatures cannot be  
trusted."  A little searching identified what looks like the primary  
0010.html  (hardly an official pronouncement of the W3C!)  The gist  
seems to be:

     "Since InfoPath signs the data only, it is extremely easy to add  
things to the user interface after the user has signed, like fine print  
obligating the user to terms and conditions to which the signer did not  
originally agree "

The article implies that XForms is somehow more secure or friendly to  
DSig than InfoPath, but the posting and followups make clear that  
XForms has no DSig story.

Thoughts, or context on all this, anyone?   Nobody in authority at W3C  
has jumped into this have they?  This was cross-posted all over the  
place and I didn't follow the other threads ... anything interesting  
come out in them?


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS