Lists Home |
Date Index |
> "Since InfoPath signs the data only, it is extremely easy to add
> things to the user interface after the user has signed, like fine print
> obligating the user to terms and conditions to which the signer did not
> originally agree "
Would you sign an online loan agreement where the fine print -- such as
the late payment fee -- wasn't part of the digital signature?
In the absence of other legal agreement, it would appear that you can only
use Infopath signatures to get content integrity. Whether or not you see
this as a big issue depends on whether or not you think pure online plays
will not have an "other legal agreement" in place.
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html