OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] InfoPath Digital Signature controversy?

[ Lists Home | Date Index | Thread Index ]
  • To: "Michael Champion" <mc@xegesis.org>,<xml-dev@lists.xml.org>
  • Subject: RE: [xml-dev] InfoPath Digital Signature controversy?
  • From: "Mark Seaborne" <MSeaborne@origoservices.com>
  • Date: Wed, 29 Oct 2003 08:21:10 -0000
  • Thread-index: AcOdzFeOBKpYQrLnRkeS0ZU28FWcKgAJi5cg
  • Thread-topic: [xml-dev] InfoPath Digital Signature controversy?

The context is an ongoing discussion of some of the problems of electronic forms signing and security. I think that John Boyer has actually been pretty even handed in criticising both XForms and InfoPath for their inadequacies, as well as giving a very readable account of just how complex an area this is. John's remarks about InfoPath were prompted by the suggestion that InfoPath is vastly superior to XForms because it already supports DSig. John was merely pointing out the limitations of that support, whilst certainly not denying that it is still more than is offered by XForms. 

I suppose the news story was prompted by the fact that both InfoPath and XForms are reasonably newsworthy at the moment, John's example is rather colourful, and there was scope for dressing the whole thing up as high drama and conflict between two well known and much loved organisations.

All the best


The information in this email is sent in confidence for the addressee only and may be legally privileged.  Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately of the error in transmission.  If you are not the intended recipient, any disclosure, copying, distribution or any action taken in reliance on its content is prohibited and may be unlawful.

Origo Services Ltd accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or the contents. 

> -----Original Message-----
> From: Michael Champion [mailto:mc@xegesis.org]
> Sent: 29 October 2003 03:23
> To: xml-dev@lists.xml.org
> Subject: [xml-dev] InfoPath Digital Signature controversy?
> I came across this article in Robin Cover's xml.org newswire ...   
> http://www.vnunet.com/News/1145784   with the somewhat inflamatory  
> subtitle "World Wide Web Consortium says InfoPath signatures 
> cannot be  
> trusted."  A little searching identified what looks like the primary  
> source:  
> http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003OctDec/ 
> 0010.html  (hardly an official pronouncement of the W3C!)  The gist  
> seems to be:
>      "Since InfoPath signs the data only, it is extremely 
> easy to add  
> things to the user interface after the user has signed, like 
> fine print  
> obligating the user to terms and conditions to which the 
> signer did not  
> originally agree "
> The article implies that XForms is somehow more secure or 
> friendly to  
> DSig than InfoPath, but the posting and followups make clear that  
> XForms has no DSig story.
> Thoughts, or context on all this, anyone?   Nobody in 
> authority at W3C  
> has jumped into this have they?  This was cross-posted all over the  
> place and I didn't follow the other threads ... anything interesting  
> come out in them?
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> The list archives are at http://lists.xml.org/archives/xml-dev/
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS