W3C home > Mailing lists > Public > public-p3p-spec@w3.org > May 2003

Rationale for XML Digital Signature

From: Giles Hogben <giles.hogben@jrc.it>
Date: Tue, 6 May 2003 18:11:29 +0200
To: "Public-P3p-Spec" <public-p3p-spec@w3.org>
Message-ID: <GAEKIJGJBJOBBJEFAHMLIEHBCJAA.giles.hogben@jrc.it>

Here's a short justification for XML Dig Sigs. Any comments?

Rationale for XML Digital Signature.

It offers a "visible" sign of commitment to the privacy policy. Transparency
is all very well but many people see P3P policies as empty statements which
are simply posted "to make Internet Explorer work". A digitally signed seal
of approval offers users a more watertight legal route in the case of
dispute and perhaps more importantly, gives companies an opportunity to "put
their money where their mouth is" and thereby to differentiate themselves
from other organisations.

The impact of including this possibility in the specification would not be
too great. The only necessary elements would be a simple url type attribute
in a policy and a specification for policies which we almost have already.
It could therefore be included to see what uptake there might be.

In a sense this has been done already, but I think that people cannot be
able to take up this suggestion without it being made a bit clearer with
examples or a perhaps a java toolkit/web service for XML signing a policy
and prf.

Received on Tuesday, 6 May 2003 12:08:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:02:17 UTC