W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2013

Re: Use case: Document signing (using legally binding signatures)

From: Mountie Lee <mountie@paygate.net>
Date: Thu, 25 Apr 2013 14:38:41 -0700
Message-ID: <CAE-+aYLo+bsi4KxKJV=iNZ+EVgG881FCJ_cvZW4E2w8Dw5h4Sg@mail.gmail.com>
To: Nick Van den Bleeken <Nick.Van.den.Bleeken@inventivegroup.com>
Cc: "arun@mozilla.com" <arun@mozilla.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Hi.
the use case of EU is very similar to Korean banking use case.

users have their key and certificate (the certificate is issued by trusted
CA).
store the key to secure location (like smartcard or secure USB dongle...)
sign the document with user's decision.

it reflect same behavior of real world.

the key is under user's control.

already I mentioned the Gap that "who own the key?"

we need agreement for this gap.

regards
mountie.


On Wed, Apr 24, 2013 at 9:42 AM, Nick Van den Bleeken <
Nick.Van.den.Bleeken@inventivegroup.com> wrote:

>  A company wants to provide a web interface to sign a contract using a
> digital signature which is legally binding in the European Union (which is
> admissible as court evidence).
>
>  This will require the use of an 'advanced electronic signature' as
> defined in directive 1999/93/EC of the European Parliament and of the
> Council. The key should be associated with a qualified certificate (issued
> by a certified certificate authority), issued using the most stringent
> processes and using the most secure type of keys (and therefore embedded in
> an hardware device like a smart card or an USB dongle).
>
>  The requirement for secure hardware prompted several European countries
> to issue electronic identity cards to their citizens. Currently Austria,
> Belgium, Estonia, Finland, Germany, Italy, Portugal, Spain and Sweden issue
> electronic identity cards and more countries are planning on issuing them.
>
>  These cards, many of them issued mandatory, create a large group of
> users with access to secure hardware and a certificate ready to create
> legally binding electronic signatures. Governments have begun using these
> cards in web applications for the retrieval of official documents like
> birth certificates (after authentication) or submitting online tax forms
> (requiring a signature). Many more use cases for government and corporate
> applications can be thought of, but in this paper we will be focussing on
> signing documents.
>
>  Requirements:
> * Use the private key to perform basic cryptographic operations
> * Export the certificate, including its certificate chain (the website has
> to validate that the public key was issued by a certified certificate
> authority)
> * Specify the list certified certificate authorities when querying for a
> certificate
>
>  Kind regards,
>
> Nick Van den Bleeken
> R&D Manager
>
> Phone: +32 3 425 41 02
> Office fax: +32 3 821 01 71
> nick.van.den.bleeken@inventivegroup.com
> www.inventivedesigners.com
>
>
>
>
> ------------------------------
>
> Inventive Designers' Email Disclaimer:
> http://www.inventivedesigners.com/email-disclaimer
>



-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World


image002.png
(image/png attachment: image002.png)

image003.png
(image/png attachment: image003.png)

image001.png
(image/png attachment: image001.png)

Received on Thursday, 25 April 2013 21:39:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:16 UTC