W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: what does a signature mean ? (standard vocabulary)

From: Richard D. Brown <rdbrown@GlobeSet.com>
Date: Mon, 19 Apr 1999 17:32:39 -0500
To: "'Alan Kotok'" <kotok@w3.org>, "'Martin Lee'" <m.lee@andtech.co.uk>
Cc: "'XML-sig group'" <w3c-xml-sig-ws@w3.org>
Message-ID: <002701be8ab4$88b4cfd0$0bc0010a@artemis.globeset.com>
Alan, Martin,

I do not think that the XML DSIG proposal shall mandate a RDF statement in
the signature block. Though RDF could provide a formal approach to this
problem, there are many frameworks that may suffice without being explicit.

An application usually comprises processes and rules, which are disclosed to
and agreed upon by the participants. As long as the meaning of signing a
given document is well-defined and properly documented, and all the parties
have made clear their intent to be bound to the rules and aware of potential
liability, there is no need to further specify the meaning of the signature
in the signature block. Sometimes, an application may want to distinguish
between several signatures (i.e. E-Check) but it can do so without making
use of an RDF statement.

I do not think that being implicit or explicit in the signature block will
make a difference from a signature validity standpoint. Adequate
documentation and fair reglementations are fare more important. Being
explicit or implicit will not changed signer's liability if the process is
ruled deceptive. Being explicit or implicit will not changed signature
validity if you cannot prove the intent of the signer because there is no
adequate documentation regarding the process. Being explicit and formal only
helps external agents (agents extern to a given process) "interpret" the
meaning of a signature. This does not change anything from a given process
standpoint.

Sincerely,

Richard D. Brown
Software Architect, R&D
GlobeSet, Inc. Austin, TX - U.S.


> -----Original Message-----
> From: w3c-xml-sig-ws-request@w3.org
> [mailto:w3c-xml-sig-ws-request@w3.org]On Behalf Of Alan Kotok
> Sent: Monday, April 19, 1999 1:58 PM
> To: Martin Lee
> Cc: 'XML-sig group'
> Subject: Re: what does a signature mean ? (standard vocabulary)
>
>
> Martin,
>
> I am personally convinced of the need for adding explicit semantics to
> signatures.  I am less convinced of the wisdom of trying to define a
> standardized vocabulary of these meanings.  I rather favor the more
> generalized approach of including an "assertion" block in the
> signature
> block, coded in RDF.  It would then be possible for various
> interest groups
> to define their own sets of values with explanations in
> whatever legalese
> they want.
>
> Your list below is interesting and helful, but I can think of a dozen
> others I could add.  And I'm not a big fan of "central
> registries" where we
> get to argue what is on the list and what is not.
>
> Alan
>
> At 11:46 AM 4/19/99 , Martin Lee wrote:
> >I missed the subtlety, others will misunderstand too unless its made
> >clear in the specification.
> >
> >Singing a document, or part of a document means different things to
> >different people, from I've seen it, to I believe this to be
> true, to I
> legally
> >commit myself to this transaction.
> >
> >I propose that a set of standard vocabulary be suggested, to
> be included
> >as an attribute to the digital signature.
> >
> >The default being (jn the absence of any other assertion):
> >The keyholder has 'touched' or 'received' the signed data.
> >
> >Then in ascending order of commitment:
> >The keyholder has read the signed data.
> >The keyholder has read and agrees with the signed data.
> >The keyholder believes the signed data to be correct.
> >The keyholder believes the signed data to be correct and to
> be legally bound
> >by it.
> >
> >The first three should cover creating audit trails of who
> has received/seen
> >a document.
> >The forth expresses what I wish to say in signing metadata
> describing
> >documents.
> >The fifth I hope to come close to what the e-commerce people
> need to assert
> >in thier
> >documents.
> >
> >What do people think?
> >
> >Martin
> >
> >Martin Lee
> >AND Data Ltd.
> >Oxford
> >UK
>
>
> ______________________________________________________________
> _____________
> Alan Kotok, Associate Chairman
mailto:kotok@w3.org
World Wide Web Consortium                                 http://www.w3.org
MIT Laboratory for Computer Science,  545 Technology Square,  Room NE43-409
Cambridge, MA 02139, USA     Voice: +1-617-258-5728    Fax: +1-617-258-5999
Received on Monday, 19 April 1999 18:33:36 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:03 EDT