W3C home > Mailing lists > Public > www-forms@w3.org > October 2003

Re: How secure is XForms?

From: <AndrewWatt2001@aol.com>
Date: Fri, 10 Oct 2003 13:59:54 EDT
Message-ID: <16a.24d83482.2cb84d9a@aol.com>
To: JBoyer@PureEdge.com
Cc: jmessing@law-on-line.com, www-forms@w3.org, XForms@yahoogroups.com
In a message dated 10/10/2003 17:59:48 GMT Daylight Time, JBoyer@PureEdge.com 

> Hi John and Andrew,
> <snip/>
> As to Andrew's point about Microsoft InfoPath, you may with 
> significant effort be able to create a basic signature for a 
> form that meets the requirements described in our WWW8 paper
> from 1999, but this is 2003 and you will need XFDL to handle 
> many of signing scenarios that arise in practice and that are 
> of greater interest to the security communities at RSA and the ACM.


I would like to follow up on some other points you made but don't have time 
to do that at the moment. Hopefully I will over the weekend.

Can I attempt to distill your final paragraph into a take home message?

Is it accurate to conclude that InfoPath currently implements some of your 
1999 suggestions and that XForms implements none of them? 

Is that an accurate statement of the position today?

I appreciate that you have hopes of better things for the future but that is 
one of the issues I would like to explore further later.

Secondly, can you state which non-basic signing scenarios you have tested in 
InfoPath 2003 which work and which signing scenarios you have tested in 
InfoPath 2003 which don't work? Alternatively, were your comments about creating a 
"basic signature" in InfoPath ... and the hints of difficulty and/or inadequacy 
... more by way of a general comment than specific testing? Can you clarify 
what you mean in that context by a "basic signature"?

I am trying to lead you to firm up comments which are capable of more than 
one interpretation.


Andrew Watt
Received on Friday, 10 October 2003 14:03:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:36:09 UTC