W3C home > Mailing lists > Public > www-forms@w3.org > February 2004

Forms security basic

From: Douglas Rechia <rechia@inf.ufsc.br>
Date: Thu, 26 Feb 2004 11:04:45 -0300
To: www-forms@w3.org
Message-Id: <200402261104.45640.rechia@inf.ufsc.br>

Hello everybody,

I'm very interested in forms security. I'm looking for messages in this 
mailing list regarding this topic. 

I've found some considerations in the message "RE: How secure is XForms?" 
(mail sent by John Boyer on 10 Oct 2003, available at 
http://lists.w3.org/Archives/Public/www-forms/2003Oct/0037.html). Also, on 16 
Oct 2003, John Boyer and John Messing made considerations about XForms 
signatures, XFDL, Microsoft InfoPath security, and so on (available at 

I started to study this topic short time ago. Some questions arise, and I 
would like to get the answers for the following:

1. Why the last W3C note regarding XFDL dated September, 1998? Isn't there a 
newer note/recomendation about that? XForms is often being discussed and 

2. Does anybody know any XFDL implementation, experience, test, etc? On the 
second mail cited above, John Boyer said: "We want to position XFDL as a 
secure host language for XForms because we think it will be much harder to 
write securable XHTML". Is this already tested/implemented?

3. Why were XForms designed without supporting signatures (signing 
presentation and instance data)? Wasn't this an important issue when first 
version/draft of XForms was created?

4. And what about privacy? Can I achieve privacy on XForms and XFDL only by 
using SSL or similar? Isn't there any support to cipher forms data?

Thanks in advance.

Best Regards,

Received on Thursday, 26 February 2004 09:09:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:36:11 UTC