Re: what does a signature mean ? (standard vocabulary) from John Boyer on 1999-04-19 (w3c-xml-sig-ws@w3.org from April 1999)

From: John Boyer <jboyer@uwi.com>
Date: Mon, 19 Apr 1999 13:46:43 -0700
To: "Dsig group" <w3c-xml-sig-ws@w3.org>
Message-ID: <012401be8aa5$bc0c4430$9ccbf4cc@kuratowski.uwi.bc.ca>

As legal evidence of the signer's understandings and intentions, the value
of the RDF assertions will be called into question because you cannot even
prove that the user saw the RDF assertions.  A person cannot be legally
bound to a signature on information when it cannot be proven that they even
saw it.

Therefore, putting RDF into the signature is no different from having a need
to put any other application-specific data into the signature.  Whether it
is RDF or, say, a stylesheet, the bottom line is that we are storing
additional information in a signature.  Did the signer actually understand
the agreement or can he/she make a reasonable claim that a misunderstanding
is possible?  This is more a problem for the courts.  If the RDF is better
at communicating the understandings of an agreement for legal purposes, then
what that's really saying is that the original agreement is not worded very
well and should be rewritten to more effectively communicate the nature of
the agreement.

Now, this is not to say that RDF assertions in signatures are without value.
The above simply states that they are not more valuable than any other
method for legal non-repudiation.  As I see it, the real value of RDF
assertions comes from the ability to provide machine readable semantics,
which was the original reason RDF was created.  RDF is the 'XML' way of
encoding meaning.  RDF can't prove whether a user intended a certain
meaning, but we leave that issue to other mechanisms.

Provided that the RDF correctly carries meaning, we have a machine readable
way of trying to get at that meaning.  As such, it should be easy to see
that Martin Lee's suggestion of a standard vocabulary is required.  Further,
a standard vocabulary for each domain is required.  But in the end, it's not
a problem that has to be addressed by the signed XML group.  It is more a
problem for those who would apply signatures within their domain.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
jboyer@uwi.com

Received on Monday, 19 April 1999 16:42:11 UTC