- From: Richard D. Brown <rdbrown@GlobeSet.com>
- Date: Mon, 19 Apr 1999 17:32:39 -0500
- To: "'Alan Kotok'" <kotok@w3.org>, "'Martin Lee'" <m.lee@andtech.co.uk>
- Cc: "'XML-sig group'" <w3c-xml-sig-ws@w3.org>
Alan, Martin, I do not think that the XML DSIG proposal shall mandate a RDF statement in the signature block. Though RDF could provide a formal approach to this problem, there are many frameworks that may suffice without being explicit. An application usually comprises processes and rules, which are disclosed to and agreed upon by the participants. As long as the meaning of signing a given document is well-defined and properly documented, and all the parties have made clear their intent to be bound to the rules and aware of potential liability, there is no need to further specify the meaning of the signature in the signature block. Sometimes, an application may want to distinguish between several signatures (i.e. E-Check) but it can do so without making use of an RDF statement. I do not think that being implicit or explicit in the signature block will make a difference from a signature validity standpoint. Adequate documentation and fair reglementations are fare more important. Being explicit or implicit will not changed signer's liability if the process is ruled deceptive. Being explicit or implicit will not changed signature validity if you cannot prove the intent of the signer because there is no adequate documentation regarding the process. Being explicit and formal only helps external agents (agents extern to a given process) "interpret" the meaning of a signature. This does not change anything from a given process standpoint. Sincerely, Richard D. Brown Software Architect, R&D GlobeSet, Inc. Austin, TX - U.S. > -----Original Message----- > From: w3c-xml-sig-ws-request@w3.org > [mailto:w3c-xml-sig-ws-request@w3.org]On Behalf Of Alan Kotok > Sent: Monday, April 19, 1999 1:58 PM > To: Martin Lee > Cc: 'XML-sig group' > Subject: Re: what does a signature mean ? (standard vocabulary) > > > Martin, > > I am personally convinced of the need for adding explicit semantics to > signatures. I am less convinced of the wisdom of trying to define a > standardized vocabulary of these meanings. I rather favor the more > generalized approach of including an "assertion" block in the > signature > block, coded in RDF. It would then be possible for various > interest groups > to define their own sets of values with explanations in > whatever legalese > they want. > > Your list below is interesting and helful, but I can think of a dozen > others I could add. And I'm not a big fan of "central > registries" where we > get to argue what is on the list and what is not. > > Alan > > At 11:46 AM 4/19/99 , Martin Lee wrote: > >I missed the subtlety, others will misunderstand too unless its made > >clear in the specification. > > > >Singing a document, or part of a document means different things to > >different people, from I've seen it, to I believe this to be > true, to I > legally > >commit myself to this transaction. > > > >I propose that a set of standard vocabulary be suggested, to > be included > >as an attribute to the digital signature. > > > >The default being (jn the absence of any other assertion): > >The keyholder has 'touched' or 'received' the signed data. > > > >Then in ascending order of commitment: > >The keyholder has read the signed data. > >The keyholder has read and agrees with the signed data. > >The keyholder believes the signed data to be correct. > >The keyholder believes the signed data to be correct and to > be legally bound > >by it. > > > >The first three should cover creating audit trails of who > has received/seen > >a document. > >The forth expresses what I wish to say in signing metadata > describing > >documents. > >The fifth I hope to come close to what the e-commerce people > need to assert > >in thier > >documents. > > > >What do people think? > > > >Martin > > > >Martin Lee > >AND Data Ltd. > >Oxford > >UK > > > ______________________________________________________________ > _____________ > Alan Kotok, Associate Chairman mailto:kotok@w3.org World Wide Web Consortium http://www.w3.org MIT Laboratory for Computer Science, 545 Technology Square, Room NE43-409 Cambridge, MA 02139, USA Voice: +1-617-258-5728 Fax: +1-617-258-5999
Received on Monday, 19 April 1999 18:33:36 UTC