Re: How secure is XForms?

In my point of view, the most important 'issue of security' using XForms 
technology in real transactions, is (apart of the origin and integrity 
of the relative browser plug-in) "how secure is the instance data" that 
is collected and transmitted by the ‘XForm User Interface’ and ‘XForm 
Submit Protocol’ units respectively!

Having in mind that XForms could be a nice instrument to serve quotidian 
legal transactions (i.e. filling predefined application/order web forms 
with needed data, or filling a 'tax declaration' in a web based 
'official document’,-and in many other e-government applications, etc), 
the next step for your nice work, IMO, it should be the liaison with the 
XML-Signature (XadES) WG, with the goal to provide a standard method on 
how the provided ‘XML instance data’ can be digitally signed (providing 
data authenticity, integrity, and/or non repudiation) by its author. 
(-Have you seen the new Adobe Acrobat 6.0 digital signing features 
combined with Adobe Forms?)

I have already mentioned this issue in this mailing list (about 1 year 
ago!) and the answer was that it maybe would make part of a future 
development of XForms.
(-Andrew, do you feel that this time has come?)  :-)

Christos Sioulis
(Athens Lawyer)

>-----Original Message-----
>From: AndrewWatt2001@aol.com [mailto:AndrewWatt2001@aol.com]
>Sent: 09 October 2003 18:15
>To: www-forms@w3.org; XForms@yahoogroups.com
>Subject: How secure is XForms?
>
>
>I would like to pose a question that I first asked many months ago, "How
>secure is XForms?" I didn't find the answers given at the time totally
>compelling.
>
>Particularly for potential business users of XForms it seems to me a
>fundamental question.
>
>What is the best, most complete answer that the XForms WG or XForms tool
>vendors care to put forward to provide reassurance on this point?
>
>Andrew Watt
>http://www.tfosorciM.org/blog - "Reflecting on Microsoft" 
>
>
>
>  
>

Received on Thursday, 9 October 2003 17:33:07 UTC