- From: David Landwehr <david.landwehr@picoforms.com>
- Date: Wed, 20 Jun 2007 10:36:05 +0200
- To: duryodhan <duryodhan125@gmail.com>, www-forms@w3.org
Hi, I did not reply to the list because you did not in your reply to me ;-) I'm sorry if I'm starting to iterate or write about something you already is aware of or other did write to you about, however here it comes: It is clear what is to be signed has to be displayed to the user to make sure he knows what he is signing. Depending on legal stuff in the country and what the application needs there might be strict requirements to the signature and the content. E.g. some countries requires that the signature is composed of the bitmap for what is signed, this is e.g. what adobe reader is doing and I would guess Dr. Boyer's implementation as well. Only by having the bitmap you will be certain what was presented to the user (corner cases could here be that the TFT screen had a bunch of fallouts and therefore the user did not see some part of the screen, but legaly that would not hold). When signing xhtml+xforms you will soon discover that presenting this to the user to be sure what he is signing is difficult, e.g. CSS styling might hide fields depending on states and so (or styling could obscure some part of the screen e.g. with overflow or fixed boxes). Also with firefox you might have a shadow DOM and other pieces of information wich is in or not in the DOM. So considering this it seems to be quite problematic to solve the signing problem in an elegant way in XForms simply because signing is actual about presentation and not so much about the data being signed. A note here is that it is not enough simply to sign the bitmap without signing the data along with it, as the system also have to be sure what the user signed (e.g. if the user can sign a bitmap and not the data he might be able to signed a bitmap and submit it to the server with some other kind of data which the server cannot likely validate since it will not be able to read the bitmap, but I guess I would not have needed to explain this)... Now I was writing this I came up with an idea for what would be a good solution in Firefox. Firefox implements the canvas element which is actually able to catch part of the screen as bitmap and display it to the user. It is also able to convert the bitmap to base64. So you could implement the bitmap approach in Firefox... Let me know if you want to explore this option and I will eloborate. Best regards, David duryodhan skrev: > Hey, > > Oops! Sorry about that! > > I was talking not about the XForms recommendation but the stuff > reported in > http://2006.xmlconference.org/programme/presentations/100.html > and also the > http://www.xsmiles.org/presentations/conference/signed_forms_pres_icwe2005.pdf > > > As authors of both are reputed members of the forms WG , I thought it > was part of the recommendation. On checking , it seems I am wrong. I > am sorry for my oversight. But anyways, you have inlcuded the first > link in the main page of your WG page, I was hoping that you all had > already come up with an example of what to sign and what not to > sign.... > > Is anyone clear as to what needs to be signed and an example of it for > XForms with XHTML doc? > >> I'm puzzled about you writing "Aren't the concerns you are raising valid >> over there too? " > > I was talking of "over there" as in the WG recommendations / the > presentations , not the geographical "over there". :D > > Why did you not reply to the list? Should I send this to the list or > not ( I haven't as of now)? > > Regards, > duryodhan -- David Landwehr Senior Product Architect PicoForms web: http://www.picoforms.com e-mail: david.landwehr@picoforms.com phone: +45 24 27 55 18
Received on Wednesday, 20 June 2007 08:36:52 UTC