XML for forms

Gavin McKenzie gmckenzi at JetForm.com
Mon Jul 5 22:01:59 BST 1999


Tim Bray writes:
> Emulating paper isn't the issue; making the transaction admissable
> as evidence is.  

Determining admissible evidence is clearly outside the scope of
responsibility of an e-forms vendor. :-)

> That is why XFDL for example insists on including
> in the form document all the presentational information and so on - 
> the claim is that you have to digitally sign not only the answers to
> the questions but the questions and how they were presented to the 
> user, in order to achieve the goal of non-repudiation.  (Mind you,
> this should be done using CSS or flow objects rather than with
> custom tags as XFDL did).

Sign yes. Include no.  It requires that content (data) and the context
(presentation) be signed, but fusing the data content and the presentation
together isn't necessary; and it is very costly on a number of levels.  

Simply including a fingerprint of the presentation as part of the data
signing is sufficient.  Nothing more is achieved by choosing to store or
incorporate the presentation with the data or vice-versa.

> 
> As a legal illiterate, I'm not sure what the real state of play is
> here - but I still think that a list of context-free name/value
> pairs is a pretty shaky basis for a legally binding transaction. -T.

True.  Hence why incorporating the presentation as a participant in the
signature is so important.  

But also recognize that not all forms require such a heavy hand of security.
Many forms are used in (closed) environments with a higher level of trust.
Other forms are simply 'worksheets' that facilitate the data entry of data
which is completely self-describing and can be signed on its own.  

Some processes do not need to sacrifice the particular aspect of flexibility
that is lost when signing data in concert with presentation -- the
flexibility lost is that the data won't verify in another
presentation...this of course is the primary feature of including the
presentation in the signature, but in some usage contexts this feature is
undesirable.

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo at ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo at ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa at ic.ac.uk)





More information about the Xml-dev mailing list