|
Developer
Downloads
Tutorial
Licensing
Mac
OS X
Success Stories
|
|
Efficient digital XML
e-signature,
how can functionally sign
itself over an
insecure network like the Internet.
|
While this Efficient digital XML
e-signature effort does not require an established PKI to function,
it may require the use of trusted XML servers for authentication.
Consequently, each enterprise will have to evaluate the potential
security risk of outsourcing this increasingly critical business
function. There's a W3C candidate out for
XML
signatures that looks fairly close to being the final one, though it
is still a work in progress and has not as of this writing officially
advanced to the Draft Standard stage. It's also been known to the
Internet Engineering Task Force (IETF) as RFC 3075. Judging by the
author list for this candidate which includes folks from the W3, MIT,
and Microsoft it's clear that the Internet industry is taking this
Efficient digital XML e-signature subject seriously.
Efficient digital
XML e-signature overview.
|
Efficient digital XML e-signature
have been designed with the multiple goals of providing "integrity,
message
authentication, and/or signer authentication services for data of
any type, whether located within the XML that includes the signature or
elsewhere." These are fairly ambitious goals to be sure, and
fairly extensive if considered in context. These signatures and their
associated processes have as an ultimate goal providing the default
basic server based security services for the Web through the use of
Efficient digital XML e-signature.
However, the authors do have some sense of proportion about their work.
The candidate contains this passage: "The
XML
Signature, does not normatively specify how keys are associated with
persons or institutions, nor the meaning of the data being referenced
and signed. Consequently, while this specification is an important
component of secure
XML applications,
it is, by itself, not sufficient to address all application
security/trust concerns, particularly with respect to using signed XML
as a basis of human-to-human communication and agreement. Such an
application must specify additional key, algorithm, processing and
rendering requirements." In short, the authors are cautioning against
considering this work as a technical panacea; that it must be used
within other security measures. This is wise, but begs the question of
what's behind the Efficient digital XML e-signature curtain.
|
|
