Non-repudiation and the document-centric modelAdded by IBM on October 10, 2012 | Version 1 (Original)
A digital signature attached to a file accurately identifies the individual who used it, based on the digital certificate provider's security and the security of the user's hardware. However, to provide full non-repudiation and auditability, a business transaction not only needs to be signed by someone whose identity is verifiable, it also needs to be representative of the context in which it was signed.
With paper-based forms and documents, this is easily accomplished. Everything that appears on the signed document is considered part of the transaction. Electronic forms and documents, however, present a more complex problem in that the exact appearance and functionality of the document must be signed as well as the user's input, or the transaction is meaningless. Legal standards for font size and color must also be observed both when the document is signed and when it is subsequently examined.
Digital signature technology alone can provide the first part of the solution, but not the second. According to the Performance Guidelines for the Legal Acceptance of Records Produced by Information Technology Systems, as published by the Association for Information and Image Managements' (U.S.), the only way in which an electronic document can be considered to provide non-repudiation and auditability is if it contains the following elements, clearly recognizable, in one file:
XFDL can be used to create forms that meet the above criteria by presenting a business transaction as a single entity, which is updated as the user fills it in. Item values are stored in XForms instance data, which appears in the same file that contains the user interface and presentation layer markup.
When a user digitally signs a form, the XFDL markup for the presentation layer as well as the underlying XForms instance data is signed. Subsequently, when the form is opened in an XFDL viewing or processing application, the current XFDL markup and XForms instance data are compared to those that were used to create the digital signature. If any discrepancies exist, the signature is flagged as invalid, and the form no longer provides non-repudiation or auditability.
Secondary documents can also be placed into an XFDL form as attachments, thus enabling the user to sign both the attachments and the form itself.
This method of representing and collecting information in forms and digitally signing and encrypting them ensures that the identity of the signer can be confirmed and that the signer can be proven to have signed the full content and context of the form.
- Individual letters, numbers and symbols
- Combinations of letters, numbers and symbols forming words or sentences
- Graphics, such as signatures, logos, pictures, and so on.
- Other features of records such as color, shape, texture, and so on, that relate to the content of the information