 |  |  |
 |
Project Description: The Meaning of SignaturesSignatures in daily life have a variety of meanings -- signing for a FedEx delivery is far less formal than signing for a mortgage contract. We need to make similar distinctions for digital signatures. The meaning of digital signatures is not given the attention it needs. When we validate a signature (on an email, say) we only look at technical issues: can the signer be traced back to a trusted party, and does the signature belong to the document? Nobody checks to see if the signer has his fingers crossed while signing. Every signing technology (PGP, X.509 PKI and XML Signing) can incorporate a so-called signing policy to express the intention with which the signature was made. We have all know legal documents as complex ways of saying fingers crossed and these would definately not be suitable signing policies. An important problem with current signing policies, inasfar as they are used, is that they are English texts that cannot be processed automatically. Moreover, they are included as a URL under the control of the signing party. This makes policies highly unpractical and very uncertain. Luckily an alternative is possible, namely a internet-agreed URN schema instead of a URL. ExampleAn example URN notation of a signing policy could be: urn:signpolicy:read_and_understood+legal_agreement This example URN expresses two properties, read_and_understood to indicate having read and understood the statement, and legal_agreement to state that this signature is acccepted as legally binding by the signing party. These are just examples, but it will be clear how more properties could be added at will. A receiving party can select a minimum set of porperties that must be fulfilled before a signature can be accepted. This form of URN can be used in all three signing technologies but the name signpolicy must be centrally coordinated before the whole world can accept it. In addition, the properties must be formed through consensus. A good procedure for that is the procedure of forming Internet Standards. Forming such consensus is a time-consuming process, but it is the best way to come to global agreement on the meaning of digital signatures. GoalOnce accepted as an Internet Standard, this approach would be suitable for the automated acceptance of documents and, if the documents allow it, automated processing. It would avoid the fingers crossed approach and replace it with widely accepted signing policies, which are even modular in their setup. Applications
InitiatorOpenFortress Digital signatures StatusRaising funds. Investors
More investors are needed. Please let us know if you are interested in this project. Or just edit this page and add your donation. Forward this page URL to anyone who may be interested. ProcessThis process will define two documents which are targeted at becoming Internet Standards.
The first document will be kept open, so that additional Internet Standards can add new signing policy properties. The first document will be authored by OpenFortress, the second will be structured by OpenFortress with properties described by others. All documents will be written in such a way that a lively, open discussion is possible to which any interested party may participate, regardless of whether they are commercially, personally or idealistically interested. This is common for the process of forming an Internet Standard. UpdatesJuly 27, 2005: We have created an email address to contact us about this project: signpolicy@openfortress.nl Posted on Sat, 02 Apr 2005, 00:03. |
spin-off |  |