MADSig: Enhancing Digital Signature to Capture Secure Document Processing Requirements
Businesses, government agencies, and educational institutions all share information electronically. While digital signature based on public key infrastructure is commonly accepted as the natural answer to secure data exchange, the actual digital signature formats largely fail to capture regulation and business level semantic. Indeed, electronic documents (business contracts, law texts, European directives, European arrest warrants...) can no longer be simply seen as their paper counterparts: the trust and the accuracy of the information carried by electronic documents are transitory; and they utterly depend on the instant and the perspective of the document consumer. For example, a contract signed by only one part may give a competitive negotiation advantage to the potential matching part. For that reason, we propose a technical solution which is aiming to mitigate the risks of discrepancy. Our solution is based on the paradigm of Business Process Modeling extended to provide security annotations and functionalities. Documents are perceived as business processes’ artefacts and embed a subset of the process with associated security annotations. These descriptions combined with basic digital signature primitive and certified data make possible to verify the compliance of collaborative processes that may eventually span across borders. A practical example, the European Arrest Warrant is described to show the model’s expressiveness to capture complex legal constraints.
KeywordsBusiness Process European Directive Business Process Modelling Electronic Document European Arrest Warrant
Unable to display preview. Download preview PDF.
- Business Rules and Web Architecture: W3C Creates Rule Interchange Format WG http://xml.coverpages.org/ni2005-11-09-a.html
- Bussard, Laurent;Bagga, Walid Distance-bounding proof of knowledge to avoid realtime attacks IFIP/SEC2005, 20th IFIP International Information Security Conference, May 30-June 1, 2005, Makuhari-Messe, Chiba, JapanGoogle Scholar
- CLiX-“Constraint Language in XML” http://www.clixml.org/
- eJustice “Towards a global security and visibility framework for Justice in Europe (1ST 001567).” http://www.ejustice.eu.com]
- Electronic Signatures and Infrastructures (ESI); Policy requirements for time-stamping authorities, ETSI TS 102 023 V1.2.1 (2003-01).Google Scholar
- European Directive 1999/931EC, on a Community framework for electronic signatures, December 13, 1999.Google Scholar
- R4eGov “Towards e-Administration in the large” (IST-2004-026650) http://www.r4egov.info/
- S. Crosta, J.-C. Pazzaglia, and H. Schottle, “Modelling and Securing European Justice Workflows,” presented at ISSE, 2005.Google Scholar
- Team-and-role-based organizational context and access control for cooperative hypermedia environments, Weigang Wang, Proceedings of the tenth ACM Conference on Hypertext and hypermedia, 1999.Google Scholar
- W. Martin Team, “Analytics meets ESA, Enriching Business Processes by Analytics,” 2005.Google Scholar