Bulletproof business process automation: securing XML forms with document subset signatures

Quantified Score

Visualization

Abstract

The standard unit of work in the business process is the electronic form, which includes complex user interface designs, data gathering and validation, wizard-like behaviors and spreadsheet computations. This paper reports state-of-the-art digital signature methods used to help provide security, non-repudiation and auditability within complex electronic forms applications. Both for financial reasons and for compliance with government regulations such as the Government Paper Elimination Act (GPEA), an ever-increasing number of intricate electronic forms applications are being created. Yet, there are aspects of paper-based systems that can only be modelled if digital signatures are able to omit carefully specified portions of a document so that certain restricted changes can be made after a signature is affixed. These scenarios occur frequently with electronic forms that are multiply signed and possibly involved in a non-trivial workflow process.Due to the importance of securing electronic forms and the complexities that can arise in signing them, the W3C XForms working group has placed integration with XML signatures among the highest priorities of its new standardization charter. However, there are security issues that must be addressed but which are beyond the core cryptographic capabilities of the W3C XML Signature Recommendation. This paper presents our research into and solutions for these issues. The purpose of this paper is to let successful industry experience and academic analysis provide guidance to future secure document standardization efforts (such as XForms) so that, even in the most demanding signature scenarios, the standards are still able to meet the fundamental requirement of digital signatures: What you see is what you sign.