Abstract
Businesses, government agencies, and educational institutions all share information electronically. While digital signature based on public key infrastructure is commonly accepted as the natural answer to secure data exchange, the actual digital signature formats largely fail to capture regulation and business level semantic. Indeed, electronic documents (business contracts, law texts, European directives, European arrest warrants...) can no longer be simply seen as their paper counterparts: the trust and the accuracy of the information carried by electronic documents are transitory; and they utterly depend on the instant and the perspective of the document consumer. For example, a contract signed by only one part may give a competitive negotiation advantage to the potential matching part. For that reason, we propose a technical solution which is aiming to mitigate the risks of discrepancy. Our solution is based on the paradigm of Business Process Modeling extended to provide security annotations and functionalities. Documents are perceived as business processes’ artefacts and embed a subset of the process with associated security annotations. These descriptions combined with basic digital signature primitive and certified data make possible to verify the compliance of collaborative processes that may eventually span across borders. A practical example, the European Arrest Warrant is described to show the model’s expressiveness to capture complex legal constraints.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Business Rules and Web Architecture: W3C Creates Rule Interchange Format WG http://xml.coverpages.org/ni2005-11-09-a.html
Bussard, Laurent;Bagga, Walid Distance-bounding proof of knowledge to avoid realtime attacks IFIP/SEC2005, 20th IFIP International Information Security Conference, May 30-June 1, 2005, Makuhari-Messe, Chiba, Japan
CLiX-“Constraint Language in XML” http://www.clixml.org/
eJustice “Towards a global security and visibility framework for Justice in Europe (1ST 001567).” http://www.ejustice.eu.com]
Electronic Signatures and Infrastructures (ESI); Policy requirements for time-stamping authorities, ETSI TS 102 023 V1.2.1 (2003-01).
European Directive 1999/931EC, on a Community framework for electronic signatures, December 13, 1999.
R4eGov “Towards e-Administration in the large” (IST-2004-026650) http://www.r4egov.info/
S. Crosta, J.-C. Pazzaglia, and H. Schottle, “Modelling and Securing European Justice Workflows,” presented at ISSE, 2005.
Team-and-role-based organizational context and access control for cooperative hypermedia environments, Weigang Wang, Proceedings of the tenth ACM Conference on Hypertext and hypermedia, 1999.
W. Martin Team, “Analytics meets ESA, Enriching Business Processes by Analytics,” 2005.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2006 Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Pazzaglia, JC., Crosta, S. (2006). MADSig: Enhancing Digital Signature to Capture Secure Document Processing Requirements. In: ISSE 2006 — Securing Electronic Busines Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_26
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9195-2_26
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0213-2
Online ISBN: 978-3-8348-9195-2
eBook Packages: Computer ScienceComputer Science (R0)