|
Dear All,
It may be interesting to know that Swedish authorities are currently launching a Web Services-like system called SHS, where authorities communicate with each other through web-server "nodes" where out-going messages are automatically signed by the authority identified as an "entity" (organization), rather by an individual associated to the authority. For the majority of messages there will be no individual signatures (such may though be stored locally as proof if implemented). For those messages that for some reason would benefit from individuals' signatures also being transmitted, such signatures are a part of message "payload". That is, the outermost "authoritative" signature is always the sending organization's. It seems that there is a paradigm-shift in the
making, which could have a very positive effect on the deployment of
digital signatures although commercial CAs have quite a bit to cater for,
as practically none of these, currently produce suitable
certificates.
If this scheme works for government authorities, it should definitely
work for e-business as well.
A side-effect of the SHS-scheme is that specific
"employee-certificates" become redundant, as the optional dual-signed messages
create "virtual" employee-certificates of any sophistication, including the
possible inclusion of authorization or role data, effectively eliminating
attribute certificates for organization-internal authorizations.
Anders Rundgren Senior Internet e-Commerce Architect |