[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: e-Government uses "Authority-stamp-signatures"
Title: Re: e-Government uses
"Authority-stamp-signatures"
At 3:18 PM +0100 12/13/02, Anders Rundgren wrote:
Dear
All,
It may be interesting to know that Swedish authorities are currently
launching a Web Services-like system called SHS, where authorities
communicate with each other through web-server "nodes" where
out-going messages are automatically signed by the authority
identified as an "entity" (organization), rather by
an individual associated to the authority.
For the majority of messages there will be no individual signatures
(such may though be stored locally as proof if implemented).
For those messages that for some reason would benefit from
individuals' signatures also being transmitted, such
signatures are a part of message
"payload". That is, the outermost
"authoritative" signature is always the sending
organization's.
It seems
that there is a paradigm-shift in the making, which could have a very
positive effect on the deployment of digital signatures although
commercial CAs have quite a bit to cater for, as practically none
of these, currently produce suitable
certificates.
If this
scheme works for government authorities, it should definitely
work for e-business as well.
A
side-effect of the SHS-scheme is that specific
"employee-certificates" become redundant, as the optional
dual-signed messages create "virtual"
employee-certificates of any sophistication, including the possible
inclusion of authorization or role data, effectively eliminating
attribute certificates for organization-internal
authorizations.
Anders
Rundgren
Senior
Internet e-Commerce Architect
This is not a new concept in other environments, e.g., the US DoD
Defense Message System sends all official messages with signatures
that represent organizations, not individuals. The system was
developed and initially deployed starting in the early 90's, I
believe.
Steve