Secure Web Forms with Client-Side Signatures

• Published in: Lecture notes in computer science pp. 340 - 351
• Main Authors: Honkala, Mikko, Vuorimaa, Petri
• Format: Book Chapter Conference Proceeding
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg 2005; Springer
• Series: Lecture Notes in Computer Science
• Subjects: Applied sciences; Computer science; control theory; systems; Context Node; Exact sciences and technology; Signed Form; Smart Card; Software; Software engineering; User Agent; XPath Expression; Software development; Banking; XML language; Information access; Xslt; Transaction processing; Open source software; Information browsing; Interactive system; Behavioral analysis; World wide web; Digital signature; Electronic trade; Internet
• ISBN: 9783540279969; 3540279962
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/11531371_46

The World Wide Web is evolving from a platform for information access into a platform for interactive services. The interaction of the services is provided by forms. Some of these services, such as banking and e-commerce, require secure, non-repudiable transactions. This paper presents a novel scheme for extending the current Web forms language, XForms, with secure client-side digital signatures, using the XML Signatures language. The requirements for the scheme are derived from representative use cases. A key requirement, also for legal validity of the signature, is the reconstruction of the signed form, when validating the signature. All the resources, referenced by the form, including client-side default stylesheets, have to be included within the signature. Finally, this paper presents, as a proof of concept, an implementation of the scheme and a related use case. Both are included in an open-source XML browser, X-Smiles.