Something quite remarkable happened today. IBM just sent me a URL where I could go online and sign a set of agreement documents electronically as part of their developer network. I'm all for this kind of initiative in principle, but unfortunately this whole process is something that I know a great deal about. Frankly I'm amazed at the legal council that IBM has taken on this. If this is what IBM perceive as digitally signing business agreements on-line - then I feel they have been badly misled. Clearly they are seeing the "Accept to download" model as sufficient evidence. Culturally, legally and system security wise it is riddled with holes. You can see exactly what I'm referring to at: http://www.developer.ibm.com then click on "Get more with IBM's new PartnerWorld...." They want you to read something on screen and then "sign" it by just clicking on a "submit" link. They are not even using SSL to authenticate your access. This is completely daft IMHO. Not only can noone guarantee what it was you saw or read, not now, nor in a year from now, nor can they guarantee that it was you that clicked submit, and not your cat, let alone some interference on the network! Then there is the small matter of showing an audit log that is authenticatable of signed documents, and giving you control of your own signature events. Well I give IBM fullmarks for trying - but this will go down in history in my estimation as a false start. I said earlier that I had extensive knowledge in this area, and that is because I have just finished spending 3 months designing an XML internet based document signature system that will be available commercially later this year. So not surprisingly I can say I have a vested interest here - but what concerns me beyond all that - is public trust. Frankly the public deserve digital signature solutions that give better protection than traditional paper and wet signature systems (which BTW are now compromised by digital copying technologies). I sincerely hope this effort by IBM is not a precursor for other efforts that frankly do not deliver in any shape or form. I am very concerned that people have their rights protected in the best ways that technology can provide, and thus I see efforts like LegalXML.org as pivotal in both educating and ensuring that citizens can feel safe and secure on-line. Comments please! Thanks, DW. VP Development XMLGlobal, and Ceremony Chief Architect. ------ XML/edi Group Discussion List ------ Homepage �http://www.XMLedi-Group.org Unsubscribe �send email to: [EMAIL PROTECTED] Leave the subject and body of the message blank Questions/requests: [EMAIL PROTECTED] To receive only one message per day (digest format) send the following message to [EMAIL PROTECTED], (leave the subject line blank) digest xmledi-group your-email-address To join the XML/edi Group complete the form located at: http://www.xmledi-group.org/xmledigroup/mail1.htm
