Posted by Tambet Matiisen on
URL: https://discuss.orbeon.com/Electronic-Signatures-tp3171562p3176992.html

On 5.01.2011 17:58, Andrew J. Kallenbach wrote:

Using PKI, cards, and other mechanisms seem to have a collective ?huh? from most business managers. They are not easy to implement or understood by both potential users (employees and customers).

Estonia (where I live) has been using PKI-based digital signatures since 2000. Today I even don't remember, when was the last time I gave "real" handwritten signature. But I use my smartcard (ID-card) every day to log in to internet banks, sign bank transactions, sign contracts with my clients, etc. During last two votings I voted electronically.

OK, I may be biased, because I'm a software developer and my main client is the developer of Estonian ID-card software. But nevertheless, I just checked, 40% of signups to one webservice our company provides, are made using ID-card.

So I suppose you can make people accept PKI-based signatures, but it requires support, both legal and promotional, from the highest level - the government.

Regarding Orbeon - we just converted Estonian state portal www.eesti.ee from Chiba to Orbeon and launching it in coming months. It contains a component, that allows you to download responses from e-services digitally signed by portal. Or download the response encrypted, so that only you with your ID-card can decrypt it. It's not tightly integrated with Orbeon, it's more like a wrapper. And it uses Estonian DigiDoc format, which I suppose is not useful in other countries.

Additional reading:
http://en.wikipedia.org/wiki/Estonian_ID_card

  Tambet



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws