On 5.01.2011 17:58, Andrew J. Kallenbach wrote:
Using PKI, cards, and other mechanisms seem to have a
collective ?huh? from most business managers. They are not
easy to implement or understood by both potential users
(employees and customers).
Estonia (where I live) has been using PKI-based digital signatures
since 2000. Today I even don't remember, when was the last time I
gave "real" handwritten signature. But I use my smartcard (ID-card)
every day to log in to internet banks, sign bank transactions, sign
contracts with my clients, etc. During last two votings I voted
electronically.
OK, I may be biased, because I'm a software developer and my main
client is the developer of Estonian ID-card software. But
nevertheless, I just checked, 40% of signups to one webservice our
company provides, are made using ID-card.
So I suppose you can make people accept PKI-based signatures, but it
requires support, both legal and promotional, from the highest level
- the government.
Regarding Orbeon - we just converted Estonian state portal
www.eesti.ee from Chiba to Orbeon and launching it in coming months.
It contains a component, that allows you to download responses from
e-services digitally signed by portal. Or download the response
encrypted, so that only you with your ID-card can decrypt it. It's
not tightly integrated with Orbeon, it's more like a wrapper. And it
uses Estonian DigiDoc format, which I suppose is not useful in other
countries.
Additional reading:
http://en.wikipedia.org/wiki/Estonian_ID_card
Tambet