Abstract
The World Wide Web is evolving from a platform for information access into a platform for interactive services. The interaction of the services is provided by forms. Some of these services, such as banking and e-commerce, require secure, non-repudiable transactions. This paper presents a novel scheme for extending the current Web forms language, XForms, with secure client-side digital signatures, using the XML Signatures language. The requirements for the scheme are derived from representative use cases. A key requirement, also for legal validity of the signature, is the reconstruction of the signed form, when validating the signature. All the resources, referenced by the form, including client-side default stylesheets, have to be included within the signature. Finally, this paper presents, as a proof of concept, an implementation of the scheme and a related use case. Both are included in an open-source XML browser, X-Smiles.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Hostetter, M., Kranz, D., Seed, C., Terman, S.W.: Curl, a gentle slope language for the web. World Wide Web Journal (1997)
Dubinko, M., et al. (eds.): XForms 1.0. W3C Recommendation (2003)
Blair, B., Boyer, J.: XFDL: creating electronic commerce transaction records using xml. In: WWW 1999: Proceeding of the eighth international conference on World Wide Web, pp. 1611–1622. Elsevier North-Holland, Inc., Amsterdam (1999)
Bartel, M., et al.: XML-Signature syntax and processing. W3C Recommendation (2002)
Boyer, J.M.: Bulletproof business process automation: securing XML forms with document subset signatures. In: Proceedings of the 2003 ACM workshop on XML security, pp. 104–111. ACM Press, New York (2003)
Guo, H.: Implementation of secure web forms by using XML Signature and XForms. Master’s thesis, Helsinki University of Technology (2003)
Vuorimaa, P., Ropponen, T., von Knorring, N., Honkala, M.: A java based XML browser for consumer devices. In: 17th ACM Symposium on Applied Computing, Madrid, Spain (2002)
Pihkala, K., Honkala, M., Vuorimaa, P.: A browser framework for hybrid XML documents. In: Internet and Multimedia Systems and Applications, IMSA 2002. IMSA (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Honkala, M., Vuorimaa, P. (2005). Secure Web Forms with Client-Side Signatures. In: Lowe, D., Gaedke, M. (eds) Web Engineering. ICWE 2005. Lecture Notes in Computer Science, vol 3579. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11531371_46
Download citation
DOI: https://doi.org/10.1007/11531371_46
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-27996-9
Online ISBN: 978-3-540-31484-4
eBook Packages: Computer ScienceComputer Science (R0)