Chapter 14, Security, Control, and Digital Signatures
XFA Specification
Signed Forms
403
Signed Forms
Digital signatures can be applied to forms to provide various levels of security. Digital signatures, like
handwritten signatures, allow signers to identify themselves and to make statements about a document.
Such statements include authorship of data in the form or approval of part or all of a form. The technology
used to digitally sign documents helps to ensure that both the form signer and the form recipients can be
clear about what was signed and whether the document was altered since it was signed.
A digital signature can be used to authenticate the identity of a user and the document’s contents. It can
store information about the signer and the state of the document when it was signed. The signature may
be purely mathematical, such as a public/private-key encrypted document digest, or it may be a biometric
form of identification, such as a handwritten signature, fingerprint, or retinal scan. The level of security and
integrity associated with a digital signature depends upon the handlers and algorithms used to generate
the signature and the parts of the form reflected in the signature.
Digital signatures are an important component of secure XML applications, although by themselves they
are not sufficient to address all application security/trust concerns, particularly with respect to using
signed XML (or other data formats) as a basis of human-to-human communication and agreement.
Types of Digital Signatures
This section introduces digital signatures and describes how a template can be designed with
clickable-features that initiate the creation of digital signatures.
Note:
The clickable-features that initiate the creation of digital signatures are separate from the signatures
themselves.
XFA supports the following signature mechanisms:
●
XML digital signature.
One or more signatures can be inserted into a form using the mechanism defined
by the W3C for an XML Digital Signature
[XMLDSIG-CORE].
This mechanism is selective in regard to
what portion of the form is included in the signature. It can be used to sign any or every portion of the
form which is expressed in XML, including the template, the configuration document, and/or the data.
The clickable-feature that produces an XML digital signature is an event with a
signData
property.
PDF digital signature.
A form which is embedded inside PDF can use the PDF signing mechanism
[PDF].
The PDF signing mechanism signs the entire XFA form and in addition some non-XFA content of the
form. Hence a PDF signature always generates a document of record, which is described in the next
section.
The clickable-feature that produces a PDF digital signature is a signature widget.
●
A single form may contain multiple XML digital signatures and multiple PDF digital signatures, although
such use is not expected to be useful.
Using Digital Signatures to Achieve Different Levels of Security
XML digital signatures are used to achieve various levels of security. This section discusses those different
purposes and how XML and PDF digital signatures can be used to achieve them.
There are several different types of signature purposes, each of which imposes its own requirements. The
different types of signatures are summarized by the following table. The following sections explain how
digital signatures can be used to achieve these purposes. Similar information on PDF digital signatures is
available in the
PDF Reference
[PDF]
A primer on electronic document security
[ElectronicSecurity].