Chapter 14, Security, Control, and Digital Signatures
XFA Specification
Signed Forms
407
1. The form is opened using an XFA-processing application.
2. The person fills out the form.
3. The user submits the form by selecting a submit button. In response, the XFA processing application
bundles the designated parts of the form into an XDP package and submits that package to a server.
(This statement assumes a simpler form submission process.)
Integrity
Digital signatures enable recipients to verify the integrity of an electronic document used in one-way or
round-trip workflows. For example, when a digital signature is applied to a quarterly financial statement,
recipients have more assurance that the financial information has not been altered since it was sent.
A primer on electronic document security
[ElectronicSecurity]
Using XML digital signatures for integrity
XML digital signatures can establish the integrity of a form, by incorporating
1
relevant objects in the
signature. For example, if there is a concern only about the integrity of a form’s data, the signature would
incorporate only the form’s data. If there is a concern about other aspects of the form, the signature would
incorporate those other aspects, too.
An XML digital signature can incorporate the PDF object used in a form, but this is useful only for archiving.
It is not useful in a workflow where other individuals subsequently validate the original signature. This
limitation applies only to forms whose signature manifests include a PDF object. This limitation exists
because PDF objects contain volatile information, such as date and time. If a PDF processing application
such as Acrobat reopens and saves forms whose signatures include the PDF object, those signatures are
voided, even if no changes are made.
Using PDF Digital signatures for integrity
The PDF language provides several ways to support document integrity through various types of
signatures:
●
●
Ordinary signatures, which can associate a signer with part or all of the PDF document.
Modification Detection and Prevention (MDP) signatures, which specify what changes are permitted to
be made the document and what changes invalidate the author’s signature.
Usage rights (UR) signatures, which identify the authorizing agent and enable capabilities in special
PDF-viewing applications.
●
1. The term "incorporating" refers to the creation of hash code (or other representative binary number) that reflects the por-
tions of the form specified in the signData manifest element. This code is then stored in the signature property created when
the form is actually signed.