Chapter 14, Security, Control, and Digital Signatures
XFA Specification
Signed Forms
404
Signature purposes
Purpose
Integrity
Use
Verify that data has not been corrupted in
transit or processing. For example, when a
digital signature is applied to a quarterly
financial statement, recipients have more
assurance that the financial information
has not been altered since it was sent.
See
“Integrity” on page 407.
Verify a signer’s digital identity. For
example, a digitally signed quarterly
financial statement allows recipients to
verify the identity of the sender and
assures them that the financial information
has not been altered since it was sent. For
example, a digitally signed quarterly
financial statement allows recipients to
verify the identity of the sender and
assures them that the financial information
has not been altered since it was sent.
See
“Authenticity” on page 408.
Establish unequivocally that the person
signing the document did in fact see and
sign the document, or to establish that the
recipient did in fact receive the document.
See “Non- Repudiability” on page 408.
How achieved
●
Signature based on relevant
parts of the form and optionally
a private key
Authenticity
Achieving this
purpose results in a
"trusted document"
or a "document of
record".
●
Signature based on selected
portions of the template and
configuration and on
pre-rendered PDF and a private
key
Verification using a public key
Assurance of the sender’s
identity
●
●
Non- repudiability
Achieving this
purpose results in a
"certified
document".
Usage rights
Achieving this
purpose results in a
"ubiquitized
document".
(a PDF capability)
Same as for Authenticity with the
following addition:
●
Trusted third-party software
prevents the signer of the
document from denying that
they signed the document
Establish the identity of the
granting authority
Specify additional rights to be
granted by the special viewing
application
If signature permissions have been issued
by a bona fide granting authority, enable
additional rights (such as the ability to
sign) in special viewing applications such
as Acrobat.
See “Usage Rights Signatures
(Ubiquitized Documents)” on page 409..
●
●
Differences Between XML and PDF Digital Signatures
There are substantial differences in the capabilities of XML and PDF digital signatures.
This specification defines XML digital signatures that support only data integrity; however, XML digital
signatures could conceivably be designed to achieve the same level of integrity and signer authentication
as PDF signatures.
Using certified signatures to restrict changes
Unlike XML digital signatures, PDF signatures support PDF certified signatures. A certified signature allows
the document author to specify which changes are allowed in the form. A PDF viewing application such as
Acrobat then detects and prevents disallowed changes. A certified signature must be the first signature
applied to a form.