To help the Web reach its full potential, it is important that
end users have a reliable mechanism for deciding what Web content
they can trust. In particular, the industry has found two classes
of documents where public trust has become an issue of sufficient
magnitude to bring together a cross-company working group:
Publishers need a means to assure authenticity and users need to verify it. Both needs are addressed by attaching digital signatures to on-line documents. These signatures serve to identify the origin of a document. For many uses, however, there is additional information required to underly trust decisions. This typically takes the form of requiring endorsements by parties trusted by the users. For example, the decision to use a piece of active code may be affected by statements from PC Week or its execution may be permitted only by endorsement of an site security administrator.
Market forces have caused different software vendors to field an initial solution to part of the first problem, but these solutions do not fully address the larger need of helping users decide what to trust on the web. As the result of a pair of industry meetings, the W3C began a high-intensity, short duration project that will result in the following deliverables:
The goal of this project is clear user benefit by creating interoperable solutions to the common problem of Internet trust.
Information on the Digital Signature Initiative is available
at:
http://www.w3.org/pub/WWW/Security/DSig/
The current DSig 1.0 Signature Labels working draft is
available at:
http://www.w3.org/pub/WWW/TR/WD-DSIG-label.html
Philip A. DesAutels, DSig Project Manager