Digital Signatures: We’re Open, They’re Closed

By Larry Kluger posted 01-16-2014 07:06


Digital Signatures: We’re Open, They’re Closed

In a prior column, I referred to “Open standard digital signature technology.” Let’s unpack that expression and explore what it really means.

We’ll start with “standard.” The best standards are both useful and used by multiple, competing vendors and by customers. Just having a standard for a piece of technology is not enough. For example, IEEE 802.5 is the standard for Token Ring networking. But it never caught on due to the market superiority of IEEE 802.11, the Ethernet standard.

“Formal standards” can only be issued by standards organizations. But the standards bodies tend to move rather slowly. Consortiums of vendors have been very successful in creating “Market Standards” such as the USB specification, created by the USB Implementers Forum.

Good news for digital signatures is that the applicable formal and market standards for digital signatures from the US National Institute for Standards (FIPS), the ITU (X.509), the Internet Working Group  (RFC), the European Telecommunications Standards Institute, and vendors such as Adobe and RSA have all been harmonized—they all very work well together.

Open Standards

The real benefits come from open standards, standards that have multiple implementations from competing companies.

What do open standards for digital signatures mean for you?

No lock-in

Documents that are digitally signed using open, nationally and internationally agreed standards can be signed and verified by many different software applications, from multiple vendors. By using open standards for signing, you will never be “locked in” to a single vendor. For example, multiple vendors provide software/hardware for digitally signing documents. If your vendor is no longer meeting your needs, you can switch vendors without worrying about verifying previously signed documents—your new software will recognize the old signatures.

Lowest total cost of ownership, best feature selection

Open standards enable companies to compete on creating the best overall solution for their customers rather than re-inventing the wheel. You want, and deserve, the best features and lowest total cost of ownership.

For example, while open digital signatures are available from multiple vendors, not all vendors provide the same range of integration options with SharePoint, OpenText, Oracle, Alfresco and other ECM/DM systems.  Some vendors provide automatic synchronization with Active Directory to lower administrative costs, some do not.

Full Interoperability

Open standards for digital signatures also ensure that you and your partners/customers do not have to agree to use a single system for signing and verifying document signatures.

Digital signatures enable independent verification: signatures on PDF documents can be verified using the free PDF Reader from Adobe, or by PDF viewers from other vendors.

Recipients of your digitally signed documents do not have to use, or register with, your digital signature vendor to view and verify a document you signed. Your customer can also sign the same document (counter-sign) by using software from your digital signature vendor or from other companies.

Highest technical standards

An important benefit of open standards is that they are scrutinized by experts from academia, from independent consulting firms and from multiple vendors to ensure that the best technology is used. The result: better products for you and fewer problems compared with closed systems that can only be examined by a vendor’s own employees.

Open standards also enable conformance testing by specialized test companies.

What's the alternative? Closed, proprietary “electronic” signature applications that lock you into a specific  vendor and result in fewer choices, less interoperability, and more doubts about the technical capabilities of the proprietary solution.

Open standards versus closed, proprietary systems? The answer is clear.

Image credit: Justin Grimes

#digitalsignatures #open #electronicsignatures
1 comment



01-21-2014 10:34

We have been using digital signatures for quite a few years, however there has been some dialogue on preservation of digital signatures with electronic archiving. Do you have any insight of how these could be managed,re-initiatied in say 4 years time,including legal implications/consideration (such as personnel who have since left company etc.) Thanks in advance.