Digital Signatures: We’re Open, They’re Closed
In a prior column, I referred to “Open standard digital signature technology.” Let’s unpack that expression and explore what it really means.
We’ll start with “standard.” The best standards are both useful and used by multiple, competing vendors and by customers. Just having a standard for a piece of technology is not enough. For example, IEEE 802.5 is the standard for Token Ring networking. But it never caught on due to the market superiority of IEEE 802.11, the Ethernet standard.
“Formal standards” can only be issued by standards organizations. But the standards bodies tend to move rather slowly. Consortiums of vendors have been very successful in creating “Market Standards” such as the USB specification, created by the USB Implementers Forum.
Good news for digital signatures is that the applicable formal and market standards for digital signatures from the US National Institute for Standards (FIPS), the ITU (X.509), the Internet Working Group (RFC), the European Telecommunications Standards Institute, and vendors such as Adobe and RSA have all been harmonized—they all very work well together.
Open Standards
The real benefits come from open standards, standards that have multiple implementations from competing companies.
What do open standards for digital signatures mean for you?
No lock-in
Documents that are digitally signed using open, nationally and internationally agreed standards can be signed and verified by many different software applications, from multiple vendors. By using open standards for signing, you will never be “locked in” to a single vendor. For example, multiple vendors provide software/hardware for digitally signing documents. If your vendor is no longer meeting your needs, you can switch vendors without worrying about verifying previously signed documents—your new software will recognize the old signatures.
Lowest total cost of ownership, best feature selection
Open standards enable companies to compete on creating the best overall solution for their customers rather than re-inventing the wheel. You want, and deserve, the best features and lowest total cost of ownership.
For example, while open digital signatures are available from multiple vendors, not all vendors provide the same range of integration options with SharePoint, OpenText, Oracle, Alfresco and other ECM/DM systems. Some vendors provide automatic synchronization with Active Directory to lower administrative costs, some do not.
Full Interoperability
Open standards for digital signatures also ensure that you and your partners/customers do not have to agree to use a single system for signing and verifying document signatures.
Digital signatures enable independent verification: signatures on PDF documents can be verified using the free PDF Reader from Adobe, or by PDF viewers from other vendors.
Recipients of your digitally signed documents do not have to use, or register with, your digital signature vendor to view and verify a document you signed. Your customer can also sign the same document (counter-sign) by using software from your digital signature vendor or from other companies.
Highest technical standards
An important benefit of open standards is that they are scrutinized by experts from academia, from independent consulting firms and from multiple vendors to ensure that the best technology is used. The result: better products for you and fewer problems compared with closed systems that can only be examined by a vendor’s own employees.
Open standards also enable conformance testing by specialized test companies.
What's the alternative? Closed, proprietary “electronic” signature applications that lock you into a specific vendor and result in fewer choices, less interoperability, and more doubts about the technical capabilities of the proprietary solution.
Open standards versus closed, proprietary systems? The answer is clear.
Image credit: Justin Grimes
#digitalsignatures #open #electronicsignatures