Implementation FAQ:Digital Signatures
A draft implementation guide/profile for v3 signatures has been put to the security TC in 2005 and this may be of interest to HL7 implementers.
However the conclusion in the joint InM-Security Meeting in which this document was discussed, was that referencing the W3C digital signature specifications and using the W3C defaults was sufficient. No added value would be gained by HL7 re-publishing W3C's specifications.
- However, profiling of those specifications for specific environments will be necessary. It would be useful for implementers to know what the underlying reasons are for (for instance) including a digital signature in the Control Act Wrapper as opposed to the Payload or the SOAP envelope. How does one deal with a DigSig in the context of CDA? Most implementations seem to use an informal v3 extension to convey the signature. Implementers thrive on examples, so examples (full v3 examples, not just a digital signature snippet) will have to be collected. Just referencing W3C standards won't cut it. Rene spronk 09:58, 1 September 2007 (CDT)
(Charlie McCay) All discussion about how to use Dsig must start with what the usecase is, why you are signing - including when, where and how the signatures will be checked. What within the message is signed, and where the signature is stored are decisions that flow from the answers to these questions.
- Will the signature need to be maintained as the data moves through different applications / communications media. Will it need to be maintained over time? -- if so what impact will this have on message versioning?
- Also are old signatures maintained as technology improves?. In short, maintaining digital signatures over time is a challenge.
- There also should be careful consideration of what other technology can be used -- are signatures needed, or can application access control be trusted to deliver reliable attribution of information to authors/verifiers?
- All security technology is used to reduce risks -- maintaining and using a digital signing infrastructure is hard, and so you must be really clear what the risks are that you are mitigating, that they justify the cost, and that there are no better ways of dealing with the risks.