Secure Web Forms with Client-Side Signatures

  • Mikko Honkala
  • Petri Vuorimaa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3579)


The World Wide Web is evolving from a platform for information access into a platform for interactive services. The interaction of the services is provided by forms. Some of these services, such as banking and e-commerce, require secure, non-repudiable transactions. This paper presents a novel scheme for extending the current Web forms language, XForms, with secure client-side digital signatures, using the XML Signatures language. The requirements for the scheme are derived from representative use cases. A key requirement, also for legal validity of the signature, is the reconstruction of the signed form, when validating the signature. All the resources, referenced by the form, including client-side default stylesheets, have to be included within the signature. Finally, this paper presents, as a proof of concept, an implementation of the scheme and a related use case. Both are included in an open-source XML browser, X-Smiles.


Smart Card User Agent Signed Form XPath Expression Context Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Hostetter, M., Kranz, D., Seed, C., Terman, S.W.: Curl, a gentle slope language for the web. World Wide Web Journal (1997)Google Scholar
  2. 2.
    Dubinko, M., et al. (eds.): XForms 1.0. W3C Recommendation (2003)Google Scholar
  3. 3.
    Blair, B., Boyer, J.: XFDL: creating electronic commerce transaction records using xml. In: WWW 1999: Proceeding of the eighth international conference on World Wide Web, pp. 1611–1622. Elsevier North-Holland, Inc., Amsterdam (1999)Google Scholar
  4. 4.
    Bartel, M., et al.: XML-Signature syntax and processing. W3C Recommendation (2002)Google Scholar
  5. 5.
    Boyer, J.M.: Bulletproof business process automation: securing XML forms with document subset signatures. In: Proceedings of the 2003 ACM workshop on XML security, pp. 104–111. ACM Press, New York (2003)CrossRefGoogle Scholar
  6. 6.
    Guo, H.: Implementation of secure web forms by using XML Signature and XForms. Master’s thesis, Helsinki University of Technology (2003)Google Scholar
  7. 7.
    Vuorimaa, P., Ropponen, T., von Knorring, N., Honkala, M.: A java based XML browser for consumer devices. In: 17th ACM Symposium on Applied Computing, Madrid, Spain (2002)Google Scholar
  8. 8.
    Pihkala, K., Honkala, M., Vuorimaa, P.: A browser framework for hybrid XML documents. In: Internet and Multimedia Systems and Applications, IMSA 2002. IMSA (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Mikko Honkala
    • 1
  • Petri Vuorimaa
    • 1
  1. 1.Telecommunications Software and Multimedia LaboratoryHelsinki University of TechnologyFinland

Personalised recommendations