{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,8]],"date-time":"2025-10-08T15:25:26Z","timestamp":1759937126564},"reference-count":26,"publisher":"Wiley","issue":"8","license":[{"start":{"date-parts":[[2010,5,7]],"date-time":"2010-05-07T00:00:00Z","timestamp":1273190400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Softw Pract Exp"],"published-print":{"date-parts":[[2010,7]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The use of digital document management and processing is increasing. Traditional workflows of paper forms are being replaced by electronic workflows of digital documents. These workflows often require multiple signatures to be added to the documents for authorization and\/or integrity. We describe examples of digital workflows that illustrate problems with digital signatures: i.e. the use of digital signatures across entire documents results in signatures that can be unnecessarily invalidated by subsequent modification of the document. We propose the use of fragment signatures, which reduce unnecessary invalidation of signatures and enable greater concurrency in workflows. Our approach is document\u2010centric and does not use a centralized database. We report on an implementation that allows fragment signatures over document fragments as well as the attachment (or embedding) of other documents. This allows collaborative or cooperative editing to occur on parts of a document without disturbing unrelated signatures. We describe the lessons learned from our deployments and offer further ways to embed such signatures into other document types. Copyright \u00a9 2010 John Wiley &amp; Sons, Ltd.<\/jats:p>","DOI":"10.1002\/spe.974","type":"journal-article","created":{"date-parts":[[2010,5,7]],"date-time":"2010-05-07T19:42:01Z","timestamp":1273261321000},"page":"655-672","source":"Crossref","is-referenced-by-count":5,"title":["Document\u2010centric XML workflows with fragment digital signatures"],"prefix":"10.1002","volume":"40","author":[{"given":"Phillip J.","family":"Brooke","sequence":"first","affiliation":[]},{"given":"Richard F.","family":"Paige","sequence":"additional","affiliation":[]},{"given":"Christopher","family":"Power","sequence":"additional","affiliation":[]}],"member":"311","published-online":{"date-parts":[[2010,5,7]]},"reference":[{"key":"e_1_2_1_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/317087.317089"},{"key":"e_1_2_1_3_2","unstructured":"ManiatisP BakerM.Secure history preservation through timeline entanglement. Proceedings of the 11th USENIX Security Symposium San Francisco U.S.A. 2002;297\u2013312."},{"key":"e_1_2_1_4_2","unstructured":"CallasJ DonnerhackeL FinneyH ThayerR. OpenPGP Message Format. RFC2440. Available at:http:\/\/www.ietf.org\/rfc\/rfc2440.txt[17 December2009]."},{"key":"e_1_2_1_5_2","volume-title":"Applied Cryptography","author":"Schneier B","year":"1996"},{"key":"e_1_2_1_6_2","unstructured":"W3C. XML\u2010signature syntax and processing (second edition). W3C Recommendation February 2002. Available at:http:\/\/www.w3.org\/TR\/xmldsig\u2010core\/[Last accessed 31 March2009]."},{"key":"e_1_2_1_7_2","unstructured":"SaninA. XML Security Library 2007. Available at:http:\/\/www.aleksey.com\/xmlsec\/[Last accessed 31 March2009]."},{"key":"e_1_2_1_8_2","unstructured":"GutmannP. Why XML Security is Broken October 2004. Available at:http:\/\/www.cs.auckland.ac.nz\/pgut001\/pubs\/xmlsec.txt[Last accessed 31 March2009]."},{"key":"e_1_2_1_9_2","unstructured":"ErnstJ. So What about Really Simple XML Signatures? February 2006. Available at:http:\/\/netmesh.info\/jernst\/Technical\/really\u2010simple\u2010xml\u2010signatures.html[17 December2009]."},{"key":"e_1_2_1_10_2","unstructured":"BrookePJ. Implementing XML\u2010RSig April 2006. Available at:https:\/\/www.scm.tees.ac.uk\/p.j.brooke\/a\/xmlrsig_v1.1.pdf[17 December2009]."},{"key":"e_1_2_1_11_2","unstructured":"OOo Digital Signatures. Improving the Digital Signature Feature (openoffice.org) 2009. Available at:http:\/\/wiki.services.openoffice.org\/wiki\/Improving_The_Digital_Signature_Feature[Last accessed 31 March2009]."},{"key":"e_1_2_1_12_2","first-page":"679","volume-title":"Security and Usability: Designing Secure Systems that People Can Use","author":"Whitten A","year":"2005"},{"key":"e_1_2_1_13_2","unstructured":"AdamsC CainP PinkasD ZuccheratoR. Internet X.509 Public Key Infrastructure Time\u2010stamp Protocol (TSP). Available at:http:\/\/www.ietf.org\/rfc\/rfc3161.txt[17 December2009]."},{"key":"e_1_2_1_14_2","doi-asserted-by":"crossref","unstructured":"TakuraA OnoS NaitoS.A secure and trusted time stamping authority. Proceedings of the Internet Workshop 1999 Osaka Japan 1999;88\u201393. DOI:10.1109\/IWS.1999.810997.","DOI":"10.1109\/IWS.1999.810997"},{"key":"e_1_2_1_15_2","unstructured":"BoyerJ. Canonical XML version 1.0. W3C Recommendation W3C. Available at:http:\/\/www.w3.org\/TR\/xml\u2010c14n[17 December2009]."},{"key":"e_1_2_1_16_2","first-page":"399","volume-title":"IFIP International Federation of Information Processing: Trust Management","author":"Jensen CD","year":"2007"},{"key":"e_1_2_1_17_2","volume-title":"Thirty\u2010seventh Hawaii International Conference on System Sciences (HICSS\u201037 2004)","author":"Krowne A","year":"2004"},{"key":"e_1_2_1_18_2","first-page":"13","volume-title":"Proceedings of the Eigth International Workshop on the Web and Databases","author":"Miklau G","year":"2005"},{"key":"e_1_2_1_19_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30144-8_18"},{"key":"e_1_2_1_20_2","doi-asserted-by":"crossref","unstructured":"LautenbachB.Introduction to XML encryption and XML signature. Information Security Technical Report2004;9(3):6\u201318. DOI:10.1016\/S1363\u20104127(04)00028\u20107.","DOI":"10.1016\/S1363-4127(04)00028-7"},{"key":"e_1_2_1_21_2","unstructured":"Avoco Secure. Ten Things to Look for in Digital Signing Software 2006. Available at:http:\/\/www.avocosecure.com\/downloads\/secure2sign_docs\/ten_things.pdf[Last accessed 31 March2009]."},{"key":"e_1_2_1_22_2","unstructured":"BerbecaruD LioyA MainoF MazzocchiD RamunnoG. Towards concrete application of electronic signature. Proceedings of the AICA Symposium 2000 2000. Available at:http:\/\/security.polito.it\/doc\/papers\/e_sign.pdf[17 December2009]."},{"key":"e_1_2_1_23_2","unstructured":"LioyA RamunnoG. Multiple Electronic Signatures on Multiple Documents 2004. Available at:http:\/\/security.polito.it\/doc\/pub\/icete2004.pdf[17 December2009]."},{"key":"e_1_2_1_24_2","doi-asserted-by":"crossref","unstructured":"KainK SmithSW AsokanR.Digital signatures and electronic documents: A cautionary tale. Proceedings of the IFIP TC6\/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security Portoroz Slovenia 2002;293\u2013308.","DOI":"10.1007\/978-0-387-35612-9_22"},{"key":"e_1_2_1_25_2","doi-asserted-by":"crossref","unstructured":"BullL StanskiP SquireDMcG.Content extraction signatures using XML digital signatures and custom transforms on\u2010demand. Proceedings of the 12th International Conference on World Wide Web Budapest Hungary 2003;170\u2013177. DOI:10.1145\/775152.775176.","DOI":"10.1145\/775152.775176"},{"key":"e_1_2_1_26_2","unstructured":"OASIS. Open Document Format for Office Applications (OpenDocument) Specification v1.1. Availabe at:http:\/\/www.oasis\u2010open.org\/specs\/#opendocumentv1.1[17 December2009]."},{"key":"e_1_2_1_27_2","unstructured":"MazumdarS. Firefox extension for XML digital signature processing. ALR\u20102007\u2010013. Available at:http:\/\/pubs.research.avayalabs.com\/pdfs\/ALR\u20102007\u2010013.pdf[17 December2009]."}],"container-title":["Software: Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fspe.974","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spe.974","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,22]],"date-time":"2023-11-22T08:51:03Z","timestamp":1700643063000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/spe.974"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,5,7]]},"references-count":26,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2010,7]]}},"alternative-id":["10.1002\/spe.974"],"URL":"https:\/\/doi.org\/10.1002\/spe.974","archive":["Portico"],"relation":{},"ISSN":["0038-0644","1097-024X"],"issn-type":[{"value":"0038-0644","type":"print"},{"value":"1097-024X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,5,7]]}}}