> In my opinion this is a perfect application for server-based signatures. > What's needed is an authorization signature where a responsible person > attests that he/she have verified the correctness of the input data > that I guess is presented in web format. > > The attestation would be stored in the information system together > with the student information.
In our case, we use both server/application and user certificates. When a student request his "career gradebook", the signature must be from the entity (organization) When the teacher send course certificates, must be teachers (personal) When the director make a public announcement, its also signed by their own role-certificate (director) There are also employee certs... > The student certificates would presumable be distributed in PDF format > with the educational institution's signature. The attestation is only > of interest for internal processes since the signing individual most > likely is unknown by outsiders. There are also huge problems using > employee certificates outside of the employer border while a legal > entity (organization) certificate actually can be issued by TTPs. Usually some documents have only "internal meaning", but some other, even signed by personal certs (not just institutional seals) can ve verified externally. In fact, we use "recognized signatures", which can be verified by anyone, anywhere. Even more when using STORK [1] compliance credentials, where national ID signatures can be verified by other countries. We are starting to use this when submitting papers. We also use Certified copies. > Anyway, the Web Crypto API doesn't address traditional signature applications. > At least, I cannot see that based on the current draft. And thats my point. Im missing both things: smartcards and batch. With them, there will be an alternative to Java. Without them, ill have to continue using Java. [1] https://www.eid-stork.eu/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
