Introducing: digitally signing XML data in a WYSIWYS environment with Connective eSignatures
In its latest version, Connective has added XML to the range of formats that can be digitally signed in the eSignatures solution. While this is a rather common format, it is still a unique launch in the market of digital signatures. The reason for this is that Connective eSignatures solution has a unique ‘What You See Is What You Sign (WYSIWYS)’ feature for signing XML data. This means the signer sees exactly what he will be signing. While this is common for PDF and Word files, it is not for XML. This particular addition contributes to the integrity of these digital documents and their digital signatures.
What you see is what you sign (WYSIWYS)
First, let´s explain why the WYSIWYS principle is important. Ideally, a digital signatures solution offers the guarantee that literally “what you see is what you sign”. It enables the user to see the document or data to be signed before he effectively signs it. The user interface is built as such that the user can only view the document but not alter anything.
Actually, like this:
For both signer and sender this WYSIWYS property means they have an extra control over the data to check if it is the data they both agreed upon and that it has not been tampered with before signing. While this WYSIWYS principle is obvious for documents in Word or PDF, it is not for XML files.
XML signing and security
XML was designed to store and transport data. It is a common data format for machine-to-machine communication.
Just like PDF documents, XML often includes specific data that needs to be protected or approved. Meaning that for many companies there is an equal need to secure XML as well as PDF or other formats. XML data needs protection and guarantee in terms of authentication of origin and sufficient proof that the data has not been changed in transit. The globally-recognized method to ensure this protection, is to use digital signatures based upon PKI (Public Key Infrastructure) technology to enable the encryption and digital signing of the exchanged data. Although digitally signing XML data is nothing new and is in use for many years now, we believe that the XML signing we introduced in our latest software is revolutionary. Many XML signature solutions do not allow you to see what you are exactly signing and are far from being as user-friendly as you’ll find ours to be. In other software solutions you might be able to view the XML document but as XML documents are not easily readable, you are not sure what you are signing. XML files consist of raw code fields (tags) and data (values), like this:
In our latest version of the eSignatures´ WYSIWYS, we made it possible for the signer to see both the actual XML data as well as a more readable representation in PDF format.
How does it work?
Through our API the sending party can easily upload XML files together with a representation in PDF. For an XML expert, transforming an XML file to PDF is a piece of cake. This representation will help the signer to view what he is about to sign in a human readable format.
The user doesn’t need to download anything to read the document in a secure way. The document can be read remotely before signing on whatever device the signer prefers, whether it is a desktop, laptop, tablet or mobile phone. The signing itself will still be done in XML.
If you would like to see how XML signing works in Connective’s eSignatures solution, here is a short demo movie:
Compliant with European legislation
This type of XML signature is highly secure and in accordance with the ETSI EN 319 132 XML Advanced Electronic Signatures (XAdES). Meaning it is compliant with the European eIDAS legislation and standards and therefore at least valid within Europe, but also recognized beyond.
The WYSIWYS of our signature software combines the benefits of security and compliance of placing an XML signature with a user-friendly interface.
A practical Use Case of Signing XML data in Belgium
As of January 2019 new legislation will be valid for municipalities in Belgium. This requires municipalities to sign municipal documents, like birth and marriage certificates, in XML before sending it to the federal government. To comply, 66 of 300 Flemish municipalities will implement Connective’s digital XML signature solution in 2019. For the municipal employees, it will be an intuitive exercise. They can easily check the document and sign it before forwarding it to the federal authority.
As a legally recognized European signature, signing XML data will be valuable for many more organizations in the future. This WYSIWYS addition to XML signatures will be practical for everybody using XML files because it is:
- user-friendly, both sender and receiver can see the relevant document,
- compliant with all European legal standards,
- secure as no subsequent changes can be made after signing.
Most of our signing methods are usable for XML signing. It supports Simple or Basic, Advanced and Qualified signatures.
XML signing is available as part of the latest Connective eSignatures version, released in January 2019. Are you curious if this digital signature solution is suitable for your company? Please contact us. We will gladly discuss the specific needs of your company or organisation.