On 10/16/06, David Looney <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Kraus wrote: [snip - r.e. source new 21 CFR 11 electronic signature requirements] > Sure thing: > > http://www.access.gpo.gov/nara/cfr/waisidx_06/21cfr11_06.html - Check > out 11.200 . The actual wording is > > "Be administered and executed to ensure that attempted use of an > individual's electronic signature by anyone other than its genuine > owner requires collaboration of two or more individuals." > > Perhaps I interpreted this wrong? It seems somewhat illogical as > others have pointed out, there are other kinks in the system that > could be exploited by one person. I believe the purpose of this > requirement is such that the administrator can't simply forge > signatures/documents using the powers given to them. Perhaps someone ought to ask the FDA just what they're thinking - perhaps for an example of a system that suffices (and then show them that it doesn't ?) If someone's looking over your shoulder as you type in a userid and password, is that "collaboration of two or more individuals" ? It might be all they need to use your signature.
Hmm, thats a good point about looking over the shoulder part, I didn't think of it that way. The other thing i was thinking was that the FDA may only be worried about the "apparent" system, or rather, interface. For example, lets say we have an application that uses a database. The application doesn't allow someone to sign as someone other then who you are authenticated as. However, if you fire up something like mysql client and manipulate the database manually, you could "forge" signatures. Perhaps the FDA is only worried about the front end, or more likely, they are unable to comprehend that there is a back-end which you can manipulate without the given front-end. PS Firefox 2.0's spell checker is awesome! David Looney
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFFM8TSNEZw+18StY8RAgIHAJjW4nq7BdytuW0dDq2tpeWaImgZAJ91Q72L S/5mQPAKxCiIsZVXE4fcBQ== =WbNG -----END PGP SIGNATURE----- -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
