Thomas Beale wrote: >>* what standard or other open specification can openEHR point to that accurately specifies the format of digital digests and signatures of EHR data? It has to be something avalable to everyone, and implementable (preferably already implemented)?<<
openPGP seems a reasonable place to start. I have also had some experience with the GPG implementation, and have found it useful, versatile and usable, but... Vincenzo Della Mea wrote: >> However, we also have to be mindful of how it can be implemented in >> all major OSs and languages. Gnu GPG is one approach, but I don't >> have any direct experience of it. > > As far as I understood, the current Italian law on digital documents > puts PGP/GPG on the weak side of digital signatures, following > european directives. You have strong signatures when you have a > certification infrastructure, where certification authorities fulfill > some legal constraints. PGP/GPG is more on a social certification method. Thomas Beale wrote: >>I think this is true if PGP is specified as the certification infrastructure. We are not trying to do that here - just use the openPGP message specification to define the format of signature strings etc in openEHR data. I don't think openEHR should be specifying anything in terms of certificates, PKI, certainly not at this stage of the game.<< ... I agree with Tom on this point - it would be far too soon to get into these details. I think that we will need to be open minded on the entire area for now, and watch various initiatives - PKI and certification are under a lot of scrutiny from both an engineering and usability perspective in terms of various e-Science projects in the UK within the security space - see http://portal.acm.org/citation.cfm?id=1090417&dl=GUIDE&coll=GUIDE&CFID=15151515&CFTOKEN=6184618 - while this is relevant to grid security in particular, you may agree that there are general issues regarding the use of PKI and so forth within the openEHR context. With best wishes, Nathan -- Nathan C. Lea Research Fellow Electronic Healthcare Record Systems Centre for Health Informatics and Multiprofessional Education Royal Free and University College London Medical School 4th Floor, Holborn Union Building Archway Campus Highgate Hill London N19 5LW http://www.chime.ucl.ac.uk/~rmhincl
