On 10/28/07, Drew Jensen <[EMAIL PROTECTED]> wrote: > > Alan Boba wrote: > > On 10/28/07, Drew Jensen <[EMAIL PROTECTED]> wrote: > > > >> Mathias Bauer wrote: > >> > >>> Alan Boba wrote: > >>> > >>> > >>> > >>>> On 10/24/07, Mathias Bauer <[EMAIL PROTECTED]> wrote: > >>>> > >>>> > >>>>> You can't enforce "read only" behavior in an open file format. If > >>>>> somebody wanted to change your file he just can do it on the level > of > >>>>> the xml streams inside the package. So such a feature is pointless. > >>>>> > >>>>> > >>>>> And if the file format is open, everybody can > >>>>> change the file and so circumvent its logical "read-only" state. > >>>>> > >>>>> > >>>>> > >> You are not actually saying then that the whole idea of Document Rights > >> Management is impossible to implement in a Open Document Format, are > you? > >> > > > > > > Nope, Mathias is saying read only can't be enforced with or without a > > password in an open document format. The document content can always be > > changed by altering the file directly rather than using the UI, since > the > > file's contents aren't in a proprietary binary format. > > > > > So what is being said is this maybe. > > The concept of Document Rights Management, when the file format is Open, > is dependent on the producers maintaining control over distribution of > physical copies of the file. It is not manifest within the file itself.
I don't believe so. What's being said is 'read only' as many people experience in Word can't be enforced because of the open document format. However the ability to know whether a document is changed can be enforced through the use of signing. It's just that signing isn't intuitively understood by the average user and, IMHO, the way it's implemented in OOo won't give the average user the sense that they can know whether the document they've distributed has been changed. For example Alan creates and signs a document and sends it to Drew. Alan's note to Drew says here's the file, you shouldn't change it, I've signed it so if you do make changes it will no longer be signed and I'll be able to show it's not the file I originally sent. This is different than read only in Word. If the recipient knows the password used to make the file 'read only' they can change it to their hearts content and redistribute with changes. Someone knowing the password is not that uncommon because many people don't create different passwords for different documents (imagine the password management headaches). So a password becomes commonly used throughout an office and using read only is really just a flag to the recipient that says 'hey I don't want you to change this!'
