Forum OpenACS Q&A: Response to Certificate Authority module

Collapse
Posted by Pascal Scheffers on
Tom,
client side signatures on browser forms are, unfortunately,
not trivial at the moment. There is no standard browser command that
lets you sign things. In internet explorer, everything would be
available from VBScript, but that would raise hell dialog wise on the
client side (expect something like four different warnings from IE
before the user can sign something).

A better approach would be a browser plug-in. There are some
commercial products available, if
someone knows of a free plugin, please speak up!
I have no idea of how to do this in Netscape, although, god forbid, I
am willing to go for a IE only solution at first. I am not very
impressed by the ease-of-use of the Netscape certificate store & handling.

Certificate logon is a standard feature of IE 4+ and Netscape 4+ (the
earlier versions do something, but suck big time.), so community
members will be able to logon with their certificates. If you are not
too picky, certificate logon can be viewed as 'signing a form'
although it is definitely something else.

Todd,
server-to-server communication with server-to-server
certificates is also somewhat problematic, as (again) there are not
many good/free https protocol implementations out there that can perform
this trick (there are plenty commercial solutions). It can be done
with OpenSSL, by the
way. For server-to-server I would probably suggest using an open
source  tunneling
solution.