How can I know if the signer was authorized to sign this document?

Berta István Zsolt Dr. <>
Microsec Kft.




If a document is signed with an electronic signature, it can be proven who the signer was and that the document has not been tampered with since it was signed. However, sometimes we do not care about who the signer was, but we would like to know what roles, authorizations or properties the signer had. For instance, was the document signed by an individual, by a member of an organization, by a person who is allowed to sign on behalf of the organization, by lawyer, by a notary or by a bailiff.

There are several technical solutions for certifying the signer's roles and authorizations with respect to an electronic signature. In many cases the certification authority (who issued the public key certificate of the signer) indicates the signer's role or authorization in the certificate. (E.g. the certification authority may indicate that the holder of the certificate is a lawyer.) This simple solution has severe limitations, and it implies that one public key certificate can be used for one purpose, in the context of one role only.

Another option is that our data, our roles and authorizations (with one word: attributes) are not certified by the certification authority, and are not indicated in the public key certificate, but every role is certified by the one who is in charge of that role. For example, certifications of our employment status should be certified by our employers, certifications of our financial status should be issued by our banks, certifications of our medical status should be issued by our doctors, etc. A certification authority has nothing to do with all these information.

If such certifications are issued as a standardized, machine-readable document that can be connected with our public key certificate easily, we speak of a so-called 'attribute certificate'. In our paper we demonstrate how can attributes certificate be used for making electronic signatures, more simple, more cheap, more flexible and more free.