Authentication and Digital Signatures in E-Law and Security : A Guide for Legislators and Managers
The concept of authentication has been around for a long time in many forms. For example due diligence in commerce has traditionally been formalized to determine whether the data presented in commercial propositions are accurate and comprehensive....
Main Authors: | , , |
---|---|
Format: | Working Paper |
Language: | English en_US |
Published: |
World Bank, Washington, DC
2014
|
Subjects: | |
Online Access: | http://documents.worldbank.org/curated/en/2004/12/20165808/authentication-digital-signatures-e-law-security-guide-legislators-managers http://hdl.handle.net/10986/20214 |
Summary: | The concept of authentication has
been around for a long time in many forms. For example due
diligence in commerce has traditionally been formalized to
determine whether the data presented in commercial
propositions are accurate and comprehensive. With the
emergence of e-commerce the concept of authentication has
encompassed new realities that are a feature of the
relatively narrow avenues for information and potentially
high risks inherent in an online environment. This paper
seeks to provide an understanding about the different ways
of assuring authentication. These authentication rules and
tools including for example public key infrastructure (PKI)
are sometimes meant to set a legal and technological
framework for trustworthy electronic transactions, promoting
e-procurement, e-commerce, e-business, and e-government. The
two considerations of business risk and legal validity are
both intrinsic to the concept of authentication. This report
explores the issues and solutions affecting the concept of
authentication in terms of legislation, management and
technology. This report finds that for online authentication
things is not always what they may seem and that legislation
and technology alone cannot build a trust environment and,
if misunderstood, may produce a high risk illusion. It is
crucial that the limitations and fallibility of the
technology be explicit in its commercial applications and
that business risks be managed accordingly. |
---|