Does the digital signature sign form lables ?

[Yoav]

Signing a form (entire or sections) appears to sign only the xml content and
not the labels stored in the XSN.
This can resolve in looking at a form signed with different labels then they
were when signing.
Scenario:
Sign form.
Open XSN and change label.
Re-open form - you don't get any message of template update (as apposed to
adding or deleting controls that do show warnings).
If the label for example is currency - this could be meaningful....

Am I missing something?

 

[Ben Walters]

Hey Yoav,
Signing of an InfoPath form can happen in 2 places
1: At the template level or the .xsn
2: At the form level .xml

When you are designing your form template you can sign your form via the
form options dialog, Once this form is signed any changes should result in
an error being displayed to the user.
If on the other hand you sign a form created using the form template it's
the .xml file that is signed not the template.

Hope this helps

Cheers
Ben

 

[Yoav]

Ben,

From the users point of view, it is not enough that the authore can sign the
tamplate.
As a user, once i have signed a form, i would like to make sude no one will
change the data i have signed.
Imagine you have signed a form (as a user) and then someone else can change
the XSN template with another template , and still see my sgnature your
signature.
Imagine, the authore of the form adding some special terms you did not sign
on without damaging the signature.
The signature appears to be only on the data and not the entire form
(meaning the lables and captions).
In terms of an organization that is looking for a fully competible solution
with digital signature law- it is problematic.
Is there a way to sign the FULL content - data and template , in one
signature ?

Yoav

 

[Ben Walters]

Yoav
No the Template (.xsn) and the Data (.xml) are separate entities

The Template (.xsn) contains the schema definition for how the data is
stored, when a template is filled out and the user selects File>Save the
data is then saved as a (.xml) file

When the Author Signs the Template file that signature is included in the
..xsn file and then published to a central location form library, shared
drive etc... if that template is opened and tampered with the user will be
notified that the template has been modified.

On the user end of the process when a user uses a digital signature to sign
the form the data is signed and the certificate is stored in the .xml file.
if another user happens to open the .xml in notepad and modifies the data
then the next time that .xml file is opened the user will be notified that
the data has been tampered with. If the user opens a form all data that has
been signed will then become read only.

Hope this helps

Cheers
Ben