...
To some extent extra emphasis on database integrity might counterbalance an emphasis on audit trails. For example, if an Electronic Postmark were used as the guarantor of document integrity, audit trails on local database tables might be considered irrelevant.
Summary
Generally the alternatives that are least expensive, easiest to implement, and most convenient for the registrant are also the alternatives that provide the least confidence in the registrant's identity. The table below summarizes pertinent characteristics of some of the alternatives.
Alternative | Binding, Document Integrity and Audit Trail Mechanisms | Confidence | Characteristics |
|---|---|---|---|
Typical online system practices | write the individual's identifier, the signed document, and contextual information into the database as a relation, with typical constraints, access controls, and security procedures | low | fast implementation, |
Secure online system practices | rigorous constraints, access controls, and security procedures, including audit trails in the database layer (in addition to any controls in the application layer), trusted time sources, logging of security events in the database layer and/or the system software layer, etc. | moderate | moderately expensive to implement and maintain, |
Package with a Digital Signature | pre-process the document using a mathematical function that would imprint the identifier and contextual data on the document, and then store the resulting imprinted document along with the identifier and contextual data, which should include a trusted timestamp. | high | expensive to implement and maintain, security characteristics are complex and unfamiliar |
USPO Electronic Postmark | submit the document, identifier and contextual data to the US Postal Service Electronic Postmark system and store the resulting confirmation code with the signed document | highest | inexpensive to implement but expensive to maintain, security characteristics are based on trust in USPO institution |