Conclusive Technology e-form overview

Conclusive Technology

Company background (http://www.conclusive.com)

Conclusive Technology was created in 2002. It is an employee owned company based in Tysons' Corner. Its principal activity is the development of applied XML encryption technology. It is currently a recipient of an Advanced Technology Program award from NIST to develop an encrypted XML database NIST Award and is currently participating in a Department of Defense IT exercise where its XML encryption technology is being used to manage the segregation of XML data across domain boundaries (JWID 2003)..

Conclusive has participated in the on-going work of the CIO Council as a contributor to the security discussion of web services as an emerging technology and as the lead and principal authority for the security team of the e-forms initiative.(http://www.fenestra.com/eforms/security/)

The company's current product offering is focused on secure XML forms that can be used in a cross-domain environment. (http://www.conclusive.com/products/agent.jsp)

E-Gov pilot architecture

The Conclusive product, TrustLogic, is designed to provide a suite of services to create a highly secure web services architecture. The server side technology is a middle ware application which provides all the components required to create secure XML web applications (PKI based authentication components, hierarchical role-based authorization components, XML encryption and signature components, XML forms repository, rule base policy enforcement, secure XML digital vault, etc.) These components are used to create generic, or application specific services which interact with the applications by passing XML objects back and forth, including e-forms. (architecture overview).(architecture overview 1Mb PowerPoint file).

As a secure web services architecture designed to handle sensitive data TrustLogic does not support anonymous exchanges and interfaces. TrustLogic's XML security is built around the concept of a secure context. A party is authenticated (using PKI), authorized to a role, assigned an "assurance level" and this information is held in a session specific mutually signed XML object that is used to confirm and authorize all subsequent XML exchanges in that session. A call to a service consists of the XML content document, the parameters specific to the service, and the XML context. TrustLogic is a J2EE application. The interface to the services will be familiar to anyone who has used the JAX-RPC model. All the services (Java classes) are internally held within signed records in a database and that signature verified at run time to ensure the integrity of the web service.

TrustLogic's e-forms architecture is built around the concept of an e-form transaction that includes <Context/> (of the specific session), <Content/>,<Security/> (signature and encryption instructions),< Presentation/>,< Workflow/>, and <Messaging/>. All these other parts of the e-form transaction are critical to ensure the reliability (the "trustworthiness") of the XML document (anatomy of an e-form).

For the e-forms architecture, the heart of the system is the e-forms repository which holds, for each form, an instance of the XML document, the XML Schema, the XML cryptographic instructions, and the XML presentation layer (which together build up the e-form transaction). The e-forms repository is an SQL compliant database in which each record that holds the XML documents that define the e-form, is signed, and that signature verified at run time to ensure the authenticity of the instance of the e-form.

The architecture does not constrain the presentation alternatives, the same XML e-form can have multiple presentations (HTML, XSL, SVG, WML, VoiceXML, etc.) as appropriate to the user's device for interacting with the "form". Whichever presentation is chosen, a hash of the presentation XML is held within the e-form transaction to prove which presentation XML was used. The presentation XML can be a separate XML document.

Demonstration of the pilot

The demonstration shows a simple workflow scenario built around the SF424 form. An applicant completes the form and attaches separate technical proposal and budget files (in any format). The applicant signs the content of the form, including the attachments. The proposal, budget, budget information, and any explanation of prior delinquency, is encrypted. The technical proposal is encrypted for the Reviewer, and other data for the Program Officer (the Program Officer role has been designated as hierarchically superior to the Reviewer role so that the Program Officer will be able to access any data encrypted for the Reviewer). After the application has been submitted, the following roles in the workflow will log on, retrieve the application and its embedded attachments, verify the signature(s), and add their comments which will be signed and encrypted.

TrustLogic does not have any form "viewer" technology. The user interface is a "standard" web browser. In this demonstration the XML user interface, the <Presentation> is provided through XSL and Javascript. The e-form file format is XML which complies to W3C Schema. Client side schema validation is provided by Java open source community technology (Xalan). XML signature and XML encryption conform to W3C recommendations.

Supporting documentation

SF424.xsd The Schema : this is a modified version of the first schema that was suggested, the modifications are to present some workflow and show the treatment of attachments.

SF424.xsl The XSL for the presentation of the XML to the user. It includes embedded JavaScript for internal logic to the form (essentially handling the checkbox choices)

SF424.xml This is a dummy test XML instance of the form content (generated by XML Spy from the Schema)