SOFTWARE – PRACTICE AND EXPERIENCE Softw. Pract. Exper. 2010; 40:655–672 Published online 7 May 2010 in Wiley InterScience (www.interscience.wiley.com). DOI: 10.1002/spe.974 Document-centric XML workﬂows with fragment digital signatures Phillip J. Brooke 1, ∗, † , Richard F. Paige 2 and Christopher Power 2 1 School of Computing, Teesside University, Middlesbrough TS1 3BA, U.K. 2 Department of Computer Science, University of York, York YO10 5DD, U.K. SUMMARY The use of digital document management and processing is increasing. Traditional workﬂows of paper forms are being replaced by electronic workﬂows of digital documents. These workﬂows often require multiple signatures to be added to the documents for authorization and/or integrity. We describe examples of digital workﬂows that illustrate problems with digital signatures: i.e. the use of digital signatures across entire documents results in signatures that can be unnecessarily invalidated by subsequent modiﬁcation of the document. We propose the use of fragment signatures, which reduce unnecessary invalidation of signatures and enable greater concurrency in workﬂows. Our approach is document-centric and does not use a centralized database. We report on an implementation that allows fragment signatures over document fragments as well as the attachment (or embedding) of other documents. This allows collaborative or cooperative editing to occur on parts of a document without disturbing unrelated signatures. We describe the lessons learned from our deployments and offer further ways to embed such signatures into other document types. Copyright 2010 John Wiley & Sons, Ltd. Received 18 December 2009; Revised 9 March 2010; Accepted 16 March 2010 KEY WORDS: XML; workﬂow; digital signature; authorization 1. INTRODUCTION Increasingly, document management and processing are becoming digital, in domains such as government, health care and education. Workﬂows for managing documents are changing from physical activities to digital processes. With this comes the introduction of new risks, particularly with respect to adherence to rules, policies and regulations. For example, physical documents in a workﬂow may need to be ‘signed off’ to demonstrate compliance with business rules or legal frameworks. Similar mechanisms are needed for digital workﬂows, e.g. for attaching signatures to documents and parts of documents for authorization. A procurement process is an example of a workﬂow. In such a workﬂow, a request can be raised by one principal, but that request may need to be authorized by a number of other principals before going ahead. We describe the issues involved in this (and other examples) in Section 2. Digital workﬂows are becoming increasingly complex. This increasing complexity leads to more ﬂexibility in the structure of the processes in which documents are prepared, distributed and authorized. Additionally, the documents themselves are becoming increasingly free-form, i.e. that we may disregard exactly what a document requires and to write exactly what is meant by the ∗ Correspondence to: Phillip J. Brooke, School of Computing, Teesside University, Middlesbrough TS1 3BA, U.K. † E-mail: pjb@scm.tees.ac.uk Copyright 2010 John Wiley & Sons, Ltd.