Document signing

This purpose of this page is to gather information about current document signing practices as well as to gather opinions on whether specs in this area need to be adjusted.

Here is the relevant portion of the spec: http://www.openehr.org/releases/RM/Release-1.0.3/docs/common/common.html#_digital_signature

Currently the specification states that the whole VERSION (i.e., ORIGINAL_VERSION or IMPORTED_VERSION) should be signed and that the signing process needs to be performed on the server.

A suggestion has been made to allow signing by client applications - i.e. retrieve the whole VERSION create a signature and save it back, which means we would take out the last paragraph in section 6.2.7. and perhaps also modify what is to be signed (only a COMPOSITION instead of a VERSION).