The information in Wax is structured hierarchically with the levels being a shelf (owned by a publisher) containing books (each owned by an editor) consisting of chapters (each owned by an author). Thus if a primary care physician wants the latest advice on the conditions under which a patient with gout should be referred to hospital, he will draw from the Wax shelf the book on rheumatology and consult the chapter on gout. This chapter will have been written by a leading specialist and will be updated as necessary (typically every few years); the editor's job is quality control, principally choosing the experts and ensuring proper peer review.
As a solution was sought rapidly, an initial attempt at protection using digital signatures was undertaken using materials ready to hand - SHA, RSA, and X.509 [X509]. This decision was influenced by the fact that RSA with exponent 3 has just been accepted as the European standard for healthcare signatures. The X.509 hierarchy was founded on a Wax-root key, whose public component is embedded in the Wax browser software; Wax-root signatures certify keys of medical publishers (the Wax-centre for treatment protocols, the British Medical Journal, the Department of Health, individual hospital trusts, etc.) and the publishers in turn certify the keys of editors and authors.
As we did not know the optimum granularity of the signed objects, and had an operational requirement to open already cached books quickly, we also implemented a secondary protection mechanism whereby the book index contained (invisibly to the human reader) the SHA hashes of each chapter, and each shelf catalogue similarly contained hashes of book indexes. Thus a given book can be verified by means of its editor's signature, and also by reference to the publisher's catalogue. There is also considerable machinery to deal with trusted distribution of the Wax software, trusted updating of local catalogues, and trusted collection of public keys from authors, none of which concern us here.