Re: E-Signatures

[Harrold Ahole <madman () MYEASTSIDE COM>]

> Is anyone doing any work with e-signatures within their applications?
> I'm not talking about crypto-based digital signatures.  Rather, we
> need something that is the equivalent of someone signing a piece of
> paper to attest that the contents are correct.  Some applications
> we've seen just have something like "type your name in this field to
> sign this form".  A campus customer is looking for something more
> comprehensive than that.  What are other people doing short of
> implementing PKI or using login credentials as a signature?
Well, the first thing to decide is what you want to accomplish.  The US
Esign law allows "type your name" as a form of electronic signature
simply because it's very natural to show consent (willful action).

The first consideration is how do you authenticate the user at the time
they take this action?  Depending on the application, it could be very
little, such as if they are requesting the purchase of a transcript, in
which authentication may not be too high provided they also pay by
credit card.  If the user is logged into a campus application, you can
certainly use that as a credential for authentication.

The next consideration is to create a reliable electronic record, one
that can be shared with all parties involved.  This is typically done
with digital signatures, but of course other methods are likely
acceptable if they can be shown to reflect the agreed upon document and
are stored in a manner suitable to show non-modifiable archived storage
(such as when paper docs are scanned to microfilm, it's generally
assumed that the microfilm version is accurate as it's hard to tamper with).

Harry