Electronic Signatures
Locked
Electronic Signatures
 
|
Does anyone have experience or recommendations on using an Electronic Signature with Orbeon? Is adding a third-party signature box for a USB signature tablet in Form Runner and also Form Builder feasible? Right now, we are using Topaz signature pads with Word Forms. -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
Administrator
|
Andy,
We thought about different ways to implement electronic or digital signatures in Orbeon Forms, and you can see some results of this on: http://wiki.orbeon.com/forms/projects/electronic-digital-signature Does the third-party USB signature tablet you have in mind provide an API accessible through a web browser? If your goal to attach the image of the signature to a form, as if it was done on paper and then scanned in with PKI? Alex On Sun, Jan 2, 2011 at 8:56 PM, Andrew J. Kallenbach <[hidden email]> wrote: > Does anyone have experience or recommendations on using an Electronic > Signature with Orbeon? > > Is adding a third-party signature box for a USB signature tablet in Form > Runner and also Form Builder feasible? > > Right now, we are using Topaz signature pads with Word Forms. > > > -- > You receive this message as a subscriber of the [hidden email] mailing > list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > OW2 mailing lists service home page: http://www.ow2.org/wws > > -- Orbeon Forms - Web forms, open-source, for the Enterprise - http://www.orbeon.com/ My Twitter: http://twitter.com/avernet -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws
--
Follow Orbeon on Twitter: @orbeon Follow me on Twitter: @avernet |
|
|
The problem with the solutions proposed above is that images of attached digitised (analogue) signatures can easily be forged.
Some long time ago I worked on dynamic signature verification .. i.e. biometrics. But dynamic signature verification (using signature capture pads) is not really practical or secure in an internet environment. Today I would look at http://www.bouncycastle.org .. java api .. and integrate digital crypto signatures (not analogue signatures) into orbeon server. |
Re: Re: Electronic Signatures
|
|
In reply to this post by Alessandro Vernet
The third-party usb sig. tablet I have in mind does have a java based API that is accessible through a web browser. My goal is definitely to put the image of the signature into the appropriate place on the PDF render and/or the HTML Render of the completed form. I'm not looking to do anything with PKI, if you are talking about public key type certificates/authentication/security/etc. Regards, Andy Kallenbach From: "Alessandro Vernet" <[hidden email]> To: [hidden email] Sent: Tuesday, January 4, 2011 11:12:56 PM Subject: [ops-users] Re: Electronic Signatures Andy, We thought about different ways to implement electronic or digital signatures in Orbeon Forms, and you can see some results of this on: http://wiki.orbeon.com/forms/projects/electronic-digital-signature Does the third-party USB signature tablet you have in mind provide an API accessible through a web browser? If your goal to attach the image of the signature to a form, as if it was done on paper and then scanned in with PKI? Alex On Sun, Jan 2, 2011 at 8:56 PM, Andrew J. Kallenbach <[hidden email]> wrote: > Does anyone have experience or recommendations on using an Electronic > Signature with Orbeon? > > Is adding a third-party signature box for a USB signature tablet in Form > Runner and also Form Builder feasible? > > Right now, we are using Topaz signature pads with Word Forms. > > > -- > You receive this message as a subscriber of the [hidden email] mailing > list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > OW2 mailing lists service home page: http://www.ow2.org/wws > > -- Orbeon Forms - Web forms, open-source, for the Enterprise - http://www.orbeon.com/ My Twitter: http://twitter.com/avernet [Text File:message-footer.txt] -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
Re: Re: Electronic Signatures
|
|
In reply to this post by DL
Sure, I understand this from a theoretical standpoint, but are businesses really concerned about having an air-tight signature? Quite a number of places have paperless scanning systems with all kinds of forms like contracts, employee info, government forms, etc. They all have analog signatures that are effectively reduced into a digitized format and are probably easily forged. Why not use something like Orbeon where you could use your own forms on a web server and sign with a pad? Using PKI, cards, and other mechanisms seem to have a collective ?huh? from most business managers. They are not easy to implement or understood by both potential users (employees and customers). Is there a particular vertical market where scanned signatures don't work? I have a Hardee's franchise that I am pitching this project to right now so they can remotely get paperwork filled out at 30 different stores along with a signature pad because that is what they are comfortable with. I envision bringing up PKI, cryptography and the like would make their head spin. Unless there is some tech out there I am not familiar with that maintains users comfort with their signature with our tech desire to maintain the absolute. Andy Kallenbach From: "DL" <[hidden email]> To: [hidden email] Sent: Wednesday, January 5, 2011 4:04:30 AM Subject: [ops-users] Re: Electronic Signatures The problem with the solutions proposed above is that images of attached digitised (analogue) signatures can easily be forged. Some long time ago I worked on dynamic signature verification .. i.e. biometrics. But dynamic signature verification (using signature capture pads) is not really practical or secure in an internet environment. Today I would look at http://www.bouncycastle.org .. java api .. and integrate digital crypto signatures (not analogue signatures) into orbeon server. -- View this message in context: http://orbeon-forms-ops-users.24843.n4.nabble.com/Electronic-Signatures-tp3171562p3175153.html Sent from the Orbeon Forms (ops-users) mailing list archive at Nabble.com. [Text File:message-footer.txt] -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
|
|
Wherever the signature image can be legally disputed and challenged by the customer. But having said that .. buying a 'burger from Hardee's is a completely different risk profile than transferring funds in a financial transaction. |
Re: Re: Re: Electronic Signatures
|
|
Not that wikipedia is an authoritative legal source, but the link below certainly reflects my understanding that Electronic signatures, even "scanned" signatures are legally binding and hold up in court. Using a tablet that can capture some level of pressure/etc during the signing process increases its identity. http://en.wikipedia.org/wiki/Electronic_signature IANAL, but there is more involved in contract law than proving the identity of the signature. Intent, business relationship, phone conversations, payment, signatures all hold sway. Forgery is not a new problem. In a perfect world, we would all be running around with third-party validated certificates that we could control at will, but we are not there yet? It seems that the law recognizes this? Andy From: "DL" <[hidden email]> To: [hidden email] Sent: Wednesday, January 5, 2011 10:50:47 AM Subject: [ops-users] Re: Re: Electronic Signatures Is there a particular vertical market where scanned signatures don't work? Wherever the signature image can be legally disputed and challenged by the customer. -- View this message in context: http://orbeon-forms-ops-users.24843.n4.nabble.com/Electronic-Signatures-tp3171562p3175934.html Sent from the Orbeon Forms (ops-users) mailing list archive at Nabble.com. [Text File:message-footer.txt] -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
|
|
You make the valid point that signature "features" (biometrics such as pressure) can be captured rather than just the static image. But to have an acceptable FAR / FRR (false acceptance rate / false rejection rate) there must be a number of such features .. rhythm, flow, sequence of "dotting the i's and crossing the t's" etc. Typically about 16 features are used for discrimination.
Just reproducing a static signature image attached to a form offers a false sense of security. What is to prevent it being captured by a sniffer and added to a form without the owner's permission? How are disputed signatures managed? So it is a deep subject and only really worth debating where there are significant risks such as medical privacy or financial privacy. Here is one blog on the subject .. http://blogs.adobe.com/security/2008/02/so_what_is_an_electronic_signa.html http://blogs.adobe.com/security/2008/05/this_is_legal_right.html and see http://esignrecords.org/ |
Re: Re: Re: Electronic Signatures
|
|
In reply to this post by andy.kallenbach@saberco.net
Estonia (where I live) has been using PKI-based digital signatures since 2000. Today I even don't remember, when was the last time I gave "real" handwritten signature. But I use my smartcard (ID-card) every day to log in to internet banks, sign bank transactions, sign contracts with my clients, etc. During last two votings I voted electronically. OK, I may be biased, because I'm a software developer and my main client is the developer of Estonian ID-card software. But nevertheless, I just checked, 40% of signups to one webservice our company provides, are made using ID-card. So I suppose you can make people accept PKI-based signatures, but it requires support, both legal and promotional, from the highest level - the government. Regarding Orbeon - we just converted Estonian state portal www.eesti.ee from Chiba to Orbeon and launching it in coming months. It contains a component, that allows you to download responses from e-services digitally signed by portal. Or download the response encrypted, so that only you with your ID-card can decrypt it. It's not tightly integrated with Orbeon, it's more like a wrapper. And it uses Estonian DigiDoc format, which I suppose is not useful in other countries. Additional reading: http://en.wikipedia.org/wiki/Estonian_ID_card Tambet -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
Re: Re: Re: Re: Electronic Signatures
|
|
Good point, my viewpoint is very american. Just further evidence that we don't always get the cool toys! Unfortunately, nationalized id cards and the like have always been met with stiff resistance. Andy From: "Tambet Matiisen" <[hidden email]> To: [hidden email] Sent: Thursday, January 6, 2011 1:51:45 AM Subject: [ops-users] Re: Re: Re: Electronic Signatures
Estonia (where I live) has been using PKI-based digital signatures since 2000. Today I even don't remember, when was the last time I gave "real" handwritten signature. But I use my smartcard (ID-card) every day to log in to internet banks, sign bank transactions, sign contracts with my clients, etc. During last two votings I voted electronically. OK, I may be biased, because I'm a software developer and my main client is the developer of Estonian ID-card software. But nevertheless, I just checked, 40% of signups to one webservice our company provides, are made using ID-card. So I suppose you can make people accept PKI-based signatures, but it requires support, both legal and promotional, from the highest level - the government. Regarding Orbeon - we just converted Estonian state portal www.eesti.ee from Chiba to Orbeon and launching it in coming months. It contains a component, that allows you to download responses from e-services digitally signed by portal. Or download the response encrypted, so that only you with your ID-card can decrypt it. It's not tightly integrated with Orbeon, it's more like a wrapper. And it uses Estonian DigiDoc format, which I suppose is not useful in other countries. Additional reading: http://en.wikipedia.org/wiki/Estonian_ID_card Tambet [Text File:message-footer.txt] -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
Re: Re: Re: Re: Re: Electronic Signatures
|
|
Andrew,
Isn't the US DMV driver's licence - ID - considered national (or federal) proof of identity? Or the Alien Registration Card, or a biometric US Passport? Studying today's DMV web standards makes me believe that a rational, simple application could be provided to them, too. I just look forward to the moment when digital signatures will be available on commercial browser screens where you have to press your right thumb and click "Enter". IMHO that is the best solution, already in service at the desk on cumbersome "toys". Interestingly enough, the right thumb solution is probably the most sensible, if and when the government is ready. Cheers --einar On Thu, Jan 6, 2011 at 10:50 AM, Andrew J. Kallenbach <[hidden email]> wrote:
-- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help OW2 mailing lists service home page: http://www.ow2.org/wws |
«
Return to Orbeon Forms community mailing list
|
1 view|%1 views
| Free forum by Nabble | Edit this page |