Projects‎ > ‎

XForms - Adding electronic / digital signature to forms

Note: This page describes an Orbeon Forms project, not a feature which is currently part of Orbeon Forms.

Implementation strategies

TypeNameDescriptionBenefitsDrawbacksValue of signatureUsability
Digital - PKIAppletThe form data is signed on the client using an applet such as OpenSign. The applet provides its own plugin mechanism, so it can be setup to, say, use a certificate configured in the OS, or a hardware device such as a card reader, as those provided by ActiveIdentity.Most secure technique, especially when using a card reader.Complexity of the setup, as card readers and cards must be issued.PoorFair
 PDFInstead of signing the form data, users sign a PDF that contains the form data with Acrobat Reader. Then the signed PDF is stored along the form data. This leverages the signature and digital ID support built in Acrobat Reader. So the identity of users can be verified, users must use a digital ID issued by a certificate authority. Leverages the signature capabilities of a recognized product.Complexity and cost of obtaining digital ID. Complicated user experience as the PDF needs to be opened in Acrobat, signed, saved, and attached to the form.GoodPoor
 JavaScriptUsers public and private key are generated on the client in JavaScript and stored on the client (e.g. with the YUI Storage Utility). The public key is shared with the server, and encryption is performed on the client with JavaScript (e.g. with dojox.encoding.crypto).Doesn't rely on external software.Crypto code is provided by the party that receives the signature, rather than by a trusted third-party.PoorGood
 Browser PKIHave the signing done by the browser or a browser plugin.Users control the software that does the signing.Browser and/or plugin dependent. GoodFair
ElectronicWrite your nameUsers as asked to type their name in a signature text field. A timestamp and the client's IP address is automatically attached to the signature field. Before submitting, a PDF and equivalent image of the form are generated, attached to the signature field. Users are shown the image and given a chance to download the PDF before they submit the form.Simplicity.By itself the signature cannot be used by either parties to prove or disprove that the document has been signed.N/AGood
 Handwritten signature (mouse signature)Users sign the document as they would on paper, but doing so in the web browser, drawing the signature with a pointing device (typically tablet or mouse).Simplicity. Familiarity.Not as strong as a digital signature. Unless software to compare signatures is used on the server, the identity of the signer cannot be automatically verified.N/AFair
 PhotoUsers take a photo of themselves with their webcam which is used as their signature. Flash is used to take the picture, so no third party software is required.Simplicity. Compared to the handwritten signature, the photo is harder to forge.Users are not used to signing with their picture. Users might not be conformable having their picture taken at a given time. Users might not have a webcam. A photo is less secure than a signature in the sense that one's photo is a less private piece of information than one's signature. Like the handwritten signature, the identity of the signer cannot be automatically verified unless face recognition software is deployed on the server.N/APoor