Electronic Signature for forms 2013
https://sharepoint.stackexchange.com/questions/238706
-
13-01-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is it possible to integrate a signature element in to a custom form?
I'm using Sharepoint 2013 on premises. I'm using a List for training forms and am researching the viability of using signatures written on to a tablet screen. The purpose is to sign-off training records while on the factory floor, immediately after the training has been given.
How is the signature verified? Is it compared to a stored signature elsewhere in Sharepoint? Can a tablet be used for the signature sign-off or is a 'plug-in' device needed?
Please note - using InfoPath or Nintex forms is not an option for me.
I've found lots of free software on .cnet, but a recommendation from someone who has successfully some free software would be useful.
Updated following Heiko's Answer
- This is the current training form.
Problem - trainees forget their passwords since they might only have to sign every few months. Most trainees work in the factory and do not work on computers. In order for their name to be picked in the form, they have been set up with 'shell' Active Directory profiles, solely so their name shows up in Sharepoint. There is a legal aspect - these training records are important, we need to show that trainees have been trained and have acknowledged this by signing off their training. Currently the trainee needs a username + password to sign off.
- Below is the 'redeveloped' form I envisage. The key difference is the way it validates the sign-off by the Trainee and the Trainer. The username + password would be replaced by a hand-written signature. The signature is captured in a field in the form. The trainee signature needs to be validated vs a stored trainee signature (stored elsewhere in Sharepoint).
References:
Signature field for Sharepoint Lists - seems useful, though I'm not sure it covers the validation element I require.
Solution
Why would you need a validation element? You already have the user that is signed into the site. If you are sharing devices without ensuring the user is logged out.
The authentication part in SharePoint is what you are currently talking about. If your user is signed in, you should trust the user is who he is. You can cover this by adding another "layer" of proof. For example we have several trainings that we have to confirm. In order to do so we need to type our name into a text box. I am not sure if the typed name would hold up to even the weakest lawyer, but your authentication vs the SharePoint server should.
If you want to sign something online, those "drawings" have not much to say (They are only a drawing, there is no validation). You mentioned PKI, which would be something you could leverage in order to sign something, but that would again require access to your certificate and your private key. If you use the shared device setup you describe would also make that quite hard. Since you would need to ensure only user A can access UserA's private key for his cert. Alternatively you can think about smart cards and a lot more, but these don't integrate that easily into SP esp on the Android tablet setup you describe (Pure Windows guy here so no clue here).
There was an actual collect signature workflow that integrated with office documents, but that was another beast. You could pick any image as your signature than and it was basically forcing the document read only or it was voiding the signature.
So long story short... Tell them the user is signed in when using SharePoint and that they should consider that a valid "signature".
I am sure you have policies in place about using someone elses PC... If not use the chance to invite everyone to a beer next time your boss leaves his account unlocked.
Added answer:
So the trainer is in control of the device. This means you trust the trainer with entering the data.
A Signature does not need to be validated for it to hold any legal binding power. If the trainer (This is the guy you trust in this scenario) enters a user as "completed the training" then you should honor this. The signature is almost never validated, since OCR is still quite hard to do reliably. I still think that you forego the requirement on validating the signature, since that would be replaced by the trust into the trainer. It does not matter if I sign my credit card purchase with the signature on the back (actually I make a point in never using it and signing my purchases with full first name, so if I get a fake it is "different" than all my other purchases)
You can capture the signature to have it on file, but I would not use it to "authorize" the user. But from my point of view its only a "bonus" (Like my typing my name for our trainings into a text field... Anyone can do that, but the real validation is me being logged into the site)
