Is there a standard implementation for Electronic Signatures on fill-in-form web applications?

Question

I have a client who is interested in adding in electronic signature support to a long (40 question) seller application form. I'm a little stumped on whether there is an existing standard or process that's out there that folks in the financial world would expect to see?

I could certainly add in a system where we generate a bunch of text based on their responses, have the applicant sign it with their private key and upload a public key- but that seems like a lot to ask of people. Do non-nerds even have PGP installed these days?

Is there a standard approach to this out there? Anyone work in the financial world that's done this and had it work well?

Answer 1

What purpose is the signature trying to fill? Are you trying to verify that the form actually came from a specific seller? (If so, you would have to know their public key ahead of time.) Are you trying to hold the seller accountable for their answers at a later date? (In that case, you might need some kind of third-party involved.)

Sometimes people ask for electronic signatures just because they sound neat.

Answer 2

We use Alphatrust's Pronto Server Software.

Answer 3

If these forms are meant to be shared throught to a general public you'll need to know (and can validate, that's the hardest part) all the producers of these amount of certificates people could use to sign these forms, and it's almost impossible.

With closed environments (like functionaries, doctors...) where all the users are suposed to hold a certificate (with a pre-known CA you trust) and you should be sure the form is sended by someone trusted (non repudation, integrity...) it's a better scenario to sign a form, otherwise I do not recomend you to use signed forms to achieve your goal.