What is an Open, Cloud-Based Digital Signature?

Lift the lid on the world of standards in relation to electronic signatures and you will find is there is no shortage of contenders, each with a dazzling acronym referring to entities such as X.509 PKI, PAdES, ETSI and ISO 14533.

These are all examples of standards created by international standards bodies. However, when Adobe announced this week it was launching the “first cloud-based digital signatures built on an open standard” – it was not referring to any of these.

It was in fact referencing its own initiative, the Cloud Signature Consortium, which aims to provide an API allowing any type of trusted identification mechanism to be used for signature purposes.

“Open standards propel entire industries forward, allowing interoperability between otherwise fragmented solutions, and paving the way for widespread adoption,” said Bryan Lamkin, executive vice president and general manager of Digital Media, Adobe.

“Adobe pioneered digital signatures. And as the creator and champion of standards like PDF, we are proud to have once again rallied the industry to develop a new, open standard for digital signatures in the cloud, ensuring a great customer experience.”

Rallying the industry in this case mainly refers to the certification authority industry. Digital signatures require the use of a digital ID issued by a trusted certificate provider.

Michael Laurie, Vice President of Product Strategy and co-founder of eSignLive by VASCO, said, “Standards cannot define legal recognition [of esignatures] – this is a massive point of confusion propagated by many tech vendors.

“Adobe’s Cloud Signature Consortium references existing standards set out by the reputable ETSI standards organisation. The document does bring some added value to the certificate authority members of the consortium, but so far has limited itself to only Adobe as an e-signature vendor. This suggests that it is a marketing-driven initiative.”

“Different countries around the world have different restrictions on what can and cannot be signed, and currently only the EU has the standards necessary to enable cross-border transactions in being able to recognise the trusted list of certificates and Certificate Authorities in the EU. However, those standards are not automatically applied – each country in the EU has to opt in to recognise certificates from other countries.

“Adobe’s Cloud Signature Consortium does not address cross-border transactions but rather how to implement a remote signing server approach to creating a Qualified Electronic Signature, the e-signature type under eIDAS (the EU regulation which took effect on 1st July 2016) which uses a qualified certificate issues by a Certificate Authority. “

In addition to the standards push, Adobe also announced that new capabilities have been added to Adobe Sign such as mobile scan and sign, mobile tracking at a glance, and working directly in SharePoint.

Adobe is not the only company spearheading an initiative to develop a standard for digital signatures. Back in 2014, DocuSign along with other industry organizations launched the xDTM Standard Association, an initiative that aims to "to develop a foundational set of criteria for managing digital transactions." The xDTM Standard has been endorsed by leaders from more than 300 organisations including Intel, Microsoft, and Visa.

“DocuSign’s xDTM standard is largely self-promotional and intentionally excludes other leading e-signature platform vendors. The U.S. Electronic Signatures and Records Association (ESRA), evaluated xDTM and determined it would not endorse DocuSign’s standard due to its bias around the DocuSign platform and lack of specific recommendations or requirements, notes eSignLive’s Michael Laurie, who is also Chairman of the Electronic Signatures and Records Association.

The US Digital Signature Security Standard (DSS) was developed by the National Security Agency and adopted by the United States government as its digital-signature standard in 1993. The ISO 14533 standard was published in 2013 to address the long-term authenticity of electronic signatures but is not widely cited.

E-Signatures 101 in Australia: Your Crash Course for Digital Transformation
In this 60-minute, information-packed presentation, we will provide an overview of the basic terminology, concepts, and laws related to electronic signatures in Australia and answer the most frequently asked questions on the topic including:

•       What is the difference between an electronic signature and a digital signature?
•       How can you prove who e-signed?
•       What legal and compliance requirements do we need to consider?
•       What ROI metrics have others reported?
•       What do signers need in order to e-sign?
•       How do we get started? What’s the effort?

 ​Date: Tuesday, February 28, 2017 - 1pm AEDT Online. Don’t forget to reserve your seat HERE!