Dear
Anders,
Thanks for defining
Wet/Dry Web signatures.
Some of our customers
have implemented web signing using our product in a way which can be called
Dry-Wet Signature.
In this case, the user
is presented with an HTML or PDF form, which they fill out and submit. They are
then shown the final version of the form (similar to the “Dry” Signature) and
asked to sign it. The form shown to the user has empty signature fields at this
point. After they have signed the form, the user and others can view the signed
form with signature information filled in the right place. The signed form shown
to the user is dynamically generated using the previously signed form data and
the signature information. So from the end user perspective it is a “Wet”
signature while the signature capture process itself is “Dry” in
nature.
The “Dry-Wet” Web
signing allows for greater flexibility, allows for a standard signature creation
aiding workflow integration and reduces the overall
complexity.
Best
regards,
Manoj K. Srivastava
Infomosaic
Corporation
Voice: (408)
988-4337
Fax: (408) 516-9427
White Papers
Case Studies and Articles
Confidentiality Notice:
This e-mail message, including any attachments, is
for the sole use of the
intended recipient(s) and may contain confidential
and/or privileged
information. Any unauthorized review, use, disclosure or
distribution is
prohibited. If you are not the intended recipient, Please
contact the sender
by reply e-mail and destroy all copies of the
original
message.
From: Anders
Rundgren [mailto:anders.rundgren@telia.com]
Sent: Thursday, August 25, 2005 9:46
AM
To: Multiple recipients of
list
Subject: "Dry" and "Wet"
signatures - A definition
Dear
list,
In a previous posting where I
referred to some discussions concerning a possible Web Sign standards effort
within OASIS, "Dry" and "Wet" signatures were mentioned. Several off-list
messages indicate that these terms need a proper explanation.
This comes
to no big surprise as these terms have actually been coined by myself in the
absence of an established terminology in this actually rather virgin
field.
"Wet"
web-signatures
An editable
document, be it an MS Word document or an HTML form with edit fields, radio
buttons etc. is filled-in and signed by the user and then sent to the service
provider.
"Dry"
web-signatures
The user is (after an arbitrary
interactive process with a service provider), presented, a static
(read-only) document and is requested to sign it in order to indicate
"acceptance". Since the document actually comes from the service provider,
the result sent to the service provider is typically only a detached signature
of the shown document.
Further
comments
These schemes represent two
different schools, one which tries to mimic the existing paper form world, while
the other scheme is more aligned with how the web is currently
used.
Implications
Superficially these schemes may
appear similar, but that is indeed not the case; there is probably a 10-to-1
difference in complexity unless you restrict "Wet" signatures to only support a
single document format. The reason for this increase in complexity is that
each document format has its own native signature format (or has no defined
signature format at all), as well as its own input data validation scheme.
Using "Dry" detached signatures, you can achieve the same thing as S/MIME does,
namely document format independence with respect to the signature process
(except for some trivial canonicalizations). Possible input data
validation is assumed to have been carried out in earlier phases of a web
session, using standard web methodology. There are numerous other
implications as well concerning the use of "Wet" and "Dry" signatures, but these
are far outside the range of an e-mail
posting.
Anders
Rundgren
Working for a major