...
The ability for anyone to sign
Jürgen: one-time signature with OTP (i.e enter code sent via SMS) - weaker security
Jürgen: signature with hardware device (smart card, phone etc) - stronger security
Use ID BB to authorize and sign a document.
Jürgen: ID BB is probably good for cloud platforms (i.e signing portals)
Jürgen: Should be possible to sign with standalone app, without ID BB
Auditability
Validatable
Revoke signatures.
Highly secure.
Preservation of esignature
Jürgen: Non-Repudiation should be possible (i.e made equal to hand written signatures by law)
Assumptions:
Has an ekyc or authentication service.
Bulk signing is out of scope.
Collaboration in the signature is limited by the type of the document and the support of the document.
...
Central service vs Distributed model
What if there is no eKyc/auth available?
Phone-based signature?
Scope:
Government signing the document G2P
End user signing the document. P2G
Bussiness signing the document. B2B or B2C
Key principles:
Flow:
Sign using a cryptographic key and explain
...