Overview
SigningHub is LAWtrust’s digital
signing workflow solution for high trust digital signatures.
SigningHub’s digital signature protects documents (and Signers)
against fraudulent and accidental changes in signed documents.
The system allows users to upload,
configure, prepare and share documents with one another for
electronic, digital signing and Advanced Electronic signing.
Document Owners and Signers can
interact manually with SigningHub through the web front end or they
can automate their signing workflows with the use of the SigningHub
API.
More information on SigningHub.
Intended readership
This guide is intended for system
developers with a working knowledge of REST APIs. The aim is to
introduce developers to the two types of integration exposed by
SigningHub:
-
Loose integration and
-
Tight integration.
For an in-depth discussion of
each request, see the online
documentation.
SigningHub sample code
- The SigningHub workflow sample code can be found online: here.
- 'How to' article that explains how to use the sample code can be found here.
Further reading
Getting started
In order to start running the sample
code provided in this document, the following is required:
The required items can be obtained
on request from LAWtrust: info@lawtrust.co.za,
or access to the testing environment can be requested here.
Please note – LAWtrust’s
environment is governed by the WebTrust standard and ISO 21188 and
such access is only available on request.
Terms used in this
article
Electronic signing
Electronic signatures are any marks
made on a digital document by the Signer that indicates the signer
agrees with the content of the document.
Documents signed with electronic
signatures are not protected with cryptography and can therefore
easily be disputed.
To increase trust in electronic
signatures, SigningHub seals electronically signed documents with a
timestamp to protect the document’s integrity and provide proof of
the time of signing. A full audit trail and Workflow Evidence report
is available.
Digital signing
Digital signatures are a subset of
electronic signatures. The signed document is protected with Public
Key Cryptography. A digital certificate that ties the real-life
identity of the Signer to a digital identity is embedded in the
document. Cryptography protects the document against change.
Advanced Electronic
signatures
Advanced Electronic signatures are a
subset of digital signatures that is governed by the South African
Electronic Communications and Transactions Act 25 of 2002 (ECT Act).
The signing certificates used in
Advanced Electronic Signatures can only be issued by accredited
authentication providers that have been accredited by the SAAA.
LAWtrust’s accreditation can be found here.
To see a full discussion on the
differences between signatures see the LAWtrust article Wet signature
vs Electronic
signatures vs digital signatures.
Digital signing
workflow
Digital signing is used
interchangeable with electronic signing.
Actors
The sample code uses the following
actors:
-
Users: Users refers to
any person / system that uses SigningHub’s functionality. They can
be Document Owners or Signers.
-
Document owner: Document
owner is the user or application that started the signing workflow.
The document owner may or may not be a Signer.
-
Signer: Signers are
users that are part of the digital signing workflow and is required
to electronically or digitally sign the document.
-
Meeting Host: A Meeting
Host can log into SigningHub and allow a second Signer that does not
have a SigningHub account to sign a document while the Meeting Host
is logged into SigningHub.
SigningHub high-level
architecture
SigningHub is hosted in the LAWtrust
Trusted Hosting environment. SigningHub’s functionality is exposed
to the internet via a REST API.
Modes of integration
Two modes of integration are
supported:
-
Loose integration; and
-
Tight integration.
Each integration type is discussed
below.
Loose integration
The Loose integration mode allows
Business Applications to send documents to SigningHub via the API.
SigningHub’s workflow will then take over and get the document
signed.
A basic digital signing process
would work as follow:
-
The Business Application sends
the document to be digitally signed to SigningHub.
-
SigningHub will send an email
to the Signer to notify them that they have a document to sign.
-
The Signer then logs into
Signinghub and signs the document.
-
The digitally signed document
is returned to the Business Application for processing.
More information on loose
integration can be found here.
Tight integration
The business application uses
SigningHub to provide document review and digital signature
functionality. Users interact with the business web application and
when they get to the point where a document requires approval,
SigningHub is invoked to display the document within an iframe or the
business application’s document displaying functionality.
The experience is seamless and the
user is unaware that SigningHub functionality is used. The user can
review the entire document and sign in the predefined location. Tight
integration is suitable for ECM, CRM and ERP web applications or
portals where a known user already interacts in a defined way. The
user login information can be used by the business application to
create and connect the user to their respective SigningHub account.
The basic flow for tight
integration:
-
The document to be signed is
generated by the Business Application.
-
The Business Application
notifies the Signer that they have a document to sign.
-
The Signer logs in to the
Business Application and indicate that they will sign the document.
-
SigningHub’s functionality is
leveraged to sign the document.
After the document has been
digitally signed, the Business Application can process the document
according to the application’s business rules.
More information on tight
integration can be found here.