The state of California's got some info at http://www.ss.ca.gov/digsig/reasons.htm#22003 I find government resources almost as "nebulous" as W3, though. They say that the only "acceptable" forms of digital signatures are public key and signature dynamics. One of the companies listed on California's site is IDCertify, which has a plug-in that lets people digitally sign Word and PDF documents. http://www.idcertify.com/products/tools.htm. I've seen some demos from other companies within the last year that seem pretty cool - if you're willing to fork out the money. The plug-ins make storing a signature in a database unnecessary because it's an integral part of the document itself. Bart >>> scott.brady at homeqonline.com 04/11/01 11:41AM >>> We have a site where our vendors can sign up for web-access. When they initially become vendors, they have to fill out paperwork, including IRS Form W-9. Our web-access signup is completely electronic (including the W-9). So, my task has become to determine how we can capture the user's digital signature (legally binding). I've spent several hours researching, including looking through Verisign.com. I've found a lot of theoretical documents (explaining the ideas behind how they are supposed to work), but I can't find any practical documents for actually doing this. (I've tried reading the W3.org docs, but they are always pretty nebulous to me). Ideally, we would want to store the signature (or the public key or whatever) for the vendor in the database, so that during an audit, we can go in and show that this vendor signed the forms on such-and-such date. Any leads on this would be much appreicated. For technical details, we are running Cold Fusion 4.5 and we are using 128-bit encryption with a Verisign certificate on our secure server. Thanks! Scott Brady --------------------------------------- For unsubscribe and other options, including the Tip Harvester and archive of TheList go to: http://lists.evolt.org Workers of the Web, evolt !