Process management: Signature-tab

Content

In the Signature-tab, you can define signature processes for external and internal persons.

1. Clarification of terms relating to signatures

What are signature qualities?

Information on signature qualities can be found in the MOXIS 4.53 User Manual.

What are eIDAS and ZertES?

Qualified signatures are based on legal foundations. In Europe, for example, these are the eIDAS Regulation within the EU. Outside the EU, other legal provisions apply, such as the ZertES Regulation in Switzerland. However, the smallest country in the DACH region is an exception, as signatures may be made here on the basis of both the eIDAS Regulation and ZertES. In Austria and Germany, on the other hand, only the eIDAS Regulation applies.

What is a company seal?

A company seal is basically a digital company stamp that can be used when no qualified signature is required. The legal validity of a digital company stamp (company seal) is lower than that of a digital qualified signature. Therefore, documents that require a personal signature must be signed with a qualified electronic signature.

1.1. The Signature tab in process management

To open the Signature tab in process management, go to the administration area and open the process management. Then click on the basic process you want to edit or create a new one. Under Signature (see figure 1 [1]), you have the following options for configuring the process.

XiTip
Please note: The options displayed in this tab depend on the basic configuration of MOXIS, which was created in collaboration with XiTrust. Therefore, you may see fewer options in your overview. If one of the options would be a useful addition to your current MOXIS instance, please contact your XiTrust contact person.

The Signature tab (see figure 1 [1]) is divided into several sections:

1. Qualified signatures (see figure 1 [2])

2. External signatures & legal basis for qualified/advanced signatures
   (eIDAS, ZertEs, FES ZertEs, see figure 1 [3])

3. Personal advanced signatures
   (ZERTES, see figure 1 [4])

4. Non-qualified signatures (see Figure 1 [5])

5. External biometric & device data (see Figure 1 [6])

6. Use the [Save]-, [Reject]-, or [Delete]-button to save, discard, or delete your changes (see Figure 1 [7]).

1.2. Configuring qualified signatures in process management

In this section, you can customize qualified signatures according to your requirements. Here you can specify whether qualified signatures in your instance are equivalent to a personal signature or should be issued on the basis of a Swisscom company seal.

XiTip
Please note: In order to use the Swisscom company seal, certain configuration steps must be taken in advance. Please contact our support team for assistance with this. Once all configurations have been applied, you can set up qualified signatures according to your preferences.

1.2.1. Activate qualified signatures

To activate this option, please check the box in the Qualified Signatures section (see figure 1 [2]) under Signature enabled.

Please note: If you do not check this option, you will not be able to perform internal qualified signatures.

1.2.2. Enabling external qualified signatures

To enable this option for external signatures as well, please check the box in the following section (see figure 1 [2]) next to External signature enabled.

Please note: If you do not check this option, you will not be able to perform external signatures.

1.3 Selecting the legal basis for qualified/advanced signatures in process management

In this section, you define the legal basis for qualified signatures. In our example, you can choose between:

• eIDAS,

• ZertES, or

• FES ZertES

The legal basis you choose here depends on the initial configuration, which is carried out by XiTrust Support in consultation with you. In our example, you can choose between eIDAS, ZertES, or FES ZertEs.

While eIDAS supports both A-Trust and D-Trust (sign-me) as well as Swisscom signatures, ZertEs and FES ZertEs only support Swisscom.

XiTip
Please note: If you want to sign externally with a qualified signature, please check the box (see figure 2 [1]) and select the appropriate option for the legal basis (see figure 2 [2]). If you do not check the box, you can only perform qualified signatures with internal recipients (if the option has been activated).

1.3.1. eIDAS-based signatures: Signature process from the perspective of external signers

eIDAS-based signatures can be signed via Swisscom, D-Trust (sign-me), or A-Trust. If an external signer receives a job for which eIDAS (in our example in figure 4 with the Swisscom or A-Trust option) has been stored, the signer can choose between Swisscom and A-Trust when signing.

1.3.2. Configuring FES ZertES-based signatures

Selecting FES ZertES enables you to select the fields that are otherwise greyed out in the Personal Advanced Signature (ZertEs) section (see figure 4). Tick the box if you want to use Swisscom-based advanced signatures. Please do the same if you want to set up an external advanced signature.

Please note: The Swisscom signature provider configuration (see figure 3) is created by XiTrust Support during the basic configuration.

1.4. Configuring non-qualified signatures in process management

You have three options for configuring non-qualified signatures in process management (see figure 4):

• as simple signatures

• with multiple signature positions (simple signatures)

• as approval

Apart from this, you can also determine here whether you want to make external simple signatures available for this process by selecting the corresponding check box. Furthermore, the system allows you to select a corresponding signature provider for external signatures (see figure 4).

Your options are described in more detail below. Please note: XiTrust Support will configure the signature provider during the initial configuration. If you have any questions, please contact a support representative. 

1.4.1. Configuring simple signatures

If you simply tick the box next to Simple signature enabled (see figure 5), this allows signers in MOXIS to sign using only a simple signature (see figure 6 [1]). You can select the appropriate handler from the drop-down menu below (see figure 4).

1.4.2. Configuring multiple signature positions for simple signatures

Selecting Multiple signature positions allowed (see figure 7) enables signatories in MOXIS to sign a document with multiple signatures. Further information on multiple signatures up to and including MOXIS version 4.52 can be found in the MOXIS 4.52 User Manual.

Example use case of multiple visualised placeholders:

A tax advisor draws up a business plan for a company and sends it to a colleague for review. So that the tax advisor knows which pages the colleague has reviewed, she initials each one. Using the multiple visualied placeholders, she only signs at the end of the document. This means that there is a signature on every desired page, although she only had signed once. The only significant signature is at the end of the document and confirms once again that the document has been reviewed.

1.4.3. Configuring approvals

Selecting Approval enabled (see figure 8) enables signatories in MOXIS to sign documents only with approval (see figure 9). Please note: In this case, no certificate is attached.

1.4.4. Select a signature provider for simple signatures

You can use the respective drop-down menus to select signature providers for simple signatures. Please note: The settings and providers you can select here depend on your basic configuration.

If you can choose from all available options, you can configure the following settings (see figure 10)

(1) Select internal simple signature provider

Use the drop-down menu to select the provider for simple signatures for internal recipients.

(2) Select external simple signature provider

Use the drop-down menu to select the provider for simple signatures for external recipients. Please note: The check box next to External simple signature available must be selected if you want to configure this option.

XiTip
Please note: Since MOXIS 4.53, it has been possible to use an advanced seal with qualified features in MOXIS. It offers several advantages over common solutions:

• It is anchored in the Adobe Trust List and is therefore displayed in green in Adobe.

• The seal is inexpensive and quick to procure.

• The transaction costs are low.

• It is LTV-capable.

If you have any questions about this seal, please contact your XiTrust representative.

(3) Select protocol signature provider

1.5. Configuration of biometric data in process management

In this section, you can configure whether and which biometric device data you want to query. Please note: If you uncheck the box next to Data capture available, the option will be greyed out and no longer available. The ‘Biometric data’ function is only used for external simple signatures. Furthermore, only signature drawing is then possible.

If the check box is selected, the following data can be configured:

• Biometric features (signature drawing)

• Geo location (latitude and longitude)

• Device data (list with IP, browser data [browser agent] and screen dimensions)

Three statuses can be assigned to the individual components:

• mandatory

• optional

• deactivated

In our example, the following configurations were made for illustrative purposes:

• Biometric features - mandatory

• Geo location - optional

• Device data - deactivated

The corresponding configuration is shown in Figure 11.

The example configuration shown in Figure 11 is displayed to external signatories in MOXIS Guest as follows:

• The location is optional, meaning that the signatory can enable or disable it using the slider.

• The signature is mandatory. No changes can be made here.

• The device data is optional as well.

In case you deactivate one option, it would not be visible in MOXIS.