How does DocuSign handle Advanced Electronic Signature certificates?
Advanced Electronic Signature requires a few things. In particular:
- The signature must be done with a trusted certificate
For the second part, DocuSign's documentation states:
A digital certificate enables you to legally sign agreements requiring digital signatures. During the signing process, you’re prompted to provide your digital certificate or create one on the fly through a connected Trust Service Provider. Then, your digital certificate is automatically attached to the signature behind the scenes.
Since DocuSign is a TSP (Trust Service Providers) it can generate its owner certificates. Users can create an account and create a personal certificate (generated by DocuSign) or even import another one issued by another TSP. And I guess that certificate could then be used to sign different documents. The certificate is bound to the account.
Am I correct?
Moreover, DocuSign doesn't require you to create an account to sign documents. Does that mean that they generate "one-shot" certificates for these non-logged-in users? That are only bound to a particular "session" (i.e. the signing of one particular document)?
