[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Legal entities who sign


At 08:44 02/11/2002, Jimi Thompson wrote:

<SNIP>
> According to "e-lawyers", legal entities cannot sign as even
> a delegated signer must be physical person.
</SNIP>

IMHO, secretaries and/or administrative assistants have been signing
documents for their CEO's for decades.  I know of several that are so good
that the signatures are virtually indistinguishable.  How is this any
different that having the CEO have more than one i-key (for example) so that
his assistant can sign documents in his absence?

Is the CEO really the ONLY person on the planet that has signing authority
for the company?  Most certainly not in the case of an ink signature.  All
sorts of people throughout any company have the ability to sign things.  In
legal-ese, authorized agents abound.  Procurement people sign things every
day, using their own pen-and-ink signature, but binding the company.
Shipping and receiving folks sign things every day, using their own
signature, also binding the company.

They should not really be signing with their own signature but one identifying them in their delegated role. Most people have a repertoire of signatures which they use according to the role they are performing. The 'forgery' you suggest above is, of course, OK because the person doing it acting in the role the CEO is allowing them to be: the CEO would not deny it is his/her own signature because of the relationship of trust that exists. It is a shame that this sort of signature use is necessary! Also, I hope most CFOs do not use the same signature on their personal cheques as printed on the corporate ones!

  Most of these folks have a limit of
some kind on what they are allowed to sign.  Procurement folks, for example,
usually have a dollar limit.  I think that the real question is how to
include the limits and/or parameters into the certificate ( i.e. JoeBob's
certificate from Procurement at XYZ Corp is good but only up to $5000.00).
The XML folks might have some answers there.

Again, in an earlier version of this thread, I was asking why Attribute Certificates do not seem to being treated as the solution to this. The individual signs in their role. The CEO and the company manage the delegation/authorisation matters internally and individuals qualify their signatures with them. In the example above JoeBob may sign as a US citizen (a certified, live human) and the XYZ-managed AC says he does so as Procurement at XYZ Corp with authority to $5k.

Note that this approach does add a benefit that the person signing is a 'guaranteed real human' and there is a recognised authority attesting to this (such as the US government or their agents). This satisifies the lawyers. If you combine the individual and the role then you have an explosion of certificates for everyone to manage.


In order to establish non-repudiation, I would say that you probably need to
have the CEO sign the authorized agents signature agreeing that they are
authorized under the parameters issued.  This should satisfy the
"non-repudiation" needs and still provide for statement about delegation of
authority.  I think that this solves your problem, as the only time a CEO's
key is needed would be to authorize a new agent.  The other, more accessible
people, would be available to handle day to day business.

You have a live human signing documents, which makes the "e-lawyers" happy.
It handles the "real world" delegation of authority that happens inside
companies.  I think that this solution satisfies all the criteria.  If I've
missed something, I'm sure that someone on the list will happily point it
out :)

Echoed. I think solutions that map reasonably clearly onto current custom and practice have a much better chance of adoption. I know there may be better ways of doing this in the future, but we have to engineer solutions for the real world to get used to now.


Just my extremely humble 2 cents,

...and my further 2 pence.

Regards,

Adrian Pickering/
University of Southampton UK