If someone walks into a bank with photo id and swears before a notary, that they are the guardian or parent of someone, how do you know if they are not lying. If someone walks into court and swears before a judge, you still do not know they are telling the truth. A digital id is no more proof than a regular id. There are different forms of digital id. Some will make it more sure that the person is who he/she says they are. They never guarentee the veracity of the statements they make.
With self-signed IDs, you have to set up a direct trust relationship. A signature cannot be fully verified unless you add a particular users digital certificate to your list of trusted certificates. You should only add a trusted certificate if you are sure of the source. You can be sure of the source if someone hands you a flash drive with a signed document, if you receive a signed document from a user via email 1 minute after you ask them to send it, of they submit a signed document to your web server that has access controls (e.g., username/password) that's secure, and a number of other ways. If you have a system where just anyone can submit a form, without you first getting a signed document (or separate digital certificate), then you can't trust the signatures.
Up unti now we have had the user print pdf files from out website, complete and mail in, including parent/guardian signature and student signature.
How did you check the signatures in the past?
Actually, since the form was coming to us from parents or adult advisors etc we do not really have a way to verify. I think what we will do is have some boxes to check that they “agree to …” type language and just have them fill in the names.
Thanks for the help
To securely use digital signatures you cannot use self-signed signing credentials (certificates). Each potential signer needs to procure a signing credential (digital ID) from a reputed Certificate Authority. This cosst money, those certificates are not free. Digital signatures signed with this kind of certificates attest to the following three parameters: document integrity -- document has not changed since signing; the identity of the signer and non-repudiation -- the signer is the original owner of the certificate (i.e. was not stolen).
The self-signed signing certificates, that you get for free, are not useless. They still attest to the integrity of the document (the document has not changed since signing). What they cannot do is to attest to the identity of the signer and that the signer was the original owner of the certificate.