E-Signature Form Model

E-sign forms are consent forms that can be accepted by one of more data subjects. ConsentGrid™ provides the APIs to manage forms, present these forms to data subjects for signature, collects acceptance/rejection from data subjects, and cryptographically attaches signatures to these forms.

{
 "id": "csgn_287823-34984833-29382",
 "status": "draft",
 "template": {
   "id": "tmpl_23994-3498388s8743",
   "version": 2,
   "locale": "en",
   "sig": "..."
  },
  "data": { ... },
  "uiData": {... },
  "consents": {
    "c1": {
      "value": true,
      "choices": { ... }
    }
  },
  "sig": "...",
  "parties": [
    {
       "role": "witness",
       "required": false,
       "id": {
         "type": "user",
         "id": "03874-38747"
       }
    }
  ],
  "completeWhen": "explicit",
  "minOptional": 2,
  "dateRange": {
    "from": "2006-01-02T15:04:05Z07:00",
    "to": "2006-01-02T15:04:05Z07:00"
   },
   "by": {
      "type": "user",
      "id": "133463443366"
   }
}
template
The form template the data subjects will sign. The cryptographic hash of the form template is also stored with the form.
data
This is a JSON object that will be stored with the consent records once the form is signed. The contents of this JSON object is also available during form interactions, so these fields can be used to populate fields for the signers.
uiData
This is a JSON object that will be available during form interactions, but they will not be stored with the consent. Use this field to populate list fields, etc.
parties
One or more data subjects that is allowed to sign this form. All parties with required=true must sign the form for it to be accepted. If required=false then the data subject is optional. At least minOptional data subjects must sign the form. The optional role field includes an additional qualifier for the data subject, such as "witness".
completeWhen
This field is one of the following:
signed
When all required parties and at least minOptional parties sign the form, it will be closed and consent records will be created.
expired
When the report expiration time passes, if all the required parties and at least minOptional optional parties signed the form, it will be closed and consent records will be created. If there are not enought signatures, the form will be canceled.
explicit
An explicit API call is required to close or cancel the form.
minOptional
Minimum number of optional parties required to sign the form. Can be 0.
dateRange
Determines the active period for the report. Both the from and to dates are optional. The report will not be accessible until from date, and the report will be closed, or canceled after to date.
by
The use that created/modified this form

Signature Data Model

This is the information stored for each signature.

{
  "active": true,
  "subject": {
    "type": "user",
    "id": "2184784-27672345"
  },
  "signed": "2006-01-02T15:04:05Z07:00",
  "canceled": "2006-01-02T15:04:05Z07:00",
  "sig": "..."
}

The sig field gives the cryptographic hash of the form and all the active signatures at the time the form was signed. This can be validated against the hash of the form to ensure what the user signed is what was shown.

States

E-signature forms follow the workflow given below:

draft
When a form is created, it is in draft state. Draft forms cannot be presented to data subjects, nor can they be signed. You can update a draft form as needed.
published
When a form is published, it can be presented to data subjects for signing. If a published form is modified, it is put back into draft state, and all the signatures on it will be canceled.
complete
When all the required signatures are collected, the form can be completed. When form moves into completed state, a consent record is created for the form.
canceled
A published form entered canceled state either by an explicit API call, or if it expires without collecting the necessary signatures. A canceled form can no longer be recovered.