George Toft wrote:
> But no!  The Business requires we capture
> *exactly* what the member saw.

OK, the solution is obvious.

* Send them an IMAGE containing the agreement.
  They'd have to set any options in a prior step
  so that they could be incorporated into the
  image, along with their personal information.

* Make that image small enough to appear on a
  small screen, in black & white (for compactness
  and to eliminate any color-blindness issues),
  and use JavaScript to force the window size.
  There are some browser-dependent differences
  regarding window size controls.

* Oh yeah:  if they have a "wrong" browser,
  or won't enable JavaScript, then they can't
  play.  (Management will probably decree that
  this is MSIE 5 or 6, but maybe you could push
  them to allow some others.  Each has to be
  tested.)

* When they click on the I AGREE button within
  the image, they have agreed.  The POST will
  include the window size, and you have to
  log that to demonstrate they saw the whole
  thing.  I think we're getting into Imagemaps
  here, and the POST contents MUST be retained
  in the logging of the transaction to ensure
  you can demonstrate WHERE they clicked.
  
Logging is essential here, since you must at
least document that the browser did request
downloading of that image.  The image can
have a serialized name, so the logged download
can be directly correlated with the archived
image of that user's personalized agreement.

Legally, unless they concentrate on detailed
logging and well documented procedures, they
don't have a leg to stand on.

Another approach of course is to send them
an executable program via download, that they
can use remotely to execute an agreement.

Rotsa Ruck!

Vic