Individuals obtain a digital signature that is theirs and theirs alone in much the same way that e-commerce sites have things like the VeriSign certification.

This digital signature file is under their strict control. They effectively 'add' this to the file, which of course needs to be strictly controlled, as their authorisation of such a file.