Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Digital Signatures

kurtkbee
Champ in-the-making
Champ in-the-making

‎03-31-2007 01:07 PM

Hello All,
I am new to Alfresco and find it very interesting. While discussing this system with some of my co-workers i realized that(due to my ignorance) i could not answer a few questions regarding document security. I could not find the answers to these issues on your site. Can anyone enlighten me about the capabilities of Alfresco regarding:

1) How does Alfresco ensure that document approval is done by the person that  submits a doc ?

2) Is there an audit trail to determine the who/when/what was done by a user in the system ?

3) Can Alfresco publish documents in restricted PDF format and therefore prevent/restrict unauthorized persons from opening it ?

4) Is there a way for alfresco to allow viewing of a document but not printing of that document, or restrict who has the ability to print vs. view a document?



5) Can alfresco replace my guard dog, my home security system and check my closet for the boogie man (this is a make or break people !!!)


TIA,

-Kurt
P.s. digital/electronic signatures are important for us as well as ability to determine access throughout the document lifecycle (we get audited a lot)
Labels:
0 Kudos
5 REPLIES 5

kurtkbee
Champ in-the-making
Champ in-the-making

‎04-04-2007 09:35 AM

I guess nobody has the time to answer these questions, so can someone point me in the direction of documentation/whitepapers that would answer these questions.

TIA,

-Kurt
0 Kudos

kevinr
Star Contributor
Star Contributor

‎04-04-2007 10:31 AM

1) How does Alfresco ensure that document approval is done by the person that  submits a doc ?

2) Is there an audit trail to determine the who/when/what was done by a user in the system ?

3) Can Alfresco publish documents in restricted PDF format and therefore prevent/restrict unauthorized persons from opening it ?

4) Is there a way for alfresco to allow viewing of a document but not printing of that document, or restrict who has the ability to print vs. view a document?

5) Can alfresco replace my guard dog, my home security system and check my closet for the boogie man (this is a make or break people !!!)

1) Workflows are highly configurable, you can assign the document to a specific user - then only that user will be able to transition the workflow to the next state.

2) Yes, Alfresco supports full audit trail right down to very low level service operations (i.e. READ, WRITE) if you wish.

3) Not out-of-the-box no. But there is nothing stopping you adding a new PDF transformer class/library that can do this. All Alfresco services are fully pluggable, and the transformation services are particularly configurable. It is easy enough to add a custom transformer and then use that to generate restricted PDFs or whatever else you see fit.

4) Not using the default web-application setup. Once a user can downloaded or viewed the content there is nothing stopping them doing anything the like with the copy. To do this, you would have to integrate a custom viewer application that utilised the Alfresco services to check permissions and only allowed the user certain actions on the viewed content. You can configure a custom permissions model that has PRINT as a new type of permission - but you would need the custom viewer application that made use of it.

5) Smiley Happy

Thanks,

Kevin
0 Kudos

kurtkbee
Champ in-the-making
Champ in-the-making

‎04-26-2007 04:03 PM

While loosely related to the original question, i have been researching the requirement for electronic signatures a bit more. it seems that the mere definition of what constitutes an electronic sig. is vague. however i found another area that made me rethink another question i had (that being SSO).

This was due to the following information:

Can a single restricted login suffice as an electronic signature?
      

No. The operator has to indicate intent when signing something, and he has to re-enter the user ID/password (shows awareness that he is executing a signature) and give the meaning for the e-sig. To support this, Part 11 §11.50, states that signed e-records shall contain information associated with the signing that indicates the printed name of the signer, the date/time, and the meaning, and that these items shall be included in any human readable form of the record.
http://www.21cfrpart11.com/pages/faq/index.htm

is this to suggest that anyone seeking compliance with (FDA) 21CFR-Part11 cannot use SSO if using electronic sigs ?

Also is there anyway that a user (when approving or reviewing a document in a workflow) will be required (post-review) enter a password ?
0 Kudos

kurtkbee
Champ in-the-making
Champ in-the-making

‎04-26-2007 04:29 PM

based on the information below (from 21CFR-P11 guidelines) it seems that a tool like gpg can be used to generate/provide the required electronic signature:

How does the digital signature verify that the document hasn't been altered after signing?
      

A digital signature is computed using a set of rules and a mathematical algorithm such that the identity of the signatory and integrity of the data can be verified. Signature generation makes use of a private key to generate a digital signature. Signature verification makes use of a public key that corresponds to, but is not the same as, the private key. Each user possesses a private and public key pair. Public keys are obviously known to the public, while private keys are never shared. Anyone can verify the signature of a user by employing that user's public key. Only the possessor of the user's private key can perform signature generation. A hash function is used in the signature generation process to obtain a condensed version of data, called a message digest. The message digest is then incorporated into the mathematical algorithm to generate the digital signature. The digital signature is sent to the intended verifier along with the signed message. The verifier of the message and signature verifies the signature by using the sender's public key. The same hash function must also be used in the verification process. The hash function is specified in a separate standard.
0 Kudos

yogesh_prabhu
Champ in-the-making
Champ in-the-making

‎07-13-2010 11:15 AM

Hi,

Is this thread still open??
I am interested in the digital signature part..
How to implemetn that in ALfresco.
I saw in the site about some thirdparty software for the same.
which one is suggested by Alfresco.

I also like to understand how to password protect a document from alfresco.
Kevinr talks about a custom transformer..
Have you got any transformer code which would ask for a password before opening any document..?
Could you please help me with the solution for this..

Any kind of help is welcome..

Thanks in advance..
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC