There is a business need in many application to create digital signatures on ...
When applications, and users,move into the cloud so should also the signing ...
Description/User Story There is a business need in many application to create digital signatures on documents and transactions. When applications, and users,move into the cloud so should also the signing services. Both users and application have a need to sign documents. Examples as xml, pdf, odf, etc. There are different signature standards for all these types of documents. Example use cases for signed documents are applications sending signed messages to other applications (edi for examples), corporations producing receipts or official documents (sensitive reports, tax returns etc) and users with need for integrity protection (agreements, purchase orders, etc). Of vital importance for a signature service is authentication of users. Authentication is a prerequisite for authorization, without which signature services are virtually useless. In case of individual users there is a need to authenticate the individual and in case of organization signatures you need to identify the organizational identity of the user.
Goal or Desired Outcome Users are authenticated in a strong fashion to the public cloud signature service to bind an electronic signature to a user, or to authorize the user to perform signature operations with a group (organization) signature key.
Categories Covered • Federated Identity Management - be able to authenticate using high levels of assurance, authentication schemes, and multi factor authentication, using SSO. • Authorization – granting and enforcing authorization on signature resources. • Audit & Compliance – be able to provide audit trails of signature events.
Applicable Deployment and Service Models • Cloud Deployment Models • Private • Community • Hybrid • Service Models • Software-as-a-Service (SaaS)
Actors • • •
User – entity requesting a digital signature Approver – en entity approving digital signatures Administrator – an entity granting access to users to use a group or individual signature key.
Systems • •
Signature creation system Storage system
Notable Services •
Authentication service
•
Authorization service
•
SSO service
•
Audit service
Dependencies The signature use case depends on at least the following services being deployed in the cloud. • Provisioning service
Assumptions • User/approver/administrator accounts already exists within the cloud that hosts the SaaS app. • Signature keys are secured and securely distributed between signature services in the cloud.
Process Flow Simple organization workflow A user in the workflow can be either a human user or a machine. 1. User creates a document that needs organizational integrity protection (for example an official notice, receipt, invoice etc). 2. User submits document to signature service. 3. Signature service grants user right to sign document. 4. Signed document is returned to user. 5. User stores document for consumption by others.
Organization workflow with approval A user in the workflow can be either a human user or a machine. 1. User creates a document that needs organizational integrity protection (for example an official notice, receipt, invoice etc). 2. User submits document to signature service. 3. Signature service grants user right to request signing of document 4. Signature service stores document for approval and notifies approver(s). 5. Approver inspects request and approves (or denies) signing of document. 6. Signed document is sent to user. 7. User stores document for consumption by others.
