ADSS Signing Service provides OASIS DSS compliant data and document signing services for client applications. A wide range of data and document types, signature standards and formats are supported including PDF, PDF/A, Office Word 2016, ETSI (PAdES, CAdES, XAdES), PKCS#1, PKCS#7,CMS and S/MIME.
There are four different ways in which the ADSS Signing Service can
be utilised to sign documents:
Server-side signing of documents using 'corporate' signing keys/certificates held on the server either in software, an HSM or smart card or USB token.
Client-side signing of documents using a key and certificate held by the user via a web browser, using ADSS Go>Sign Desktop/Applet. The key/certificate can be on a smart card, USB token or browser software key store. Alternatively, ADSS Server managed roamed credentials can be used with the ADSS Go>Sign Desktop/Applet.
Server-side signing of documents using end-user signing keys/certificates held on the server either in software, an HSM or smart card or USB token.
Authorised Server-side signing of documents using 'corporate' signing keys/certificates held on the server either in software, an HSM or smart card or USB token, where an authorisation profile has been defined such that one or more documents are signed only if a request for signature has been successfully signed and verified by one or more authorised users (see Autorisation Profile for more details).
The modes of signing are described in Concepts and Architecture, Signing Service section of this document. The remaining parts of this section explain how to configure the Signing Service for these various modes of operation. Requests for signature are sent to ADSS Server by:
Web Services - Create OASIS DSS web-services using the WSDL definitions supplied with ADSS Server.
High Level JAVA or .NET APIs - ADSS Client SDK, a sophisticated client library that handles multiple scenarios, data formats and signature types, and makes integration with various applications very easy, typically adding between 5 and 20 lines of code.
ADS AFP Watch Folder Mode - ADSS Auto File Processor (AFP) client application is available as a licensed option that monitors input folders and requests the signing of input documents via one or more ADSS Servers. Signed files are written to a defined output folder.
Secure Email Server - ADSS Secure Email Server (SES) client application is available as a licensed option that acts as a full email MTA to intercept emails and sign the email or its attachment by following a defined rule set. SES can also verify signatures on received emails.
The following image shows Signing Service sub-modules, details of which are given in the next sections:
The following sections describe how to configure the ADSS Signing Service.