Authorisation Profiles
Often there is a need to prove that a server-side signature was produced as a result of a wilful act on the part of an actual person. Alternatively there is a need to protect the server-side signing keys such that M of N authorisers are required to approve the signing operation. To meet these requirements Ascertia has implemented the concept of Authorisation Profiles.
Authorisation profiles are used to specify the list of authorisers (i.e. end-users) who can provide signed authorisation which enables the use of a server-side signing key. Authorised signing is therefore especially effective when used to protect or provide wilful act signing with high trust qualified certificates or Adobe rooted certificates held on the server. This also provides strong internal audit evidence of sign-off and approval for signing of important documents and assures the documents have not changed from the first to the last authorising signature.
Clicking on the Authorisation Profiles button under Global Settings shows the following screen:
This shows the list of Authorisation Profiles currently defined. A new Authorisation Profile can be created by pressing the New button. Each item in the above table is described below:
| Item | Description |
| Authorisation Profile ID |
A unique ID automatically assigned to each authorisation profile. |
| Authorisation Profile Name |
A user friendly name assigned to each authorisation profile for internal identification. Authorisation profiles are linked with the docuemnt signing profiles using the respective names. For details on how to link authorisation profiles with signing profiles see this section |
| Number of authorisers required (M of N Setting) |
This defines the number of Authorisers required to approve the request under this profile. The total number of authorisers in the profile may be equal to or greater than this number. This number cannot be zero as at least one authorising user is required. In case the number is 2 or greater, then each authoriser must provide their authorisation in the request message to ADSS Server (e.g. to the ADSS Signing Service). |
| Status |
This specifies the status of the authorisation profile. Only active profiles can be used within other ADSS Services. |
| |<,<,>,>| |
Used to navigate between different pages on the Authorisation Profiles page |
| Search |
As also mentioned below click on this button to search for the specific authorisation profiles based on the desired search criteria. |
| Clear Search |
Click on this button to clear the search results and display all the authorisation profiles. |
Clicking on the New/Edit button shows the following screen to create a New Authorisation Profile:
The configuration items are as follows:
| Item | Description |
| Status |
This specifies the status of the authorisation profile. Only active profiles can be used within ADSS Service modules |
| Profile ID |
A unique ID automatically assigned to each authorisation profile. |
| Profile Name | User can set a name for the authorisation profile. |
| Description |
Optionally provide a brief description about this authorisation profile. This information is for administrators' internal use. |
| Import Authoriser Certificate | Add one or more end-user authoriser certificates. Click on the Browse button to select an authoriser certificate and click on the Add button to add this to the list. ADSS Server will verify the signed authorisation control files to ensure the correct authorisers have signed the control files as defined within the relevant authorisation profile configured within a particular ADSS Signing Profile. |
| View Certificate | User can select any Authoriser Certificate from the list of available certificates and click this button to view it. |
| Number of authorisers required (M of N Setting) |
Among the total N number of listed authorisers, this defines the M authorisers which must provide their authorisation in order to approve the request (for server-side signatures). Note: M should always either by equal to or less than N (total number of configured authorisers) and M cannot be 0. |
Clicking on the Search button on the Authorisation Profiles page shows the following screen:
Provide a search criteria containing the authorisations profile Status, Profile ID and Profile Name fields. If more than one attribute is provided, they are combined using an AND operand and the relevant results are shown.
See also