ADSS Admin Guide

Items

Description

Status

A profile may be marked Active or Inactive. Note that an inactive profile will not be used to process requests generated by client applications.

Profile ID

A field which provides a system-defined unique identifier for this profile. It must be referenced in the LTANS request. Alternatively you can also specify the Profile Name.

Profile Name

A mandatory unique name defined by the ADSS Server Administrator for easier recognition of the profile within the ADSS Operator Console.

Profile Description

This can be used to describe the profile in more detail (e.g. in which circumstances the profile will be used). This field is for information purposes only.

Archive Retention Period 

This defines how long the archive object is to be retained within the LTANS Service e.g. number of years, months or days can be configured for the archive retention.

Note: Once the retention period elapsed for an archive it is marked as inactive by the ADSS LTANS service. An inactive archive does not support the EXPORT, VERIFY operations but LISTIDS, STATUS and DELETE.

Delete archive after validity period

Check this option to delete the archives upon their expiry. 

Note: Archives published at the HTTP URL can not be deleted.

Renew Evidence Record before TSA certificate expiry

When selected, the archive evidence will be renewed automatically at the configured number of days before the timestamp certificate expiry.

Renew Evidence Record after set period since archiving

When selected, the archive evidence will be renewed automatically after the configured number of days.

Renew Evidence Record manually

Select this to renew the evidence manually. 

Hash Algorithm

The selected hashing algorithm is used to produce a unique fingerprint of the archive object before timestamping. The following hashing algorithms are currently available:
SHA1, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, RipeMD128 and RipeMD160

Note: If Archive Publishing Settings option "Do not store the Archive Data" or "Publish to URL" is configured then Hash Algorithm also become disabled for Edit/update.

Timestamp Settings

Select the required timestamp authorities from the list of authorities pre-registered in Global Settings > Timestamping module to produces a timestamp over the ERS.

Archive Publishing Settings

This group box is used to configure the archive publishing settings. Note that once the LTANS profile is configured then this group box is no more available for edit/update and becomes disabled (file system path and Publishing URL address will remain configurable for edit/update).

• Do not store the Archive Data - Select this option if you do not wish to store the archive data. You can not change the hash algorithm once this option is saved.
• Store Archive Data in internal database - Select this option to store the Archive Data in the configured ADSS Server database.
• Store Archive Data in file system - Select this option to store the Archive Data on a physical drive either on the local machine or on a network location.
• Publish to URL - Select this option to store the Archive Data at an HTTP URL address. Only ARCHIVE request is supported for HTTP URL. You can not change the hash algorithm once this option is saved.

Note: You can not change these settings once the profile is save. Be careful before saving the profile.

Store the Client Metadata in the database

Select this option if you want to store Client Metadata in the ADSS Server database.

If Client Metadata is used as part of ERS hash calculation but it is not stored in the database then client metadata must be provided in the VERIFY request message by the client application in order to verify the ERS otherwise error message will be returned.

Store Process-Related Metadata in database

This checkbox is always checked to tell the user that process related metadata will always be stored in the database. Following is the process-related metadata:

• LTANS_ArchiveCreationTime
• TANS_EvidenceCreationTime
• LTANS_ArchivedFileName (If archive is stored on the file system)
• LTANS_LastVerifiedAt
• DataType

ERS Settings

This group box is used to configure the ERS (Evidence Record Settings) Settings.

• Archive Data - This checkbox is always checked to tell the user that Archive Data will be the part of ERS (Evidence Record Syntax) hash calculation.
• Client Metadata - Check this option if you wish Client Matadata as part of ERS hash calculation. If unchecked then it will not be the part of the ERS hash calculation even if it is provided in the archive request.
• Process-Related Metadata - Check this option if you wish Process-Related Metadata as part of ERS hash calculation. If unchecked then it will not be the part of the ERS hash calculation.

Archive Deletion Settings

This group box is used to configure the archive deletion settings.

• Do not allow Archived Data to be deleted - Select this option if Archive Data deletion is not permitted via DELETE service request. An appropriate error is returned to the client application if DELETE request is received upon the selection of this option.
• Allow the deletion only when the retention period has expired - Select this option if deletion of Archived Data is allowed via DELETE service request but after the retention period has expired. An appropriate error is returned to the client application if delete request is received for an active record.
• Allow immediate deletion - Select this option if it is required to allow the deletion of Archive Data when servicing DELETE request from client applications.

Archive Export Settings

This group box is used to configure the archive export settings

• Export original Archive Data - Check this option if you wish to allow the export of archive data while servicing the EXPORT request by the client application.
• Export Evidence Record - Check this option if you wish to allow the export of ERS while servicing the EXPORT request by the client application.

Note: If both options are unchecked then appropriate error message will be returned to the client application indicating the export is not allowed by the profile.

Archive Verification Settings

This group box is used to configure the verification service settings, ERS and archive data settings.

• Verify all signatures found in Archive Data, return error if any signature is untrusted - If the Archive Data contains any signature then it will be verified before the actual archiving takes place. If the signature is not trusted or corrupted then an error will be returned. If this checkbox is checked but the data does not contain any signatures then data will be archived.

Note: Archive data contains the signature types (PDF, XML, CMS, PKCS7, XAdES and CAdES) will be forwarded to the Verification service for signature verification otherwise the request will be archived without forwarding e.g. if the request type is txt, doc, xls etc, it will not be forwarded.

• Verify Archive Service Notary signature - Check this option if it is required to verify the Signed Archive Data when servicing EXPORT or VERIFY requests from the client applications. If this check box is checked and the client application sends a VERIFY request for an Unsigned Archive Data then an appropriate error is returned.
• Verify Evidence Record - Check this option if you wish to verify the Evidence Record when servicing EXPORT or VERIFY requests from client applications.
• Verify all signatures in original Archive Data - Check this option if you wish to verify the Signed Data Object when servicing EXPORT or VERIFY requests from client applications. If this check box is checked and the client application sends a verify request for an Unsigned Data Object then an appropriate error is returned.
• Verification Service Address - Provide the address of the verification service for verifying the notary signatures or signatures found in original data.

Note: Only HTTP interface is supported for verification service address e.g. http://localhost:8777/adss/verification/hsvi.

• Verification Profile - Provide the verification profile name/ID that will be used to verify the signature. If left empty then the default profile configured in the client manager will be used.

Archive Signing Settings

This group box is used to configure the verification service settings, ERS and archive data settings.

• Create Archive Service Notary signature - Sign the generated archive using an LTANS Notary Signing or Document Signing key which is pre-generated in the Key Manager module.
• Signing Service Address - Provide the address of the signing service that will be used to produce the signatures.
  Note: only HTTP interface is supported for signing service address e.g. http://localhost:8777/adss/signing/hdsi.
• Signing Profile - Provide the signing profile name that will be used to produce the signature. If left empty then default profile configure in client manager will be used.
  Note: Ensure that the signing profile should be for XML Signing and "Signature/Document Relationship" should be set to ENVELOPED, Enveloping signature are not supported for the Notary signing.
• Signing Certificate Alias - Provide the certificate alias with a certificate having either LTANS Notary Signing or Document Signing. If left empty then the certificate configured in the signing profile will be used to produce the Notary Signature.

If "_" character is used in the search then it will act as wildcard.