Authorisation Profiles

Often there is a need to prove that a server-side signature was produced as a result of a wilful act on the part of an actual person. Alternatively there is a need to protect the server-side signing keys such that M of N authorisers are required to approve the signing operation. To meet these requirements Ascertia has implemented the concept of Authorisation Profiles.

Authorisation profiles are used to specify the list of authorisers (i.e. end-users) who can provide signed authorisation which enables the use of a server-side signing key. Authorised signing is therefore especially effective when used to protect or provide wilful act signing with high trust qualified certificates or Adobe rooted certificates held on the server. This also provides strong internal audit evidence of sign-off and approval for signing of important documents and assures the documents have not changed from the first to the last authorising signature.

Clicking on the Authorisation Profiles button under Global Settings shows the following screen:

This shows the list of Authorisation Profiles currently defined. To create a new profile, click the '+' button, this will present the following form:

The user will be landed on Authorisation Profile Identification section. Once the required configurations are done, click on the next (>) arrow button, it will display the following screen:

The user will be landed on Authorisers Details section page. Once all the configurations are done, click on the Save button.

Each item in the above table is described below:

Items	Description
Authentication Profile ID	A unique ID automatically assigned to each authorisation profile.
Authentication Profile Name	A user friendly name assigned to each authorisation profile for internal identification. Authorisation profiles are linked with the document signing profiles using the respective names. For details on how to link authorisation profiles with signing profiles see this section.
Number of authorisers required (M of N Setting)	This defines the number of Authorisers required to approve the request under this profile. The total number of authorisers in the profile may be equal to or greater than this number. This number cannot be zero as at least one authorising user is required. In case the number is 2 or greater, then each authoriser must provide their authorisation in the request message to ADSS Server (e.g. to the ADSS Signing Service).
Status	This specifies the status of the authorisation profile. Only active profiles can be used within other ADSS Services.
\|<,<,>,>\|	Used to navigate between different pages on the Authorisation Profiles page.
Search	As also mentioned below click on this button to search for the specific authorisation profiles based on the desired search criteria.
Clear Search	Click on this button to clear the search results and display all the authorisation profiles.

Clicking on the Advance Search button on the Authorisation Profiles page shows the following screen:

Provide a search criteria containing the authorisations profile Status, Profile ID and Profile Name fields. If more than one attribute is provided, they are combined using an AND operand and the relevant results are shown.