Sponsored Development: Document Signing
To integrate the ability to submit documents to a signing service / engine and then record the signature in ADempiere.
The signing service should be able to sign and check signatures.
Some countries are required to sign documents due to legal requirements. Other organisations wish to sign documents when electronically transmitting them so that partners can validate or assure the document is authorised by the partner hand has not been tampered with in transmission.
This development will implement a signing service that creates an md5/sha hash of the document (pdf/html/csv). However, many other potential signature services can be considered such as "signed pdf" or trusted signing from a third party signature provider.
The purpose of the signature is to increase confidence that the document has not be altered since the time the document was generated. This means, the document should only be signed when it is complete. If the document is changed in some way (such as tampering with te document via the database), then the check signature method will return invalid.
Discussions in the forums is here: http://sourceforge.net/projects/adempiere/forums/forum/610546/topic/3511260
It is envisaged that people might also want to encrypt documents with a certificate or other key.
Comments & Thoughts welcome
- The signing should be called from the server (i.e. otherwise the client would need access to private keys for some types of signing)
- Documents should inherit the ability to sign streamed versions of themselves (ReportEngine)
- The implementation should be pluggable - SigningService Interface
- Different BP's may require different SigningServices so multiple SigningServices should be able to be registered
- Michael Judd
- anyone else interested
The project team
- Add infrastructure for signing
- implement reference signing with sha/md5 of existing document types (xml, pdf, csv)
- implement pluggable signature services
- make signature business partner aware (i.e. the document will be signed in accordance with the preference for the bp as the bp will need to validate the signature)
- implement pdf signing (where the signature is used from within the pdf document format)
- implement document encryption
- implement document export / transmission (integrating the replication exporter / edi export and other persistent document formats)
Vote for Inclusion in Trunk
- +1 by red1