Educause Security Discussion mailing list archives

Re: Digital ID's for signing request forms, etc ...

From: "Shalla, Kevin" <kshalla () UIC EDU>
Date: Thu, 14 Feb 2013 21:41:45 +0000

Richard,

Have you thought of using a workflow system instead, like Banner Workflow?  You simply log in, approve or deny a 
request, then it is routed to the next person in the workflow.

Kevin

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Becker, 
Richard R.
Sent: Thursday, February 14, 2013 3:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Digital ID's for signing request forms, etc ...

February 14, 2013

Ladies and Gentlemen,
            We are contemplating using a digital ID for requesting and signaling completion of access requests to 
several of our systems.  All of our access request forms were created or updated using Adobe Acrobat and LiveCycle 
Designer to enable a digital id instead of having the person put pen to paper (wet signature) and then inter-office the 
form to the next person for action.  A wet signature is still doable.  By using the digital ID and then e-mailing the 
form to the next person for processing, we are hoping to reduce the approval process time and reduce the amount of 
physical paper lying around.
            Once completed, we scan/store the completed request form using our Banner Document Management System 
(BDMS).  This BDMS storage occurs in all cases when a request is completed.  The paper request is then shredded.
            I am looking at using the PKCS#12 digital ID method.  From what I can determine, the PKCS#12 digital ID 
provides two major capabilities/enhancements over the "Windows Certificate Store" digital ID.
            The user provides the same type of identification information; name, department, company, and email 
address, but with the PKCS#12 version:

1.      The creator/user must provide a storage location for the created PKCS#12 digital ID file.  This digital ID file 
can be stored on a removable storage device, such as a flash drive or a more secure location, such as a common 
server/shared folder.

2.      The creator/user must provide a password in order to create and then use this PKCS#12 digital ID file.  This 
ensures, as long as the password is not shared, that the owner of the digital ID authenticates it is them that is using 
this digital ID to sign the document or encrypt the file.
The other route we could go is to use a certificate authority (CA) to generate a certificate for each and every 
employee.  This seems to be a bit of over kill, but not impossible.
Comments or suggestions would be greatly appreciated.

Regards,

Richard R. Becker
Chief Information Security Officer
El Paso Community College
915.831.6411 (Office)
915.831.6480 (InfoSec)
575.496.1557 (Cellular)

"Security is always excessive until it's not enough."
--Robbie Sinclair (n.d.)

Current thread:

Digital ID's for signing request forms, etc ... Becker, Richard R. (Feb 14)
- Re: Digital ID's for signing request forms, etc ... Shalla, Kevin (Feb 14)
  - Re: Digital ID's for signing request forms, etc ... Tim Doty (Feb 14)
- Re: Digital ID's for signing request forms, etc ... Di Fabio, Andrea (Feb 14)
- <Possible follow-ups>
- Re: Digital ID's for signing request forms, etc ... Joe St Sauver (Feb 14)