Educause Security Discussion mailing list archives
Re: Digital ID's for signing request forms, etc ...
From: "Shalla, Kevin" <kshalla () UIC EDU>
Date: Thu, 14 Feb 2013 21:41:45 +0000
Richard, Have you thought of using a workflow system instead, like Banner Workflow? You simply log in, approve or deny a request, then it is routed to the next person in the workflow. Kevin From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Becker, Richard R. Sent: Thursday, February 14, 2013 3:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Digital ID's for signing request forms, etc ... February 14, 2013 Ladies and Gentlemen, We are contemplating using a digital ID for requesting and signaling completion of access requests to several of our systems. All of our access request forms were created or updated using Adobe Acrobat and LiveCycle Designer to enable a digital id instead of having the person put pen to paper (wet signature) and then inter-office the form to the next person for action. A wet signature is still doable. By using the digital ID and then e-mailing the form to the next person for processing, we are hoping to reduce the approval process time and reduce the amount of physical paper lying around. Once completed, we scan/store the completed request form using our Banner Document Management System (BDMS). This BDMS storage occurs in all cases when a request is completed. The paper request is then shredded. I am looking at using the PKCS#12 digital ID method. From what I can determine, the PKCS#12 digital ID provides two major capabilities/enhancements over the "Windows Certificate Store" digital ID. The user provides the same type of identification information; name, department, company, and email address, but with the PKCS#12 version: 1. The creator/user must provide a storage location for the created PKCS#12 digital ID file. This digital ID file can be stored on a removable storage device, such as a flash drive or a more secure location, such as a common server/shared folder. 2. The creator/user must provide a password in order to create and then use this PKCS#12 digital ID file. This ensures, as long as the password is not shared, that the owner of the digital ID authenticates it is them that is using this digital ID to sign the document or encrypt the file. The other route we could go is to use a certificate authority (CA) to generate a certificate for each and every employee. This seems to be a bit of over kill, but not impossible. Comments or suggestions would be greatly appreciated. Regards, Richard R. Becker Chief Information Security Officer El Paso Community College 915.831.6411 (Office) 915.831.6480 (InfoSec) 575.496.1557 (Cellular) "Security is always excessive until it's not enough." --Robbie Sinclair (n.d.)
Current thread:
- Digital ID's for signing request forms, etc ... Becker, Richard R. (Feb 14)
- Re: Digital ID's for signing request forms, etc ... Shalla, Kevin (Feb 14)
- Re: Digital ID's for signing request forms, etc ... Tim Doty (Feb 14)
- Re: Digital ID's for signing request forms, etc ... Di Fabio, Andrea (Feb 14)
- <Possible follow-ups>
- Re: Digital ID's for signing request forms, etc ... Joe St Sauver (Feb 14)
- Re: Digital ID's for signing request forms, etc ... Shalla, Kevin (Feb 14)