Sign Here Please

Introduction

For those of you who manage a process which requires you to capture electronic signatures on the documents that are part of that process, this blog post is a must read for you.

Main Article

With the 11.1.1.1.6  (PS/5) release of WebCenter Content 11g a new, and not so well published,  feature called Electronic Signatures was introduced.   The electronic signatures feature is enabled in Oracle WebCenter Content 11g by enabling the ElectronicSignatures component through the Component Manager Web Interface.  To avoid confusion on terminology that tends to travel in close company, there is a point of distinction that should be made between electronic and digital signatures before proceeding with the Oracle WebCenter Content 11g electronic signature features..  Electronic Signature allows you to capture specific data points (ex: Name Of Signer, Date of Signature, etc) that represent the intent of signature and provides an electronic record of proof that someone has authorized the information contained within a document.  Electronic signatures are not embedded within the document that the electronic signature is associated with.  Digital signatures can be considered an implementation of electronic signatures.  However unlike electronic signatures, digital signatures are implemented with cryptographically based public and private keys.  These are keys which cannot be easily repudiated and represent a users/approvers handwritten signature and provide authenticity which is directly bound with the document or message being sent.  In some instances digital signatures can also pertain to capturing a digital image of a person’s hand written signature that is linked to or imprinted on a document.

In Oracle WebCenter Content 11g the implementation of Electronic Signatures provides you with the following features that I will cover in this post:

End User:

• Document Check Sum Creation
• Electronic Signature Capture
• Electronic Signature Viewing
• Matching of a local file to revisions of a specific WebCenter Content managed content item
• Searching for a document in the WebCenter Content Repository based on a local file

Administrative:

• Signature Metadata Configuration
• Signature Watermark Configuration

Document Check Sum Creation

When the Electronic Signature feature is enabled a check sum is calculated during the check-in of a document. The calculated check sum value is stored as metadata with each revision of the document being checked-in in a custom metadata field called xCheckSum. The checksum value calculated is based solely on the document contents and does not depend on an electronic signature being captured for the document. The supported algorithms used for computing the document checksum value are

• MD2
• MD5
• SHA-1
• SHA-256
• SHA-384
• SHA-512

The check sum compute algorithm used can be altered through a Checksum_Algorithm environment configuration entry that is part of the Electronic Signature component configuration. The configured value on initial installation of the component is SHA-512. The computation of the check sum for the document can be disabled by setting the environment configuration entry

• primaryFile:computeChecksum

to a value of false. When a document check sum value is being computed it is used in the features

• Matching a local file to a selected content items revision(s) based on the calculated check sum value
• Searching for a files in the WebCenter Content Repository based on the check sum value of a local file

Which are discussed further down in this post.

Electronic Signature Capture

Electronic signature capture can be performed on documents either when they are not in a workflow approval process or are participating in a workflow approval process. The following illustrations outline the user experience for capturing an electronic signature for both scenarios

Outside of Workflow Approval Process

1. 1. From the document information page of a content item revision select the Sign Content option from the Content Actions menu

2. 
   
   2. The Sign Content Item dialog is displayed where user supplies electronic signature metadata. The password that is supplied is authenticated against the security realm of the weblogic domain the WebCenter Content application is running in. This is done as a way to ensure that the user supplying the electronic signature is truly the user being identified by the user id. The password is not stored as part of the signature data

Sign Content Item Dialog

In a workflow approval process

When the electronic signatures feature is enabled the workflow approval tasks are modified by changing the standard Approve action to an action of Sign and Approve

1. 
   1. The approval of the content presents the user with the Sign Workflow Content Item dialog which allows the user to supply an electronic signature before the document advances in the workflow process.

2. 
   
   2. The approval of the content presents the user with the Sign Workflow Content Item dialog which allows the user to supply an electronic signature before the document advances in the workflow process.

Note: By default capturing an electronic signature requires SSL to be enabled on an Oracle WebCenter Content instance via having the UseSSL configuration entry set with a value of true in the WebCenter Content core config.cfg configuration file.  When you think of it this makes sense as a user is going to have greater piece of mind applying a signature to document that has no potential of being modified in transit which is what SSL encryption provides. For those implementations of WebCenter Content whose data only traverses internal corporate network segments where there is no concern of  data being breached in transit, the following configuration entry that is part of ESignature can be set in either the ESignature environment resource configuration file or the core WebCenter content config.cfg file  to disable the SSL requirement for signature capture

• DisableESigSSLCheck=true

Electronic Signature Viewing

When an electronic signature has been captured on a specific content item revision, the content items document information page will display a signatures tab that allows the user to view the signatures that have been captured. (Note: A content item revision can receive more than one electronic signature as illustrated below)

Clicking on the actions icon in the column on a particular signature row will display additional details about the signature.

Matching of a local file to revisions of a specific WebCenter Content managed content item

This feature uses the check sum value that is calculated for the revisions of checked-in content items to allow users to see if a document on their local file system matches any of the revisions of a selected content item. The following illustrations walk through the end user experience of matching a local file to a content item revision

1. 
   1. From the signature tab of content items document information page the user selects Search For Local File in Repository

2. 
   2. User is presented with the Search For Local File dialog where they use the Choose File button to browse their local file system for a file. User clicks the Search button to submit request to see if locally selected file matches any of the revisions of the currently selected WebCenter Content managed content item.

3. 
   3. User is presented with either the File Search Successful or File Search Unsuccessful dialog depending on if the local file matched any revisions of the selected managed content item based on the calculated checksum value.

Searching for a document in the WebCenter Content Repository based on a local file

This feature uses the check sum value that is calculated on revisions of checked-in content items to allow users to search the WebCenter Content repository for content items whose checksum value matches the calculated checksum value of a file on their local file system. The following illustrations walk through the end user experience.

1. 
   1. From the Content Management Menu, user selects Search For Local File In Repository

2. 
   2. User is presented with “Search For Local File” dialog. User clicks on Choose File button to browse their local file system for the file they want to use for the search. After file is selected, the Search button is clicked to initiate search.

3. 
   3. User is presented with either the File Search Successful or File Search Unsuccessful dialog dependent on if any content items matched the selected local file based on the calculated checksum value.

Single Content Item Match

Multiple Item Content Matches

Electronic Signature Metadata Configuration

There is one administration option that is available with the Oracle WebCenter Content Electronic Signatures feature which allows you to extend the default set of electronic signature metadata. The default signature metadata that is supplied with the initial installation of the signature feature is:

• User ID of signer
• Full Name of Signer
• Date that signature is captured

The following illustration shows the administration interface that is provided for setting up additional signature metadata.

Electronic Signature Document Watermarking

When the Electronic Signature feature is enabled along with PDF Watermark, the PDF Watermark capabilities are enhanced to provide the ability to apply a watermark of selected electronic signature data on a PDF rendition of a document. The following illustrations show how to configure a watermark template with electronic signature data using the PDF Watermark Administration Applet. For complete instructions on PDF watermark administration refer to the Oracle Fusion Middleware Managing Webcenter Content guide.

As it relates to electronic signature and PDF watermark there are primarily two main configuration points to consider

• Rules
• Template Configuration

There is a custom Boolean metadata field that gets maintained with each content item named xESigHasElectronicSignature that gets stamped with a value of 1 when an electronic signature has been captured. I have found that this is a good metadata field to use to in a rule for a watermark template that will be used to watermark an electronic signature on a PDF rendition of a document.



When the electronic signature feature is enabled Edit Template dialog of the PDF Watermark Administration applet has a SignatureWaterMark tab added. The illustration below shows the interface for adding electronic signature fields. It needs to be noted that only electronic signature fields available for applying to a watermark template are custom ones that are added through the Electronic Signature Administration page.

Extended Functionality

As I was working with the features of the Electronic Signature component I thought that the document checksum calculation it provides lent itself for some nice feature enhancements which I have implemented in an add on component called ESignatureExtensions. The extended features being supplied with this component are:

• File Download validation

This feature uses the checkum calculated when the content item revision was originally checked-in  compared to a checksum that is computed when a request to download the document is initiated through the GET_FILE service to validate that the file had not been modified on the file system of the server after it was checked-in. If the comparison of checksums fails indicating the file has been changed, the file download is interupted and the user is presented with the following message

• Locating duplicate content items of a selected revision or all revisions of a currently selected content item

This feature uses the checksum calculated on the currently selected revision or all revisions of a content item to search the repository for other content items which are duplicates based on the checksum value which is computed from the file contents.  These feature are accessible from the content information page actions menu

• Scanning the entire repository for duplicate content item

This feature uses the checksums computed on documents to scan the entire repository for content items which are duplicates of each other.  In addition this feature provides the ability to download the results of the scan to a CSV formatted file that can be distributed to end users to view and analyze the data in Microsoft Excel to assist in the process of eliminating duplicate content from the repository

~Happy Signing~