Slashdot Mirror

← Back to Stories (view on slashdot.org)

Business-Suitable Document Authentication System?

Posted by timothy on from the sign-each-pigeon-as-it-flies-by dept.

ram.loss writes "The company I work for has decided to go paperless for all memos and internal correspondence. In addition to the central administration, the company has three more or less autonomous, physically separated divisions; that means we do not have a common IT infrastructure across all of them. Since I am the only resemblance we have to an IT department at my division, I have been commissioned with evaluating the available technology to manage and authenticate all correspondence, although it is not my area of expertise (I have a CompSci degree, but for many years have specialized in transportation modeling software). My initial thought was to use a document management system like Plone (this is the system I'm familiar with); from what I have read, that would take care of the management part, but what about authentication? We need each document to be signed, and a fully auditable system that keeps track of who signed what document, who received it and when. It also must take into account the handling of external correspondence in the future, where a recipient outside the company must have the means to return an authenticated document as a response. I'm aware that I'm leaving out a lot of details, like how the documents will be signed, the legal implications, etc., but for the time being I'm only interested in the experiences of the Slashdot crowd with such systems, and hopefully finding out enough information to hand over the matter to (or hiring) somebody more qualified, once I know what to look for. Has anybody out there used a similar system? Am I in way over my head?"

8 of 130 comments (clear)

  1. Try Knowledgetree by PdbAqB · · Score: 5, Informative

    Try Knowledgetree - It's open source, has workflow and it is fully audited: http://www.knowledgetree.com/solutions/industry-solutions We use it in our law firm (I manage it - we are relatively small http://1p.com.au/ and it runs without any specific expertise. I have previously tried other solutions without success. We also really appreciate knowledgetree's ability to interact seamlessly with MSOffice etc. Good luck

  2. What? Are you trying to do? by Manip · · Score: 4, Insightful

    Sounds like you have serious requirement overload. You need to go back and ask them what they ACTUALLY want.

    For example, what is a "document?" Who is signing it? How long should the audit trail be? How many millions are you investing in this needlessly complex internal system?

    What you're after simply doesn't exist and likely never will. Even if it did implementing it would be hugely expensive and time consuming.

    What I don't understand is how this can replacing a paper system? Paper systems lack almost all of the features you requested... So clearly do do not NEED this stuff and thus we came around full circle to requirement overload.
     

    1. Re:What? Are you trying to do? by twisteddk · · Score: 4, Insightful

      I couldn't agree more. As a comp.sci. major, you should be able to ask the questions of: What, why, where and who (and today probably also, how much).

      You need to get a decent requirement spec going, and from then on choose the system you want. There's no need to spend more money and time on features or systems that wont be used. Buying a fully fledged EDHS would be nuts if you can make due with a common fileserver and an intranet bulletin board system. Also, you might want to look at the business you're supporting, maybe there's an industry standard that might be handy to keep up with if you suddenly need to cooperate with, buy or be bought by someone else in the industry.

      Also, you'd want to mimic the current working processes as closely as possible. There's nothing more deadly to a project than employees unwilling to adapt to new systems. So make the system cater to their needs instead of making them having to do things differently. Include key personel in the implementation or descision process, so that they feel that their needs are being heard and met, so they will welcome the new system. Social engineering isn't just a skill for politicians, it's one for developers too ;)

      --
      --- To err is human... Am I more human than most ?
    2. Re:What? Are you trying to do? by ram.loss · · Score: 4, Informative

      Hi, original poster here.

      Yes, I am aware there are too many details left hanging, that's why I need to hear from someone that has worked with a similar system to at least have an idea what kind of project are we dealing with. From listening to the managers, we need some serious talking to do before a formal proposal is made.

      For starters, there's not much money available for the hypothetical system, so that will probably be a showstopper. When i say "documents" I mean anything that when printed on paper has to have a signature (as in "written with a pen") that identifies who wrote it/approved it, most likely a PDF file when talking about an electronic document.

      I share your bafflement about the purpose of all this, presumably they want to eliminate all the time needed to move paper around four different locations, and it can't be done by e-mail due to the signature requirements (internal rules, legal implications among other things, lets not delve too much into that just now). But I think they really have not thought through all the added costs.

  3. Lotus NotesDomino by kirthn · · Score: 5, Informative

    Lotus Notes/Domino by IBM takes care of all that...including external branches, ditigital signatures, track of who has been reading it, who where the previous readers etc etc... etc...we have been using it extensively and provides everything you just described.....

    --
    Famous last words:"but...."
  4. Re:SharePoint by klubar · · Score: 4, Insightful

    SharePoint is underrated-- it really has gotten pretty goood. Although you say that the firm doesn't have a common infrastructure, it's likely that you've standardized on Microsoft Office. If you're using (or can upgrade to) Office 2007 (or 2010), sharepoint plays extremely well with Office. SharePoint will handle all your office documents. If you need a comprehensive solution for scanned paper or integration with other applications, I'd look at some of the commercial document management solutioms (Documentum).

    Don't cheap out and try to put together some homebrew solution. Remember as Click and Clack the Tappit Brothers say, it's the cheap man/women who spends the most.

  5. Possibly Lotus Domino; Need more info by thebiss · · Score: 4, Informative

    You'll need to elaborate on two things to get good answers:
      - What is a document? Rich text, or scanned paper, physical paper, or something else?
      - What is authentication? Tracking electronic versions from creation, through revisions, to finalization, or something different like confirming that physical document "A" is the same as physical document "B"?

    I know of solutions for the case where documents are soft copy rich text with images and and attached scanned documents. A Lotus Notes database can be easily created to track such documents, prevent over-writes, track revision histories, etc. I work for a pretty big consulting firm, and we use Domino-based systems for things like this all the time.

    Some caveats -
    - Domino's is easily setup, but requires product knowledge to perform well and scale. How big is your firm?
    - Users will need to have Notes IDs to work with the system, as ID (certificate) + password based PKI is the foundation of Domino's authentication mechanism.

    Some benefits -
    - Depending upon the setup, users will be able to work with documents via your corporate intranet.
    - Depending upon the setup, replication (think synchronization) can enable users to keep local copies of this data, for access while they are outside of the intranet.

    Access for outsiders is more complex.
    - If the outsiders are trusted (e.g. auditors,) the solution may be to give them Notes IDs and grant them access to the intranet and this system.
    - If the outsiders are end-users (e.g. E&Y clients submitting their 2010 US tax forms,) then you may be into custom application space. I'll skip the plug for my company.

    --
    Beware: I believe all are created equal, and have the right to life, liberty, and the pursuit of happiness.
  6. Re:SharePoint by YrWrstNtmr · · Score: 5, Informative

    One of the main issues with SharePoint (aside from the whole MS ecosystem) is that it is a large complex beast. Once you move beyond the base SharePoint Services and into SharePoint Server, the maintenance will drown you. Especially if you are only one deep.
    And I say this as a SharePoint admin/developer for a large US govt organization.

    But yes, the base SharePoint Services 3.0 and upcoming SP Foundation(2010) will do pretty much everything he's asking for. And it's free (beer), if you are already running Server2003 or Server2008.

    Also, FAR more requirements gathering is needed. What do the bosses really want?