Skip Headers
Oracle Workflow Developer's Guide
Release 2.6.3.5
Part Number B12161-02
|
|
|
|
|
|
|
|
|
Previous |
Next |
|
Contents |
Index |
Glossary |
#WF_SIG_POLICY Attribute
In Oracle Applications, you can use a special message attribute with the internal name #WF_SIG_POLICY to require that a user's response to a notification be signed electronically. This electronic signature is analogous to a written signature. If you define a notification to require an electronic signature, users must respond to the notification from the Notification Details web page and enter the appropriate type of signature. Otherwise, the response will not be considered valid.
- If you define a notification to require a password-based signature, users must sign their response by entering their Oracle Applications user name and password.
- If you define a notification to require a certficate-based digital signature, users must sign their response with a valid X.509 certificate issued by a certificate authority. After the signed response is submitted, Oracle Workflow performs the following steps:
- Verifies that the signature was well formed, that it was created with a private key corresponding to the offered signing certificate, and that it is signing the plain text that it purports to sign.
- Confirms that that this user is authorized to sign the notification by checking that the certificate is assigned to a user who is a member of the recipient role for the notification.
- Confirms that the certificate used to create the signature was valid at the time the signature was received, meaning it had not expired or been revoked. To validate a certificate, Oracle Workflow checks that the certificate does not appear on a certificate revocation list (CRL) issued by the certificate authority after the time the signature was received.
Oracle Workflow records the status of requested and submitted signatures in an evidence store, for both password-based signatures and certificate-based digital signatures. This signature information is purged when you purge obsolete workflow runtime data for the associated notifications. See: Items, Oracle Workflow API Reference.
The #WF_SIG_POLICY attribute must be either of type text or lookup. To require a password-based signature, set the value of the #WF_SIG_POLICY attribute to PSIG_ONLY. To require a certificate-based digital signature, set the value of the #WF_SIG_POLICY attribute to PKCS7X509_ONLY. If you set the value to DEFAULT, leave the value blank, or if you do not define a #WF_SIG_POLICY attribute for the message, Oracle Workflow performs the default response processing that does not require a signature.
- For ease of maintenance, you can define the #WF_SIG_POLICY attribute with a type of lookup and assign it the predefined Signature Policy lookup type provided in the Standard item type. The Signature Policy lookup type contains three lookup codes with the display names Password Signature, X509 Signature, and Default, representing the values PSIG_ONLY, PKCS7X509_ONLY, and DEFAULT, respectively.
- You can also define the #WF_SIG_POLICY attribute with a type of text. In this case, you must manually maintain the values that you set for this attribute.
You can either specify a constant value for the #WF_SIG_POLICY attribute, or specify an item type attribute as the value and include logic in your workflow process that dynamically determines at runtime whether a signature should be required or not and sets that item type attribute accordingly.
Note: Electronic signatures are currently supported only for the version of Oracle Workflow embedded in Oracle Applications.
See Also
To Define a Message Attribute
Setting Up for Electronic Signatures, Oracle Workflow Administrator's Guide
Electronic Signatures, Oracle Workflow User's Guide
To View the Details of a Notification (for Oracle Applications), Oracle Workflow User's Guide
NtfSignRequirementsMet, Oracle Workflow API Reference
#WF_SIG_ID Attribute
In Oracle Applications, you can specify an electronic signature policy for notifications by defining the #WF_SIG_POLICY message attribute. If you specify a signature policy that requires an electronic signature to confirm a user's response to a notification, Oracle Workflow creates another message attribute named #WF_SIG_ID after the notification is signed. The #WF_SIG_ID attribute stores the identifier for the signature, which you can use to reference information about the signature later if necessary. This attribute is of type text and has a source of 'Respond'.
Note: Oracle Workflow automatically creates and sets the value of the #WF_SIG_ID attribute when a user submits a response to a notification with an electronic signature. You do not need to manually create or set this attribute.
Copyright © 2003, 2004, Oracle. All rights reserved.