Business-Suitable Document Authentication System? 130
ram.loss writes "The company I work for has decided to go paperless for all memos and internal correspondence. In addition to the central administration, the company has three more or less autonomous, physically separated divisions; that means we do not have a common IT infrastructure across all of them. Since I am the only resemblance we have to an IT department at my division, I have been commissioned with evaluating the available technology to manage and authenticate all correspondence, although it is not my area of expertise (I have a CompSci degree, but for many years have specialized in transportation modeling software). My initial thought was to use a document management system like Plone (this is the system I'm familiar with); from what I have read, that would take care of the management part, but what about authentication? We need each document to be signed, and a fully auditable system that keeps track of who signed what document, who received it and when. It also must take into account the handling of external correspondence in the future, where a recipient outside the company must have the means to return an authenticated document as a response. I'm aware that I'm leaving out a lot of details, like how the documents will be signed, the legal implications, etc., but for the time being I'm only interested in the experiences of the Slashdot crowd with such systems, and hopefully finding out enough information to hand over the matter to (or hiring) somebody more qualified, once I know what to look for. Has anybody out there used a similar system? Am I in way over my head?"
SharePoint (Score:3, Informative)
Microsoft SharePoint can handle most of what you need out of box, and you can configure and customize what you need for the rest, I believe.
Re: (Score:3, Insightful)
Only if you're standardised on MS Office. They do not have a common IT infrastructure.
Re: (Score:2)
Sharepoint doesn't require Microsoft Office, it only requires Windows Server.
If you have a relatively unused server running Windows 2008/2008 R2, install Sharepoint Foundation 2010 Beta [microsoft.com] and give it a try. It's OK, and it doesn't require IE to access the site.
Re: (Score:2)
About the only major large-corp departure from office would be lotus notes...but you can still use sharepoint (and IBM has lots of lotus notes based stuff that can do similar things). Odds are even if the IT infrastructure is different, they share an email paradigm because otherwise stuff is a big pain (the company I work for switched to our parent company's exchange system from our own lotus notes even th
Re:SharePoint (Score:5, Insightful)
Don't cheap out and try to put together some homebrew solution. Remember as Click and Clack the Tappit Brothers [cartalk.com] say, it's the cheap man/women who spends the most.
Re:SharePoint (Score:5, Informative)
And I say this as a SharePoint admin/developer for a large US govt organization.
But yes, the base SharePoint Services 3.0 and upcoming SP Foundation(2010) will do pretty much everything he's asking for. And it's free (beer), if you are already running Server2003 or Server2008.
Also, FAR more requirements gathering is needed. What do the bosses really want?
Re: (Score:2)
. It also must take into account the handling of external correspondence in the future, where a recipient outside the company must have the means to return an authenticated document as a response
this sounds like the hardest part - 3rd party person will not be in the AD, so cannot be authenticated or managed with a certificate associated with the userid. Obviously if the 3rd party doesn't modify the document you can prove its not modified (but that's easy). If they do.. how do they expect whatever they send
Re: (Score:2)
So you can't really see the diffs. All you know is something is changed, which often isn't very useful.
And often all that has changed is someone printed the document (which can also cause fields to be updated), or say in the case of Excel there are often changes to the file even if they aren't really visible/material to the user
Re: (Score:2)
it varies on the version of the Word format - 97, 2003, docx etc, but when I view diffs of a Word doc in Tortoise, it fires up a side-by-side viewer that shows things crossed out, added in colours. Somewhat like the 'track revision' feature in Word.
You can change the difference tool for different types of document, so you can do PDFs too.
Obviously some do a better job than others, and none are as good as diffs of a text document, even Word's track revisions feature can be a pain to read.
Re: (Score:2)
I might switch to subversion for that then...
Re: (Score:2)
glad to be helpful... See this blog [blogspot.com] for a quick guide w' screenshots, and use VisualSVN Server to create the repo - its 'teh win' for Windows server based subversion repos.
Re: (Score:2, Informative)
SharePoint is underrated???? Oh, my god. It's vastly overrated. It's Microsofts proprietary, not well thought of solution on how to do distributed, eh, things with Office document. I've had horrible problems even when doing any kind of version control on documents. I mean, isn't that the whole point of SharePoint? I can delete a document, upload a new one with the same name and it will *revert back* to the old version! Oh, yeah, you can do it online, if you use IE *and* know how to do it.
Recently I've been
Re: (Score:2)
What would you recommend then ?
Re: (Score:2)
Sorry, I've got no recommendations. But I don't doubt that there are many good ones that get modded up, I've already mailed a few of them to my work mail address to see if we can put an OS solution instead of the thing that is SharePoint. I have to work with SharePoint since my company does not let me use anything else and it has left some deep scars. Unfortunately I'm not the one making the choices (or fortunately, evaluating this kind of software aint my thing).
Re: (Score:1)
Re:SharePoint (Score:4, Insightful)
Please, enlighten me why sharepoint costs $50,000? I have several customers who run it on a single server, that also has other duties (unless you have a very large number of users, sharepoint server uses little resources). You will need licensing of Office and Windows for every employee, but the majority of offices in the real world already have that. At the end of the day, sharepoint is just a web server, it does not need anything special from the hardware. So lets say 2 redundant servers, about 2.5k each. Licenses for server 2008, iirc around $700 each. If they are a Windows shop already (and if not, then sharepoint is a bad idea_ they already have CALs and office licenses for all their users, so that's not an issue. Lets say $1k for some sort of backup solution. So before labor, and there's a ton of competition in the sharepoint world so labor is fairly cheap, we are at what, $7400 in "dedicated hardware and licenses" for a solution that could probably serve a few thousand users quite well depending on the nature of how they use it. I'm assuming of course the actual documents are stored on a separate file server/SAN hardware already. Seeing how his whole division has no real IT staff, I doubt they even have that many users.
There's a lot of things not to like about Sharepoint, it's a proprietary solution with the usual problems proprietary solutions have. But it integrates quite well with Office and is easy enough to use and customize the secretary can figure it out. To be honest, I would probably not recommend Sharepoint for his situation simply because when amateurs try to maintain a Sharepoint installation things tend to go horribly wrong, mostly because the patches and upgrades can be a bit of a clusterfuck if you don't carefully follow the steps to prepare for them. Where you came up with $50,000, especially without even knowing the number of end users, is a mystery to me.
Re: (Score:2)
http://community.bamboosolutions.com/blogs/sharepoint-price-calculator/default.aspx [bamboosolutions.com]
I ran my internal numbers of different divisions (very large company) and it was almost exactly right each time, so the math seems correct.
2010 is getting a bit worse (more expensive, but less complicated).
The worst is if you want to host Sharepoint on the Internet.
Re: (Score:2)
A handy, helpful reference and loads of professional experience, is that all you got? No points for you! Try again, this time with more MS sycophancy, hmm?
Re: (Score:1)
Re: (Score:2)
Well-under-stated, dyerto, I agree from my perspective as a user and Sharepoint site organizer (low-privilege admin). Either there is no unifying approach or else it is extremely obscure. By chance I sat next to an IT guy on a plane and complained about Sharepoint; he was returning from a week-long course on Sharepoint and he pulls out a huge tome.... that is so wrong. All I wanted was a wiki and to share some docs. Also, editing practically requires Windows, which is a problem with academic scientists,
Re: (Score:2)
The #1 problem with SharePoint is idiots who try and use SharePoint for things it was NOT designed to be used for.
Re: (Score:2)
Re: (Score:2)
Like document management, lists, wiki's and information sharing...wait
Business suitable? (Score:2)
How about iButton crypto cufflinks?
Try Knowledgetree (Score:5, Informative)
Re: (Score:2)
Just wanted to concur with this. Bought KnowledgeTree at my last job and thought it was just fantastic. Beware that if you go with the purely open source version, Windows users will have to upload documents individually through a web interface, which is not usually a big hit. But great security, auditing, workflow, delegation...and yet actually simple to admin unlike your average Microsoft product. Integrates well with Active Directory.
Some concerns I would have if I were you (and these are mostly not s
Memos and Correspondence.... (Score:2)
Am I crazy for suggesting email? It's trivial to lock it down to a LAN if needed, and if some documents need signed and passing out to the real world, that sounds like PDF to me. You know, because PDF is portable.
Yes, I know you need a "history." And there are so many email archiving systems out there, that one of them must be good for actually going through that data.
Re: (Score:3, Insightful)
Am I crazy for suggesting email?
Yes. Email is great for certain document-management applications, particularly where you need everything time ordered, but it has a few key drawbacks:
* very poorly searchable (particularly if stuff is in PDF or images, as it's likely to be if it's correspondence coming from outside), which is a huge issue for some applications.
* no support for automatic workflow management.
Plone and the other suggestions here are all much better at these two than any system built on e-mail.
Doesn't mention searchability or workflow (Score:2)
Plone and the other suggestions here are all much better at these two than any system built on e-mail.
The requirements are uselessly fuzzy. Neither searchability nor workflow are specifically mentioned, though searchability is implied in "management".
It sounds to me like even MS Exchange with public folders (and therefore just about any IMAP server) could handle the requirements as
specified. Signing, authentication, tracking, indexed searching are all bog standard features of any modern email system.
You typically won't get it all in one box with OSS (but could assemble your own) but Microsoft (exchange), IB
Re: (Score:2)
Or use email in combination with company-wide smartcards/PGP. That should take care of the signing part.
Re: (Score:2)
No, you're not crazy, though there are tradeoffs:
The bad: with email instead of dedicated knowledge management, you'll pay a lot more in licensing, hardware, and maintenance for each bit of bolt-on functionality that you need/want, and even then you won't end up with as much functionality embedded in as slick an interface.
The good: email is a huge industry, so you really can find some provider to add functionality for each line-item requirement (traceability, search, archiving, even workflow), and if you
What? Are you trying to do? (Score:5, Insightful)
Sounds like you have serious requirement overload. You need to go back and ask them what they ACTUALLY want.
For example, what is a "document?" Who is signing it? How long should the audit trail be? How many millions are you investing in this needlessly complex internal system?
What you're after simply doesn't exist and likely never will. Even if it did implementing it would be hugely expensive and time consuming.
What I don't understand is how this can replacing a paper system? Paper systems lack almost all of the features you requested... So clearly do do not NEED this stuff and thus we came around full circle to requirement overload.
Re:What? Are you trying to do? (Score:5, Insightful)
I couldn't agree more. As a comp.sci. major, you should be able to ask the questions of: What, why, where and who (and today probably also, how much).
You need to get a decent requirement spec going, and from then on choose the system you want. There's no need to spend more money and time on features or systems that wont be used. Buying a fully fledged EDHS would be nuts if you can make due with a common fileserver and an intranet bulletin board system. Also, you might want to look at the business you're supporting, maybe there's an industry standard that might be handy to keep up with if you suddenly need to cooperate with, buy or be bought by someone else in the industry.
Also, you'd want to mimic the current working processes as closely as possible. There's nothing more deadly to a project than employees unwilling to adapt to new systems. So make the system cater to their needs instead of making them having to do things differently. Include key personel in the implementation or descision process, so that they feel that their needs are being heard and met, so they will welcome the new system. Social engineering isn't just a skill for politicians, it's one for developers too ;)
Re: (Score:1)
Re: (Score:1)
Actually it doesn't at all. One, what users say they "need" is very often either what they want (not the same thing at all, if it was all systems would have a pony in them), or their attempt at a solution.
Two, it doesn't even state what industry it is, what type of documents they are, where they're coming from & going to etc etc. Take authentication - what does that mean? That you can see internally who it came from, that you can show to a third party, or that you can prove it?
Re: (Score:2)
Paper systems lack almost all of the features you requested... So clearly do do not NEED this stuff and thus we came around full circle to requirement overload.
It's entirely possible that most of the features requested will never be used and is someone's idea of an ideal scenario. What's being described sounds, at least to me, like the functioning of a court or parts of a large law firm. The legal field has traditionally relied on paper (lots of it, along with multiple copies for everyone), but I'm sure e
Re:What? Are you trying to do? (Score:5, Informative)
Hi, original poster here.
Yes, I am aware there are too many details left hanging, that's why I need to hear from someone that has worked with a similar system to at least have an idea what kind of project are we dealing with. From listening to the managers, we need some serious talking to do before a formal proposal is made.
For starters, there's not much money available for the hypothetical system, so that will probably be a showstopper. When i say "documents" I mean anything that when printed on paper has to have a signature (as in "written with a pen") that identifies who wrote it/approved it, most likely a PDF file when talking about an electronic document.
I share your bafflement about the purpose of all this, presumably they want to eliminate all the time needed to move paper around four different locations, and it can't be done by e-mail due to the signature requirements (internal rules, legal implications among other things, lets not delve too much into that just now). But I think they really have not thought through all the added costs.
Re:What? Are you trying to do? (Score:4, Insightful)
This is a trap.
What your bosses want to do (go fully paperless, including all correspondence, contracts, worksheets...) is a very big project, that requires much thought, planning, management support, time, and money.
By asking you to do it on the cheap, your bosses show that they really don't understand what this is about, and when the whole thing blows, it will of course be your fault.
The one vital thing you must do is findexamples of companies of a comparable size / business that did it, with a broad idea of what it took it terms of money, time, manpower, glitches... Don't even touch the technical side, products... until you have those case studies. Pass them on to your bosses, and see if they want to go ahead.
As for getting a hold of such examples, try classmates, business partners, ask the bosses where they got the idea from, ask slashdot that question (instead of the technical one), ask potential providers for references (if you're an MS shop, MS may help)...
Re: (Score:1)
I don't know what Plone can do. But you know it, that could help you save a lot of additional work.
As for digital documents, you don't only want them to be signed. You want to know that nobody tampered with it too.
I would go for PGP/GPG. Even if it has to be manually applied before you stuff it into Plone. Plone may have PGP functionality, a quick Google search seems to indicate it.
In short, with PGP, you distribute your public key to as many as you can while keeping your private key secret.
Somebody encrypt
How big is the company (Score:1, Insightful)
If this is a large company, don't cheap out there. Budget the right amount of money and buy what's available and implement it properly. That means baking it in seamlessly with the business process
It's okay to do that y'know. Sometimes saving money costs the company too much money.
Bulletin board or PDM software and Acrobat (Score:1)
Altec's Doclink (Score:2, Informative)
It's not free but it is a nice system with strong permission controls and customizable workflows.
http://www.altec-inc.com/products/doc-link/index.html [altec-inc.com]
Lotus NotesDomino (Score:5, Informative)
Lotus Notes/Domino by IBM takes care of all that...including external branches, ditigital signatures, track of who has been reading it, who where the previous readers etc etc... etc...we have been using it extensively and provides everything you just described.....
Re: (Score:3, Insightful)
Yes, notes immediately popped into mind because you can track when and where a document was as well as who did what to it. The problem with notes is that the domino management is yet another thing to learn and if you're not using it for email its another chunky client on the desktop.
Re: (Score:2, Informative)
it's because Lotus notes is not being used well....the outsiders think it's an e-mail system, while in fact that aspect is only 10% of its capabilities...
it's a basically a high-security databse system with unique features...like replication and deep built-in security and encryption....just like that out of the box...
don't use a hammer as a screwdriver ;)
Re: (Score:3, Insightful)
I think the famous last words ought to be "but then he'd be using Lotus Notes". Having to use Lotus Notes is not a pleasant experience for anyone and I don't think you should increase the amount of misery in the world, which is what you'd be doing if they switched to notes.
Re: (Score:1)
I do agree it's not the best experience when using as an e-mail client....not as best as for example using "Mail" or Eudora
as a document, approval,tracking and knowledge system it's unmatched...
and available for multiple platforms additionally....server runs on Linux as well by the way....clients for Mac/Windows (linux i believe?) and webbased clients....
clustering, replication and security together, it's unmatched....
Re: (Score:1)
additionally it's a 15 year or more proven technology, with a lot of programming and developping possibilities...from C to Java to LotusScript with already from long time a ago a range of protocols from X500 to LDAP to XML (already from year 2000 included)....
No other product has that track record ;) (and no, I don't work in a IT-related job/environmet/sales or business related) ;)
PGP + really any collaboration software (Score:4, Interesting)
Give every a copy of PGP or gnupg and use your favorite collaboration program to store and version the documents. I would consider just signing the docs and not encrypting them when they are not sensitive, encryption just adds risk that you could lose data more easily. Its really important to know that it really was the comptroller who authorized the PO for that new delivery van but its not a secret the company purchased a new truck.
This should also give you some flexibility going forward. If you don't like the work flow solution you don't have to change the authentication solution or the other way around.
Re: (Score:1)
PGP signing could work, but I don't know if it's exactly business-friendly. I don't think PGP encryption would work in this case. There's no way to encrypt to a 'group', you need to encrypt to individual users. That means re-encrypting a bunch of documents every time you have a new hire or someone changes responsibilities.
Re: (Score:3, Informative)
Actually it is business friendly in that chances are others you may work with are already using it. Its as close to standard as you can really get. The DOD uses it, and we have to use it to sign everything we send back to them. Lots of Orgs to work with the DOD given its a hard requirement for communication with them in many cases its pretty common out in the wild.
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
'machine generated digital signature' PGP or gnupg or OpenGPG or digital signature does not prove 'a specific human' signed or authorised a document as it is the controller of the machine that did it. (Pass words are often shared to avoid 'a busy' person problems e.g secretaries sign. As in old days where a person not the King was 'keeper of privy seal' and sealed with a 'spare King's seal' on behalf of King.
Biometric sealing by digital signature tied to fingerprint works (unless fingers chopped off or pla
EPM (Score:3, Informative)
Maybe I'm not understanding the question... (Score:1)
But couldn't something like Postini do the trick for you?
OpenOffice.org supports digital signatures (Score:1)
OpenOffice.org directly supports digital signatures:
Digital Signing of documents [openoffice.org]
Re: (Score:1)
Re: (Score:1)
Of course when he tells them it costs twenty bucks per user per year to get an X.509 certificate, that option will probably go off the table...
Try the LOPSA mailing list (Score:4, Informative)
Try posting this on the LOPSA [lopsa.org] mailing list. It's an excellent resource, with lots of sysadmins in different environments hanging out. If you're not a member [lopsa.org], email me (aardvark atsign saintaardvarkthecarpeted dot com) if you'd like me to post to the list on your behalf. You might also want to try the IRC channel #lopsa on Freenode.
Membership [lopsa.org] is only $50/year, and access to the mailing list alone is worth every penny. I'm a member, and it's saved my butt on occasion. Even if you're not a sysadmin, this is definitely a sysadmin-type question, and I think you'd benefit from being able to ask questions on the list.
Re: (Score:2)
Thank you for your kind offer. I think I will hold it until I have a more specific request to make, or at least until I know exactly what kind of system will adopt.
Re: (Score:2)
A wee bit of regex contemplation gets you:
(\w+)\s*(?:@|at|atsign)\s*(\w+)\s*(?:\.|dot|period)+\s*(com|net|org)
I think address munging has to be a little more sophisticated than this example to materially reduce harvesting.
I am afraid...I see trouble ahead (Score:4, Insightful)
Since I am the only resemblance we have to an IT department at my division, I have been commissioned with evaluating the available technology to manage and authenticate all correspondence, although it is not my area of expertise (I have a CompSci degree, but for many years have specialized in transportation modeling software).
From what you say, I can conclude that your company's staffing is anaemic in the IT department. Because of this, I suggest that you abandon this project for the time being as you build up man power and expertise in IT. Hire more folks so that they can get to know the business logic and flow of information at your company then kick start this project.
Take a clue from Munich with its Linux migration efforts.
Bottom line: A drastic change in the way you work will create lots of headache for you given that as you say, "...Since I am the only resemblance we have to an IT department at my division...".
I worried for you, but wish you the best at the same time.
Re: (Score:2)
Yeah, worry was my initial reaction. But still I need to describe the size and implications of such an undertaking if I am to convince the managers that it is not practical to implement this system at this time. Or who knows, maybe talking things through with all the divisions we can reach more specific requirements and bring the project down to a practical size.
Possibly Lotus Domino; Need more info (Score:4, Informative)
You'll need to elaborate on two things to get good answers:
- What is a document? Rich text, or scanned paper, physical paper, or something else?
- What is authentication? Tracking electronic versions from creation, through revisions, to finalization, or something different like confirming that physical document "A" is the same as physical document "B"?
I know of solutions for the case where documents are soft copy rich text with images and and attached scanned documents. A Lotus Notes database can be easily created to track such documents, prevent over-writes, track revision histories, etc. I work for a pretty big consulting firm, and we use Domino-based systems for things like this all the time.
Some caveats -
- Domino's is easily setup, but requires product knowledge to perform well and scale. How big is your firm?
- Users will need to have Notes IDs to work with the system, as ID (certificate) + password based PKI is the foundation of Domino's authentication mechanism.
Some benefits -
- Depending upon the setup, users will be able to work with documents via your corporate intranet.
- Depending upon the setup, replication (think synchronization) can enable users to keep local copies of this data, for access while they are outside of the intranet.
Access for outsiders is more complex.
- If the outsiders are trusted (e.g. auditors,) the solution may be to give them Notes IDs and grant them access to the intranet and this system.
- If the outsiders are end-users (e.g. E&Y clients submitting their 2010 US tax forms,) then you may be into custom application space. I'll skip the plug for my company.
Re: (Score:2)
I want to thank all the answers so far, in spite of the blurry account of the problem I have. I now have better understanding of what kind of project I'm facing.
As I have mentioned in a previous post; currently, a "document" is a printed paper that has a signature written with a pen on it. Oversimplifying, the proposal boils down to converting these to (probably) pdf files with an equivalent method of "signing" them and confirming to auditors that the stored files have not been tampered with after signing.
alfresco (Score:2)
Re: (Score:2, Interesting)
I would second the idea of looking into alfresco. I have not used it.
However, what it will do for you is that it will make sure that you can be using a common file system with revision control. So what would happen is that you would allow your users to network mount the alfresco filesystem across the firm. Users would read and save files to this filesystem. Anytime, it is saved, versions are created.
Alfresco Documents [alfresco.com]
Also, it does handle signatures with the plugin from http://www.viafirma.org/ [viafirma.org] (
Re: (Score:2)
alfresco and sharepoint (Score:1, Informative)
I second the "Alfresco" suggestion. It has Records Management capabilities that satisfy the Government Records keeping requirements (5015.2). SharePoint is another option that has similar record keeping functionality that can be added.
All Good Suggestions For the Most Part... (Score:4, Insightful)
...but everyone is ignoring the pink elephant in the room.
No common IT infrastructure? I'd tell them to attack that before implementing anything new company wide. Without a common IT infrastructure you'd have to get a poll for exactly what each division has (does each division have a common infrastructure, I hope so) and pray that each division has standardized on something whether it be *Nix, Windows, Mac or whatever. Once you have that, getting an electronic document handling system will be much easier as you'll have only to worry about file formats from one office suite (and possibly PDFs).
As for signing of documents, PDF is the only format that handles that internally, though I guess you could get people to get their own PGP keys, though I think the hassle would not be welcome.
To summarize: /.ers :p
1. Get company to implement standard IT infrastructure company wide
2. Get IT department to implement EDHS
3. ???
4. Profit! --- very important to companies, apparently less so to
Re: (Score:1)
Agreed. No common IT infrastructure means months of headaches in implementation, especially if one of the divisions has a much higher security than the others.
HQ and the three "autonomous" divisions need to pool their IT resources together first and make sure that whatever solution(s) they come up with is really usable across every organization. There needs to be a commonality across what is supported both internally and externally before even thinking about what the best solution is. Then you've got securi
Re: (Score:3, Interesting)
> No common IT infrastructure? I'd tell them to attack that before implementing anything
> new company wide. Without a common IT infrastructure you'd have to get a poll for
> exactly what each division has (does each division have a common infrastructure, I
> hope so) and pray that each division has standardized on something whether it
> be *Nix, Windows, Mac or whatever. Once you have that, getting an electronic document
> handling system will be much easier as you'll have only to worry about
Re: (Score:2)
Those are good theories as to why there aren't a standardized infrastructure, but I feel they are very weak when considering the OP has just been told they want a company-wide standard on electronic document handling system.
If they are wanting to standardize on one product here, there is a good chance they will be wanting to (though I don't know why they haven't already) standardized the rest of their IT infrastructure.
You can standardize on certain aspects of your infrastructure without running into the pr
Re: (Score:2)
Only if you have readily available certificates.
Is the company the CA for these documents? If so, what is the process to getting a signing certificate? Will they be using personal certificates? What is the security level of the workstations? The division LANs? What about the company-wide WAN?
Also, there is (supposedly) a learning curve between OOo and MSO, what's the standard in each division (I'm not current on MSO so I don't know if MSO supports any OOo formats)? What are the majority of users using?
This
Voltage Secure-stuff? (Score:2)
I recently got some data from a health agency, and they sent it using Voltage SecureMail.
Not sure of the exact specifics, but it seems that when they send an email with a secure attachment the file is stripped, stuffed on a repository, then I get a link. I have to register and sign in, then I can download the attachment. Personally I'd rather all attachments worked this way rather than people sending individual multi-megabyte files over SMTP to multiple recipients, most of which wont bother reading them...
Re: (Score:2)
I don't. we mail multi page PDF's and excell sheets back and forth where I work. Having to log into a separate website and download pdf's 10-50 times a day would be more annoying.
What is needed is for email to move into the 21st century. redesigned to handle all the things that it is asked to do.
Sense/net, SharePoint, OpenText, Interwoven (Score:2)
Sense/net, SharePoint, OpenText, Interwoven ordered by cost. My personal favorite is Interwoven TeamSite as it hooks directly into Office.
Documentum is awesome but so is the price...
The are multiple document management solutions (Score:2)
But no real authentication systems that accomplish the goals you lay out. Even PGP (if you can convince people to use it and educate people on how it works) only accomplishes signing. It will not track these documents in the manner you describe.
And PGP has significant problems. People understand what passwords are. They do not have a clue what a 'private key' is, or what it means to use one. This requires significant education effort. And unfortunately the user interfaces surrounding products that use
Re: (Score:2)
But the OP's people want the thing they get from a piece of paper with
Re: (Score:2)
I agree that the problems aren't insurmountable, but they are not trivial either. And the web-of-trust stuff is confusing, yes. But so are all the options about what kind of key, bit-length, user ids and all that stuff.
I think it's slowly getting better, but even the GUIs I've seen do little to hide the confusion.
You are on the right path... (Score:1)
...but I assume in your case you should probably have a look at something backed by a commercial company which will take the hassle to certify the system and your workflows. Have a look at Alfresco (alfresco.com) which already has some certifications (e.g. http://www.alfresco.com/media/releases/2009/10/records-management/ [alfresco.com]).
depends on what you mean by 'signing' (Score:1)
The question I have is what you mean by 'signing' a document.
If you mean that a piece of paper has been physically signed by someone and then scanned and an image retained, then you need a document imaging system.
If you mean to go paperless and can get people to fill out online forms, you can make the case that they are doing the electronic equivalent of signing when they log into the system with their own username and password AND they click on a given button (eg. "Submit" or "Apply Signature") and per
Ask the other divisions? (Score:4, Interesting)
I realize your company may not make it easy to do so, or the other departments may not help but ...
Have you considered, since you're the only one in your portion that asking them for help may useful?
I'm making a lot of assumptions about an ideal situation that may not apply to you, I realize that, so it may not be possible for you.
If it were though, you might find that you can save yourself a lot of time just by working with the other groups.
You could also very well create a new position for yourself, pull all 3 divisions together and save some money in IT and you might end up in charge of all of them. (if you want to do that, personally I still prefer to be in the trenches).
Either way, you may find that they've already done this research and found something that didn't work for them, but might work for you, OR might work for everyone if you all got together to do it, versus not being cost effective for one group to do it.
A company I worked for was bought out a long time ago, we basically continued to operate as 2 companies under one name for a long time. Then our IT department started pushing to integrate, taking the best parts of both companies and merging into a better structure overall. We ended up saving a lot of money.
Interestingly enough, our IT was killed off and released shortly after we suggested that moving the web servers that had a window view of wall street to somewhere that we could run them for 10 years for the same cost as single day in their current data center ... So you may want to be careful what you suggest.
Another interesting twist was that shortly after we got 'released', the company was bought once again, by a company near Atlanta, which promptly closed all the offices on Manhattan, including the one that was chosen over us. Senior management from our original company passed along the word that the new buyers made it clear that stupid choices like killing our data center and keeping one in Manhattan is exactly why they were now going to be looking for new jobs themselves.
We were vindicated, but some of us were still unemployed unfortunately. Either way, it may still be worth your while to try.
Re: (Score:2)
Yes, there will be talks with representatives of all divisions. We're just in the process of gathering the necessary information to at least have something concrete to talk about.
Another factor to consider is the fact that the IT department at the central offices is not as undermanned, although they have their hands full. So I need to cooperate with them if a solution is eventually adopted.
Pharmaready DMS (Score:1)
PharmaReady [pharmaready.com] has a DMS system that should be able to do what you ask provided you have the webserver available outside your intranet. Instead of passing documents via email, authorized users would upload them themselves and then pass a link. The system is designed with FDA regulations in mind and keeps an audit trail of all activities and has well defined users and user permissions.
Open Text FirstClass & Social Media (Score:1)
Validated systems (Score:2)
It is not that it would be impossible, or even ridiculously difficult, for you to set this up. However, if your company wants to do this in any sort of reasonable time frame (less than a year), you will need to work on this as your primary task. You will, also, need t
ECM (Score:2)
Perhaps I am misunderstanding the inquiry but it sound like you are asking about enterprise content management [google.com].
Sendside may be perfect (Score:2)
https://www.sendside.com
Secure document management, electronic signatures, and many other features, using a SaaS model like Salesforce
NetDocuments (Score:1)
NextDocs/Sharepoint (Score:1)
yes I am a human (Score:1)
what's this "You failed to confirm you are a human. Please start from the beginning and try again. If you are a human, we apologize for the inconvenience" thing ?
Adobe Acrobat has cross-platform support (Score:1)
Adobe Acrobat will do some of this, if not all. It does not require a central document repository and works across platforms - at least, as I recall, documents can be signed and verified on Linux though must at present be created in Distiller on Windows. As PDF is a somewhat open standard there is at least the possibility of other tools supporting the digital signatures.
A document may have multiple signatures placed in the document body in a natural way - i.e. where you might have an ink signature box. You
Re: (Score:1)
Have a look at Lotus Forms (Score:1)
RUNA, nuxeo (Score:2)
You can try to make a solution for your problem by using Runa-WFE http://wf.runa.ru/About [wf.runa.ru]
It's free software, and, as far as I know, can handle your tasks.
Also you can try to look to http://www.nuxeo.org/xwiki/bin/view/Main/ [nuxeo.org]
Both products are based on Jboss
Consider XAdES (Score:2)
Also, the upcoming ODF 1.2 supports it (see ODF spec part 3 chapter 4).
eSignature (Score:1)
Approvals tracking (Score:1)
You're not really looking for full-blown document management. You're looking for electronic approvals (usually called eSignatures).
The simplest way to do it is embed the eSignature (approval) in the word document or in a pdf.
Look at silanis for embedding in word documents
http://www.silanis.com/solutions/e-signatures-desktop.html [silanis.com]
Look toward adobe for embedding in pdf.
http://www.adobe.com/products/livecycle/digitalsignatures/ [adobe.com]
I would only use these for the important approvals that