Analysis: Functional signing support in Altinn 3 #16
Labels
area/process
area/signing
Epic
feature-complete
In relation to A2 and June 2023
kind/chore
Technical tasks/debt needed in order to maintain a healthy system or otherwise improve dev processes
kind/user-story
Used for issues that describes functionality for our users.
ux
Needs some love from a UX resource
Description
Based on Altinn/altinn-studio#5145 and feedback from agencies it is identified that Altinn 3 needs support for functional signing
Identified Requirements
Screenshots
TODO: Create signing view
Considerations
Signature documents
We need to store separate signature documents for each signature. The document needs to contain the following
Example below
Signature API
Adding signature
The post API for creating a new signature needs to take in a document that references the documents that are included in the signature.
The API would need to add information about
We would need to create new APIS for signature in App
When a signature is added the signing API needs to return if the valid amount of signatures is reached. This to
In storage, we need signature API
External Document Viewer
For the functionality where an external party needs to present a viewer for binary files attached to instance we need to be able to set up an external document viewer URL. This would need to take input on instanceID and dataId in URL. The windows should probably open a new window.
The document viewer would require the authentication and authorization of the signer.
If the viewer is located outside of the Altinn apps domain the viewer needs to be integrated with ID-porten. For authorization, it probably needs to get roles/rights from Altinn.
Digital signing of signature.
In Altinn 2 Altinn creates a digital signature of the signature document. There has not been indicated any need for this.
Suggest not to implement this in Altinn 3.
Process API
When NEXT is called on the process API it needs to do the following
Technical Sequence diagram
Authorization
For the signature and process API, the app needs to authorize when users add signatures and pressing the next API.
We need to define a new policy for API for adding signature.
Read of signatures only requires rights for READ operation in XACML policy
MD5 checksum
We need to verify that MD5 checksum we add from blob can be verified externally. See here
Acceptance criteria
A signature needs to contain the following
Configuration
Specification tasks
Development tasks
Part 1
Part 2
Part 3
This is possible a separate issue
Definition of done
Verify that this issue meets DoD (Only for project members) before closing.
The text was updated successfully, but these errors were encountered: