Adobe LiveCycle (Archived)

tarekahf · 5/15/09

Hi to all ...

I have upgraded to new LiveCycle Desinger 8.1 few days ago, and still do not know all the new features.

I was requested to develop new LiveCycle Form, but this time it has to be secured by Digital Signatures or what every appropriate method.

The form has exactly 2 sections and 2 Digital Signatures:

1. The first section/part is to be filled by the Staff (let us call him the Authoring Staff).

Any one can fill the first part.

After the first part is signed, the Data Entry on the first part should be locked, and no one on Earth should be able to change the data on the first part. Only the signer of the first part is allowed to update/clear the signature but only and only of the Second part is not yet signed.

The staff should not be allowed to sign the form unless all mandatory fields and other validation logic is statisfied.

Only the Signer of the Form and special authorized staff/group of staff will be allowed to open the form. Let us call them Group01.

2. The second section/part is to be filled by special authorized staff/group (say Group02), they are basicall HR Staff (this is a secret).

The second part can only be filled if the first part is filled and signed by the Authoring Staff.

The second part can be signed only if the validation logic on the second part is true (no errors, and all mandatory fields are filled).

Once the second part is signed, the first part the the second part should be locked, and no one on earth should be able to change anything on the form.

Only the signer of the form should be able to clear the signature of the 2nd part and make any changes requried.

If the 2nd part is signed, the Authoring Staff should not be able to change anything on the form.

*****End of Requirements.*****

I have just started, and I am requested to desing the form and implement the required security in 10 days only.

Can any one please help me ?

I am doing my research now.

Thank you.

Tarek.

Jono_Moore · 5/19/09

I can't help you too much except to say what you are trying to do is exactly what digital signatures are for. When you set up a signature field you can have it lock whichever fields you want (and do validation).

How you authenticate people or hand out digital signatures is going to be the problem (and beyond my knowledge).

tarekahf · 5/19/09

Thanks for the reply.

I think I am moving in the right direction ...

I have tested Digital Signature Locking featue, and it works like a charm .... it was above my expectation .

As per the help of LC Desinger ES, you cannot use the Locking Feature of Digital Signature if you want to lock Dynamic/Repeating Subforms/Fields. But, when I tested it, it worked on all kinds of Form Elements.

Now the next question:

How I can prevent the non-HR Staff to fill the second part of the form after they sign the first part of the form ?

In otherwords, I want only the Authorized Users to be able to update the fields on the second part, how ?

Your help will be greatly appreciated.

Tarek.

Jono_Moore · 5/19/09

That's beyond my skills - I think you need some sort of employee lookup via LDAP or something along those lines.

Hopefully someone here can point you in the right direction.

tarekahf · 5/19/09

My objective it to Authenticate (detect the Identity or role) of the user on the client side.

ie, using the Digital Signature installed on the client PC under Adobe Reader/Acrobat, I want to retreive the Identity of the user.

If this is not possible or not practical to do, then I have plan B.

When the 2nd part is signed, just before that (unsing the pre-sign event) I will set a hidden Status Field to indicate that the second part is signed "Signed by HR".

When the form is submitted to the server (ASP.NET Website), I will retrieve the value of the Status Field, and using this value, and the identity of the authenticated user under ASP.NET Website (Integrated Windows Authentication), I will accept or reject the submitted form accorndingly.

I would like to do this on the client side, before submitting the form to the server... I hope someone will help me to do that.

Tarek.

Report · 6/12/09

We've been trying to get a straight answer out of someone at Adobe for a month. But as soon as you ask a question like this, they pretty much say, "That's beyond my knowledge level" and you are left hanging. It is very frustrating.

You are on the right track with your signatures and locking appropriate fields. That's the easy past. The part that is hard and where I can't get a straight answer is "How can I be sure that whoever looks like they signed it actually did sign it?" There's no easy way to authenticate unless you go to a 3rd party like VeriSign or someone like that. Seems to me you should be able to keep that information at home on a server and authenticate across the network. Adobe neglected to include that in all their stuff and never really tells you that in the five manuals and 800+ pages of explanation on how to implement electronic signature.

tarekahf · 6/12/09

Dear Dfoto,

Thank you so much for being so kind to spend the effort and reply back, I though my question was left behind the sun... but now I am very happy in deed.

To be more specific, the Form has 2 parts. The first part "Subform1" any one can fill and sign.

The second part "Subform2", only certain users can fill and sign.

I think I found a very strong lead to my solution, when I was playing with LiveCycle Desinger few days ago.

On the Singature Field Advanced Setting, there is a place you can attach the public part of a certificate (Digital Signature) of any user, one or more.

In this part, you tell LC that only those users "signing parties" can sign the field. I tested it and it worked.

Now, if I can use this feature via JavaScript to find out if the user who is filling the form, can sign this field, then he can fill the form. If he cannot sign the field, then he cannot fill the form. I can do that by setting the "access" property of the Subform. Another solution is that I can prevent the user from hitting the "Submit" button unless he signes the designated Signature Field.

I have another small issue:

I found out that if the Signature field is part of a repeating dynamic Subform, it will not work during run-time. Very bad in deed. While I cannot understand why ?, I tool this as "By Desing" feature.

Now, if the Signature is locking parts of forms which has dynamic content (repeating subforms), it will always show somthing like "Signature is corrupted or form was changed after it was signed".

Is this normal ? Is there a way to control Dynamic Forms using Digital Signatures without such annoying issues ?

Thank you.

Report · 6/15/09

You need to design the form so signature occur as needed, and fields are locked where appropriate. Once you get to the end of the form and the last person signs it, the form shoudl show as being verified with all signatures. When I have a form that requires signatures, I lock all fields that will not need to be changed by the signer. Usually the final signer reviews the form, signs, and it is on its way unchanged. If the form needs to be changed, it should be sent back to the original signer. The procedure from there depends on the individual requirements of each company. If there might be a chance that it gets returned for changes, then the form designer needs to recognize this and affect the logic for signing. Not sure how to do that, but you get the idea.

Good luck.

erichill114 · 5/20/15

Were you ever able to figure out how to do this? I could use your help desperately in designing a current form.

Thanks,

Eric

Adobe LiveCycle (Archived)

Using Adobe LiveCycle Designer ES and secure parts of form using signatures.

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe