Title Index
Recently Changed
Page Hierarchy
Incomplete
Tags
To avoid the need to have each Purchase Order physically signed, this has been automated so that when the Purchase Order is created it is signed systematically.
In order to accomplish this the user must have a token device. Currently we use a small USB stick called a 'yubikey' as our token device. picture: http://static.yubico.com/var/uploads/press/high-res/white_single.jpg This is a physical electronic device that holds the key to the users signature, and should be treated as such. They are robust, and capable of being carried on a keyring. Think of it like a credit card in regards to safety, access to the device allows people to sign documents as the user the device is set up for, and the device is about as physically durable as a credit card. The Director of Finance controls access to who needs a signing token.
Once access is granted, the Compass team will setup and send you a token device, along with instructions on how to use the token device.
The device consists of injection molded plastic encasing the circuitry which makes up the YubiKey while the exposed elements consist of military grade hardened gold. The YubiKey does not contain an internal battery or any moving parts which means that a YubiKey will never stop functioning due to lack of power, mechanical issues or internal damage due to exposure. It is a unique physical token which cannot be duplicated or recorded, and the signature can not be removed from the device (tho it can be re-assigned to a different person,).
The UI requires 3 things from the user: username, password, and the token string. The users have to enter these values every single time they sign something. But if the user chooses to batch the PO's,all of the PO's in the batch will be signed with just the one token/password/email combo. The combo, token, password, username returns a 'ticket' that is valid only 1 time, and for <5 minutes. This prevents PO's from being signed unintentionally since the user has to physically interact with the UI in order to sign the POs.