Regression analysis: Simple Linear Regression Multiple Linear Regression
Scenario
1. SENIOR PROJECT 2007-2008
(Scenario of the ekoSign project)
4. Scenario
Adaptation of XML Signatures to Supply
Chain Document Flow
Project team members
Hüseyin Çakır, Mehmet Mesut Özışık, Yılmaz Kaya
Abstract: A sample scenario that presents the general structure of document flow in a company is
developed under the software developing principles.
Keywords:Sample Scenario, Document Flow and Predefined Policies.
http://groups.google.com/group/digitalsignature
digitalsignature@googlegroups.com
PRINT DATE: 05/06/08
1
2. 4.1 Introduction
This documentation related with the elaboration phase of the project. The goals of this phase is to to
establish and validate the system architecture. Processes undertaken in this phase include the
creation of use case diagrams. Figure 4.1 shows the steps of the unified process and which step the
project plan paper belongs to.
Inception
Elaboration
1.Introduction
2.Project Plan
3.Basic Concepts
Construction
Transition
4.Scenario
Figure 4.1 Steps of Unified Process.
4.2 Objectives
The objectives for this scenario are as follows:
1. Develop a framework for understanding the main steps of order flow.
2. Analyze the main roles of the sample company.
3. Constitute policies and authorization levels for the roles.
4. Understand the main business concepts to apply company business strategy within the
project.
5. Develop a simple XML document for understanding how order document can be
implemented into digital platform.
4.3 Scenario's Roles
In the scenario there are 5 main roles;
•
•
•
•
•
Company,
Company Management
Company Sales Department,
Company Warehouse and,
Customer.
2
3. 4.4 Scenario Roles' Definitions
4.4.1 Company
This is the sample company that uses digital signature to manage orders coming from outside of the
company and also internal document flows.
4.4.2 Company Management (CM)
The decisions about sales and supply are made by the Company Management. This department
communicates with the CSD, CW and Supplier. This department also defines the company strategy
and policy.
4.4.3 Company Sales Department (CSD)
In this scenario CSD is the department that manages the orders coming from customers. In addition,
this department requests goods from Company Warehouse to be sold and also informs the
management about the ongoing sale. It composed of two main roles which are Sales Staff and Sales
Representative.
4.4.4 Company Warehouse (CW)
This department is responsible for the availability of the products at warehouse of the company.
This department communicates with CSD and CW.
4.4.5 Customer
This is the role that make the orders to Company. The customers buy company's products by using
order documents that includes personal information, order information and also credit card number.
4.5 Digital Signature from Business Perspectives
Todays e-business becomes more important, companies are need to prepare paperless document
flows. However, when moving to a paperless environment companies could fail to find a way for
applying company strategy within business processes. Applications' integrity with the general aim
of the company is very important for the success of a company's e-Business strategy. So,
organizations should get a solution that is tailored to their specific needs. Digital Signature solutions
must be combined with the policy rules and departmental rules within a comprehensive solution for
the companies (Figure 4.2).
Company Strategy
Company Policy
Order Document
Figure 4.2 Abstraction of Company Strategy.
3
4. 4.6 Scenario
As it was mentioned in section 4.3 the company is composed of four main roles with different
authorization levels according to the policy and departmental rules which were built according to
the sample company's strategy.
Figure 4.3 Scenario.
4.6.1 Company Policy
A policy is organizational rules for governing acceptable use of computing resources, security
practices, and operational procedures. In this scenario, company policy is determined by company
management this means that management has a right to determine authorization levels for other
company departments.
As a sample company policy, company sales department is authorized to sign the order costs which
are below 50.000$ whereas company management can sign order costs above 50.000$. So the
orders higher than 50.000$ must be directly sent to the company management (Table 4.1).
Role
Authorization
Company Sales Department
< 50.000$
Company Management
>= 50.000$
Table 4.1 Company Policy.
STEP #1: Customer Sends Order
First, Customer sends an order indicating that 1500 units of product worth of 100000$ are needed
(Table 4.2).
Signatures: Customer
1500 units of product worth of 100000$ are needed on 21.02.2008 at 10:00.
Table 4.2 Customer Sends Order.
4
5. STEP #2: Sales Department Applies the Policy and Sends Order to the Warehouse
As the cost of the order is under 50000$ then according to the company policy, the document is
processed by CSD and sent to the Warehouse (Table 4.3).
SIGNATURES: CUSTOMER, SALES DEPARTMENT
Customer: 1500 units of product worth of 100000$ are needed on 21.02.2008 at
10:00.
Sales Department: 1500 units of product is required.
Table 4.3 Sales Department Sends Order to Warehouse.
STEP #3: Sales Department Applies the Policy and Sends Order to the Management
As the cost of the order is higher than 50000$ then according to the company policy, the document
will be sent to the Management (Table 4.4).
SIGNATURES: CUSTOMER, SALES DEPARTMENT
Customer: 1500 units of product worth of 100000$ are needed on 21.02.2008 at
10:00.
Sales Department: Cost is higher than 50000$, the confirmation needed from
management.
Table 4.4 Sales Department Sends Order to Management.
STEP #4:Management Sends Order to the Warehouse
Than, the document arrives at Management and Management sends document to Company
Warehouse (CW) (Table 4.5).
SIGNATURES: CUSTOMER, SALES DEPARTMENT, MANAGEMENT
Customer:1500 units of product worth of 100000$ are needed on 21.02.2008 at
10:00.
Sales Department:Cost is
management.
higher than
50000$, the
confirmation needed
from
Management: 1500 units of product is required.
Table 4.5 Management Sends Order to Warehouse.
5
6. 4.7 Sample XML Document that Contains Multiple Signatures
A XML document consists of two part one that holds the information that will be sent to the
receiver the other part that holds the XML signatures and XML hash algorithms references. The
information sent in this scenario is like in Figure 4.4, it shows the sample scenario that sends the
informations under the control of the company policy and holds multiple signatures.
SIGNATURE #1: CUSTOMER
Customer sends order to the Sales Department indicating that “1500 units of
product worth of 100000$ are needed on 21.02.2008 at 10:00”.
SIGNATURE #2: SALES DEPARTMENT
Sales Department takes the order and according to the policy sends order to the
Management.(“Cost is higher than 50000$, the confirmation needed from management.”)
SIGNATURE #3: MANAGEMENT
Management sends order to the warehouse.(“1500 units of product is required.”)
<order>
<!-ENCRYPTED ORDER INFORMATION-->
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
Encrypted Customer Order
Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>rsaKey</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>NpXleAAvjsx/afFGVFM3jKDk/Dj2prknl1eXcf7+gveP7+2pa26ILGlAPV0NTFLkQxTwHSfhk
V4y0PMr7xPNQ9a8qNcsN7MPSl45OoTE0l7yJD5jD0462rlXmCwEVdgZi3Oi0LA2dto/SxCSKicxbiBIeZl1iWctRo
WfkrzgKkw=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>gn4aaCOi/5P2+k5HHJ2vzMltSXt6O2+SMiNXFCn8mq/fHvRxwqqSBeejPiEpI4iXg/u0AhKz2jlN
EPqbnMB17EfT81DiW5VYAPssA8NM
+cmdccTotWtj32EnOqIJNVsanPl4i/RsXFwL6a7K2YIHe6l0Tewwyj3ZWSSzHbq1c2GsGi0qBAXe1vsRrDr1cmW/C
rbJDW70YzMuoVS8IysYgm9n96Wo/dTyaGPl+fG
+Cs5KAZyDZRRSP9CXDJ38WZGGRfdQCnvhf8ztG8CuB9mruK56mtjz9rV3HkqM2etLDzcbXmkeyAErSJrS4W5n
zw7NkbZOMht2JdTN+XhcTrS2GA==</CipherValue>
</CipherData>
</EncryptedData>
<!-SALES DEPARTMENT MESSAGE-->
<salesDept Id="s">Cost is higher than 50000$, the confirmation needed from
management.</salesDept>
<!-MANAGEMENT MESSAGE-->
<management Id="m">1500 units of product is required.</management>
<!-SIGNATURE OF CUSTOMER-->
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> Signature #1: Customer
<Reference URI="#c">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
6