Overview

A common requirement is the development of a secured application. During the application development process, artifacts such as configuration files and process flows are produced. These artifacts must be protected to avoid tampering at the installation site.

Distributing the application requires that the flows, dictionary, and configuration files be signed, and that the policies distributed to the customer require that these file signatures be verified on use. This can be done by specifying the appropriate policies and then distributing the security file (in the configuration directory) with the application. If the distributed application does not grant administrative authority to any users, then the policy cannot be changed.

Management of the dictionary signature is automatic. A validly signed dictionary must be distributed to customers. Doing this simply means taking the dictionary to be run from the development system. No further preparation or action is necessary.

Process flows need to be signed individually before they are packaged for distribution.

The server manages signing keys. It considers two types of files, dictionaries and process flows. Each type uses a unique key pair. The server automatically selects the proper key for signing and validating configuration files based upon the type of file.


iWay Software