search

18F / e-manifest

The EPA e-Manifest project
Other
11 stars 11 forks source link

signature process #52

Closed pkarman closed 8 years ago

pkarman commented 8 years ago

Right now there is a 2-step process to sign a manifest:

  1. Get a signature token via authn credentials
  2. Post the signature with either :id or :tracking_number attribute

What prevents us from doing it in one step?

If it must be two steps, can we allow for :id or :tracking_number or both? That would also allow us to simplify the API endpoint to POST /manifests/signature and the body payload is used to identify which manifest is being signed.

jessieay commented 8 years ago

I think it is two steps because some people might want to submit a form without signing. Not sure though.

On Wednesday, January 13, 2016, Peter Karman notifications@github.com wrote:

Right now there is a 2-step process to sign a manifest:

  1. Get a signature token via authn credentials
  2. Post the signature with either :id or :tracking_number attribute

What prevents us from doing it in one step?

If it must be two steps, can we allow for :id or :tracking_number or both? That would also allow us to simplify the API endpoint to POST /manifests/signature and the body payload is used to identify which manifest is being signed.

— Reply to this email directly or view it on GitHub https://github.com/18F/e-manifest/issues/52.

scottdchristian commented 8 years ago

My understanding is the user authenticates and then CDX sends back a token and their secret question, which the user needs to send back with the answer to their second question.

Separate note: One thing we may need to add is a review of what the user is signing.

Per CROMERR title 40 CFR §3.2000(a)(5)(iii) Each signatory had the opportunity to review in a human-readable format the content of the electronic document that he or she was certifying to, attesting to or agreeing to by signing;

pkarman commented 8 years ago

@scottdchristian the signatory can always fetch the e-Manifest document via the API, and review it. That's identical to what is signed.

pkarman commented 8 years ago

Answered in Slack. Since there are a variable set of question/answer credential pairs that only the user knows, we must wait for CDX to supply which question is being used for the particular token in play.