Certificate Manager

Workflow Diagram:

User/Tenant

Login using Username/Password

Any 3rd Party
Application

Single Sign-On
Single Sign-On

(SAML 2.0)
(SAML 2.0)

UI (Angular) Restful API

Certificate Management System

Server-side platform (NodeJS)

Third party libraries

like Aspose PDF for Certificate
Database
any PDF Manager
PostgreSQL
manipulation DogtagPKI
Statement of work:

The website will support several companies/organizations using the system

independently.

The website will support a role-based system to manage permissions and access levels.

Users will be able to come through any third party systems like CoreLogic, Qlogic, etc.
using single sign-on or they should be able to login to the system directly using the
username and password.

Users/Tenants will have the ability to manage certificates (Create, Revoke, Expire, etc.),
manage users etc.

Users with respective permissions will have the ability to manage users/

Should be able to sign the pdf documents using the certificates created.

Should be able to stamp the date and time on the pdf document when it is signed.

Technologies:

Backend: Node JS
Frontend: Angular
Database: PostgreSQL
Single sign-on: SAML 2.0
Certificate creation: DogTagPKI
API: RESTful web services
Hosting: Amazon cloud
PDF manipulation: Aspose PDF

NodeJS

Node.js is a server-side platform built on Google Chrome's JavaScript Engine (V8

Engine). Node.js is an open-source, cross-platform runtime environment for developing
server-side and networking applications. Node.js applications are written in JavaScript
and can be run within the Node.js runtime on OS X, Microsoft Windows, and Linux.
Node.js also provides a rich library of various JavaScript modules which simplifies the
development of web applications using Node.js to a great extent.
Angular

Angular 8 is a client-side TypeScript based framework that is used to create dynamic

web applications.

PostgreSQL

PostgreSQL is a powerful, open-source object-relational database system that uses and

extends the SQL language combined with many features that safely store and scale the
most complicated data workloads. PostgreSQL is highly extensible: many features, such
as indexes, have defined APIs so that you can build out with PostgreSQL to solve your
challenges. PostgreSQL has been proven to be highly scalable both in the sheer quantity
of data it can manage and in the number of concurrent users it can accommodate.

SAML 2.0

SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to
pass information about a principal (usually an end-user) between a SAML authority,
named an Identity Provider, and a SAML consumer named a Service Provider.

DogTagPKI

The Dogtag Certificate System is an enterprise-class open source Certificate Authority

(CA). It is a full-featured system and has been hardened by real-world deployments. It
supports all aspects of certificate lifecycle management, including key archival, OCSP
and smartcard management, and much more.

Restful

REST stands for Representational State Transfer. REST is used to build web services that
are lightweight, maintainable, and scalable.
Questions:

 Are workflows (how many signatures are required and where specifically on a
document) configured in CM?
 Is conversion to PDF/A handled by CM?


Assumptions: