Mobile tag

About Me

I am the "IBM Collaboration & Productivity Advisor" for IBM Asia Pacific. I'm based in Singapore.
Reach out to me via:
Follow notessensei on Twitter
Amazon Store
Amazon Kindle


Domino Upgrade

VersionSupport end
Upgrade to 9.x now!
(see the full Lotus lifcyle) To make your upgrade a success use the Upgrade Cheat Sheet.
Contemplating to replace Notes? You have to read this! (also available on Slideshare)


Other languages on request.


Useful Tools

Get Firefox
Use OpenDNS
The support for Windows XP has come to an end . Time to consider an alternative to move on.

« Evolution of the Self | Main| Domino Development - Back to Basics - Part 1: The NSF »

You approved what?

We all love our processes and the associated workflows. I recently even discovered a set of paper based ones at a customer site. I'm looking here at approval flows, not execution flows (that basically are checklists so everything is done in the right sequence and documented). In a nutshell they are all the same:
If someone claims it is more complicated than that, laugh at them
Someone request something, a set of approvers mused about it and the result has consequences. We all have build this type of applications in eMail, Notes, Sharepoint, dbBase, using spreadsheets, paper forms or high powered BPMN/BPML/BPEL engines. Workflow engines are supposed to ease the creation of the forms flowing through the process. They follow the same pattern: user fills in the form, some routing magic happens, the approver sees the same form, but with approve/reject and eventually a comment etc. We record who and when the approval happened (even using a signed section in Notes client apps) and the routing (and notification) magic kicks in again.
Since our systems are well designed and secure this works very well. Does it?
When we only record the who and when of approvals, but not the what, we open the door to the challenge:"I never approved THAT". So we need to capture a snapshot of how the record looked like at the moment of approval. Ideally that snapshot gets secured with a digital signature leading to non-repudiation. Now the next approver needs to not only endorse the data snapshot at the time of approval, but also the previous signature, so it can't be retracted either.
Approvals need to overlap each other
Now try to model that in an RDBMS (let me know if you succeed). This is one of the reasons why workflows are document oriented (sure you can persist it into an RDBMS, but you need to reassemble it to validate the signatures) and will stay that for the foreseeable future. The current "gold standard" for document signatures is XML Signature with an JSON equivalent in the making.
Some applications have support for signatures build in. For others we need to have a look at code. Stay tuned.

Update/Bonus challenge: Make the non-repudiation external verifiable (e.g. submit that to the court evidence collection). Hint: it is in the data, not the application


Gravatar Image1 - Nice little article. Amazing that so few people understand that concept. I guess when you come from a Notes background, you understand security a lot better.

Gravatar Image2 - Are you asserting that digital signatures are the only to achieve non repudiation of an approval in a workflow?

Gravatar Image3 - I'm asserting, that you need to capture all three: who, when, what. I'm also asserting that digitial signatures are an established way to achieve non-repudiation.

And I'm admitting I wouldn't know of another method that can withstand scrutiny - but I'm happy to learn.

The easiest attack against an application (and not cryptography) based approach:

Q: Is there any user/admin who had direct access to the database table
A: (in all cases) - Yes the superadmin

Q: Could the superadmin alter one field in the table
A: Yes

-> not watertight

and of course there are clever mothers

Gravatar Image4 - Welcome... to the Blockchain. Emoticon

Gravatar Image5 - A few clicks in Salesforce and it's done. Even printing AND reporting.

Gravatar Image6 - As for knowing how a document looked at point in time, there are databases in which time is a fundamental concept (Datomic). For other databases there are ways of capturing point in time state without explicit record/document versioning.

As for non-repudiation, I'm not a repudiator so no worries.

Gravatar Image7 - Hello Stephan,

Nice and very simple article. can you also pl. provide what graphics tool / software you used to create such a nice graphics?

Post A Comment

Please note: Comments without a valid and working eMail address will be removed. This is my site, so I decide what stays here and what goes.



This site is in no way affiliated, endorsed, sanctioned, supported, nor enlightened by Lotus Software nor IBM Corporation. I may be an employee, but the opinions, theories, facts, etc. presented here are my own and are in now way given in any official capacity. In short, these are my words and this is my site, not IBM's - and don't even begin to think otherwise. (Disclaimer shamelessly plugged from Rocky Oliver)
© 2003 - 2014 Stephan H. Wissel - some rights reserved as listed here: Creative Commons License
Unless otherwise labeled by its originating author, the content found on this site is made available under the terms of an Attribution/NonCommercial/ShareAlike Creative Commons License, with the exception that no rights are granted -- since they are not mine to grant -- in any logo, graphic design, trademarks or trade names of any type. Code samples and code downloads on this site are, unless otherwise labeled, made available under an Apache 2.0 license. Other license models are available on written request and written confirmation.