Alfresco discussion and collaboration. Stick around a few hours after asking a question.
Official support for Enterprise subscribers: support.alfresco.com.
Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.
More information about the channel is in the wiki.
More help is available in this list of resources.
2017-10-05 00:43:52 GMT <fwu> hi all!
2017-10-05 06:17:08 GMT <DarkStar1> Good morning everyone
2017-10-05 06:51:44 GMT *** marsv024_ is now known as marsv024
2017-10-05 07:02:43 GMT <yreg> Morning everyone !
2017-10-05 07:02:47 GMT <yreg> Morning DarkStar1
2017-10-05 07:40:05 GMT <digcat> morning guys
2017-10-05 07:40:30 GMT <digcat> anyone read this https://www.techdirt.com/articles/20170930/00522238319/oracle-tells-white-house-stop-hiring-silicon-valley-people-ditch-open-source.shtml#comments
2017-10-05 07:40:31 GMT <alfbot> Title: Oracle Tells The White House: Stop Hiring Silicon Valley People & Ditch Open Source | Techdirt (at www.techdirt.com)
2017-10-05 07:56:21 GMT <bhagyas> digcat: haha, no
2017-10-05 07:56:27 GMT <bhagyas> quite interesting though
2017-10-05 07:57:04 GMT <bhagyas> we know at least one other company that constantly tells their open source product is not fit for use :p
2017-10-05 07:57:51 GMT <digcat> hey bhagyas, how are you going, yeah its a standard reply from closed sourced vendors, amazing its still a tactic
2017-10-05 07:58:27 GMT <digcat> you guys are oracle gold partners too, gotta love oracle
2017-10-05 07:58:28 GMT <bhagyas> digcat: doing goooood! back in sweden after some good time spent in sri lanka and maldives
2017-10-05 07:58:44 GMT <digcat> ahh so your nice and relaxed
2017-10-05 07:58:47 GMT <bhagyas> digcat: we discontinued the partnership last week
2017-10-05 07:59:03 GMT <digcat> definitely on my todo list, sri lanka and maldives !!
2017-10-05 07:59:38 GMT <digcat> interesting re oracle status
2017-10-05 08:00:03 GMT <digcat> i guess the worry is with Trump, he might listen to them
2017-10-05 08:00:07 GMT <bhagyas> haha nah
2017-10-05 08:00:13 GMT <bhagyas> trump listens to nobody
2017-10-05 08:00:14 GMT <bhagyas> :p
2017-10-05 08:00:43 GMT <digcat> yeah, but wonder if he uses oracle in trump inc, could get a huge discount!
2017-10-05 08:01:59 GMT <bhagyas> possibly
2017-10-05 08:02:12 GMT <digcat> ~later tell resplin, considering you guys do plenty with US Gov, does Oracles letter deserve a response, or is it better just to ignore?
2017-10-05 08:02:12 GMT <alfbot> digcat: The operation succeeded.
2017-10-05 08:02:18 GMT <bhagyas> working with Oracle actually changed our views about Oracle
2017-10-05 08:02:29 GMT <bhagyas> they are heavily investing in the success of their partners
2017-10-05 08:02:45 GMT <digcat> so how come leaving its family?
2017-10-05 08:03:37 GMT <bhagyas> we were not able to invest enough time with our other work to make it meaningful, which we felt was unfair to them as well
2017-10-05 08:03:40 GMT <digcat> ~later tell resplin heres their letter https://assets.documentcloud.org/documents/4064079/ATC-Response-1.pdf
2017-10-05 08:03:40 GMT <alfbot> digcat: The operation succeeded.
2017-10-05 08:51:41 GMT <yreg> guys is there a way to touch a node (trigger update behaviour) without actually changing anything
2017-10-05 08:54:23 GMT <DarkStar1> yreg: Sounds like an analogue of Pavlov's dog you're attempting right there :)
2017-10-05 08:59:15 GMT <DarkStar1> yreg: Not Pavlov. but schroedinger :)
2017-10-05 09:00:15 GMT <digcat> hey yreg, wouldnt that be really bad if you could do that ?
2017-10-05 09:00:39 GMT <AFaust> yreg: Well, you could disable the auditable behaviour and then simply do a setProperties() with the map you got from getProperties().... You might have to disable a couple of other interceptors to that could mess with the values transparently, i.e. filter out non-existing NodeRef values...
2017-10-05 09:01:27 GMT <bhagyas> AFaust: +1
2017-10-05 09:01:31 GMT <digcat> bhagyas, the time required re oracle, was that retooling, was chatting to an ex oracle, and they were saying the push to cloud is clearing out much of oracles existing support staff
2017-10-05 09:01:33 GMT <AFaust> digcat: Not really bad, because it is the responsibility of the behaviour to figure out if the update really is relevant. E.g. if you have an onUpdateProperties but the before/after maps are 100% identical, that would be valid
2017-10-05 09:02:02 GMT <digcat> ahh ok
2017-10-05 09:02:38 GMT <bhagyas> not really retooling, but rather aligning our offerings with their target customer base
2017-10-05 09:03:32 GMT <rusin_> hi all
2017-10-05 09:05:05 GMT <rusin_> i have tried add custom role through this.... https://github.com/Alfresco/alfresco-sdk-samples/tree/alfresco-51/ link
2017-10-05 09:05:06 GMT <alfbot> Title: GitHub - Alfresco/alfresco-sdk-samples at alfresco-51 (at github.com)
2017-10-05 09:06:02 GMT <rusin_> i have created repo and share jars, deployed in corresponding locations
2017-10-05 09:06:16 GMT <rusin_> but i got error like this
2017-10-05 09:06:32 GMT <rusin_> org.alfresco.repo.security.permissions.impl.model.PermissionModelException: 09050000 Failed to create permission model document: alfresco/module/add-permission-repo/model/customPermissionDefinitions.xml
2017-10-05 09:07:10 GMT <bhagyas> rusin: the sdk samples have last been updated two years ago, something might be different
2017-10-05 09:08:23 GMT <rusin_> @bhagyas ok thanks, how can i get latest one. if any share link
2017-10-05 09:10:07 GMT <rusin_> my alfresco version is community 5.2f
2017-10-05 09:18:48 GMT <bhagyas> there is no latest one
2017-10-05 09:19:09 GMT <bhagyas> i haven't seen any sdk 3 samples
2017-10-05 09:49:55 GMT <rusin_> is there any link to create custom role in alfresco community 5.2f
2017-10-05 09:50:38 GMT <rusin_> i have followed many links to do this but i can't get result
2017-10-05 10:47:48 GMT <fwu> hi all
2017-10-05 11:15:56 GMT <Loftux> When users connect to alfresco by other interfaces such as AOS, what approach have you used to prevent users to save in the Sites/<siteName> folder instead of the Sites/<siteName>/documentLibrary folder? What I can think of is permissions, but may break something
2017-10-05 11:31:14 GMT *** angelborroy_ is now known as angelborroy
2017-10-05 12:39:30 GMT <yreg> Loftux, what about rules ?
2017-10-05 12:40:15 GMT <yreg> Loftux, I thought AOS.. and webdav in general does not expose the level between site root and the doclib container
2017-10-05 12:41:13 GMT <yreg> but really a rule that would apply to the site directly and redirect any newly dropped/created document to documentLibrary would be my number 1 choice !
2017-10-05 12:41:46 GMT <Loftux> yreg: According to my customer, they have users that saved there
2017-10-05 12:42:35 GMT <yreg> that would be really odd, at least for AOS, maybe not for CIFS or FTP
2017-10-05 12:45:06 GMT <Loftux> yreg: Looking now in browser via https://loftux.net/alfresco/aos/https://loftux.net/alfresco/aos/Sites/ and it shows all.
2017-10-05 12:45:31 GMT <Loftux> that was ment to be just /alfresco/aos/
2017-10-05 13:08:58 GMT <fwu> ppl, anyone address a requirement like this in Alfresco: automatically replace document certificates when the certificate expire?
2017-10-05 13:11:08 GMT <angelborroy> fwu probably you need an LTA product
2017-10-05 13:11:51 GMT <angelborroy> which kind of signatures are you managing?
2017-10-05 13:11:55 GMT <angelborroy> AdES-T?
2017-10-05 13:12:22 GMT <fwu> angelborroy that would be my goal. Achieve a kind of document security store
2017-10-05 13:12:32 GMT <fwu> not any right now. just thinking on it
2017-10-05 13:12:48 GMT <angelborroy> so you have to find an LTA (Long Term Archiving) system
2017-10-05 13:13:12 GMT <angelborroy> and also some re-stamping process over AdES-T / AdES-A signatures
2017-10-05 13:13:37 GMT <fwu> this is the goal: Because PDF documents are capable of being stored for a long time, there’s a need to have tools available to ensure that electronically signed documents will remain valid for long periods too. Especially for important documents, the validity of the signature should remain, even if the signing key/certificate has expired or has been revoked, the issuing CA doesn’t exist anymore as well as if the cryptographic algo
2017-10-05 13:13:48 GMT <fwu> taked from https://www.cryptomathic.com/news-events/blog/pades-and-long-term-archival-lta
2017-10-05 13:13:49 GMT <alfbot> Title: PAdES and Long Term archival (LTA) (at www.cryptomathic.com)
2017-10-05 13:13:51 GMT <angelborroy> I know it
2017-10-05 13:13:55 GMT <fwu> nad this exactly what you are talking about
2017-10-05 13:14:00 GMT <angelborroy> yep
2017-10-05 13:14:10 GMT <angelborroy> LTA is your friend
2017-10-05 13:14:20 GMT <fwu> so Alfresco doesnt have nothing that help on this?
2017-10-05 13:14:24 GMT <angelborroy> nope
2017-10-05 13:14:41 GMT <angelborroy> Alfresco is not interested in eletronic signature
2017-10-05 13:14:55 GMT <angelborroy> I tried 2 years ago to build something similar but they rejected the project
2017-10-05 13:15:18 GMT <angelborroy> Probably as they are (mainly) americans, they don’t see electronic signature as an appealing feature
2017-10-05 13:15:36 GMT <fwu> yes, but in europe that is important
2017-10-05 13:15:39 GMT <angelborroy> I know
2017-10-05 13:15:57 GMT <angelborroy> in Spain every public administration has its own LTA
2017-10-05 13:16:01 GMT <angelborroy> so it’s "easy"
2017-10-05 13:16:15 GMT <angelborroy> Alfresco is used only as store and all the logic is implemeted by the LTA
2017-10-05 13:16:22 GMT <fwu> ok, not the case here in PT as far as I know
2017-10-05 13:16:38 GMT <angelborroy> I’ve been following this project: https://github.com/esig/dss
2017-10-05 13:16:39 GMT <alfbot> Title: GitHub - esig/dss: Digital Signature Service : creation, extension and validation of advanced electronic signatures (at github.com)
2017-10-05 13:16:48 GMT <angelborroy> It has all the required tools to build a simple LTA
2017-10-05 13:17:06 GMT <angelborroy> but Alfresco is not intested and I cannot find a client to fund the project
2017-10-05 13:17:20 GMT <fwu> ok, I will look at it
2017-10-05 13:17:43 GMT <fwu> maybe there are already some addons..?
2017-10-05 13:17:51 GMT <angelborroy> nope
2017-10-05 13:18:00 GMT <angelborroy> let me see if zylk has something
2017-10-05 13:18:50 GMT <angelborroy> it looks like this does not suport AdES-A and re-stamping: https://github.com/zylklab/alfresco-sinadura
2017-10-05 13:18:51 GMT <alfbot> Title: GitHub - zylklab/alfresco-sinadura: Protocol based digital signature for Alfresco 5 (at github.com)
2017-10-05 13:19:26 GMT <fwu> what about this: https://addons.alfresco.com/addons/orange-ds
2017-10-05 13:19:28 GMT <alfbot> Title: Orange DS | Alfresco Add-ons - Alfresco Customizations (at addons.alfresco.com)
2017-10-05 13:20:30 GMT <angelborroy> fwu I didn’t know this one
2017-10-05 13:20:32 GMT <angelborroy> let me see
2017-10-05 13:21:07 GMT <angelborroy> First fact: in Spain law does not cover certificates stored on the server
2017-10-05 13:21:17 GMT <angelborroy> So it has low legal value in Spain
2017-10-05 13:23:45 GMT <fwu> but that are server side certificates, like from the company certificate. Cant you use it in Spain?
2017-10-05 13:24:12 GMT <angelborroy> we use certificates to issue signatures as company
2017-10-05 13:24:24 GMT <angelborroy> but in this case it looks like it’s managing personal certificates
2017-10-05 13:24:33 GMT <angelborroy> which is not supported by Spanish regulation
2017-10-05 13:24:49 GMT <fwu> well, but if that is true than it doesnt make sense... we would loose security
2017-10-05 13:25:04 GMT <fwu> neither in Pt you can do that
2017-10-05 13:25:11 GMT <angelborroy> btw this addon is proprietary and there is not source code available
2017-10-05 13:25:23 GMT <angelborroy> so I cannot ensure what it’s really providing
2017-10-05 13:25:23 GMT <fwu> yes, it seems so
2017-10-05 13:26:01 GMT <fwu> nevertheless they dont talk about LTA
2017-10-05 13:26:37 GMT <angelborroy> but they are producing AdES-A
2017-10-05 13:26:53 GMT <angelborroy> so probably it should be easy to re-stamp an AdES-A
2017-10-05 13:30:40 GMT <fwu> I will take a look into it
2017-10-05 13:41:22 GMT <cesarcapi> fwu, angelborroy --> Sinadura supports Xades signatures for any mimetypes and Pades for PDF with TSA and OCSP validation.
2017-10-05 13:41:53 GMT <angelborroy> so you can build a basic LTA service with that
2017-10-05 13:42:27 GMT <angelborroy> cesarcapi does Sinadura support AdES-A re-stamping?
2017-10-05 13:43:34 GMT <cesarcapi> Mmmm, let me ask, I'm a little bit lost in digital signature standards
2017-10-05 13:44:22 GMT <angelborroy> what is required for LTA is a re-stamping of AdES-A signatures
2017-10-05 13:44:38 GMT <angelborroy> before the timestamp expires, a new timestamp is added over all the package
2017-10-05 13:44:56 GMT <angelborroy> so the original signature is still valid till the last timestamp expires
2017-10-05 13:46:17 GMT <cesarcapi> If you mean that we can use TSA authorithies when signing a PDF/A, yes
2017-10-05 13:48:29 GMT <angelborroy> cesarcapi I’m meaning something like this https://www.tractis.com/home/webservices/lta
2017-10-05 13:48:30 GMT <alfbot> Title: Tractis Long Term Archive - Description (at www.tractis.com)
2017-10-05 13:48:39 GMT <angelborroy> cesarcapi you can read the spec at RFC 4810
2017-10-05 13:49:27 GMT <angelborroy> https://tools.ietf.org/html/rfc4810
2017-10-05 13:49:28 GMT <alfbot> Title: RFC 4810 - Long-Term Archive Service Requirements (at tools.ietf.org)
2017-10-05 13:50:09 GMT <angelborroy> it’s not a PDF/A, it’s a PAdES-LTA, which is completely different
2017-10-05 13:51:01 GMT <angelborroy> you should use TSA authorities when re-signing PAdES-LTA
2017-10-05 13:52:53 GMT <cesarcapi> Ok, in fact we use CMS in PDF files instead of Pades, and we use TSA and OCSP if available. Is more like a T level.
2017-10-05 13:53:27 GMT <angelborroy> cesarcapi not really, it’s completely different
2017-10-05 14:03:48 GMT <cesarcapi> Sorry, I can't confirm this point. Sinadura is a digital signature client with some "advanced capatibilities" like TSA and OCSP validation signatures. It is applied to Xades and CMS signatures for PDFs, but we do not use Pades. Then we have some digital signature services available for the protocol based signatures implemented in Alfresco addon, that may be used to integrate an ADF action for digital sinature for example.
2017-10-05 14:09:02 GMT <angelborroy> fwu so Sinadura is not the right starting point to build an LTA service
2017-10-05 14:09:14 GMT <cesarcapi> Don't think so.
2017-10-05 14:09:50 GMT <cesarcapi> I can confirm that we can not do re-stamping
2017-10-05 14:10:14 GMT <angelborroy> cesarcapi hooray, so you have a new entry in your to-do list :)
2017-10-05 14:10:37 GMT <cesarcapi> :)
2017-10-05 14:14:46 GMT *** angelborroy_ is now known as angelborroy
2017-10-05 18:05:23 GMT <fwu> cesarcapi, so is re-stamping a goal in the near future? :)
2017-10-05 19:10:27 GMT <cesarcapi> maybe, now it's added in the TODO list
2017-10-05 19:11:51 GMT <fwu> nice!
The other logs are at http://esplins.org/hash_alfresco