Daily Log for #alfresco IRC Channel

Alfresco discussion and collaboration. Stick around a few hours after asking a question.

Official support for Enterprise subscribers: support.alfresco.com.

Joining the Channel:

Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.

More information about the channel is in the wiki.

Getting Help

More help is available in this list of resources.

Daily Log for #alfresco

2017-10-05 00:43:52 GMT <fwu> hi all!

2017-10-05 06:17:08 GMT <DarkStar1> Good morning everyone

2017-10-05 06:51:44 GMT *** marsv024_ is now known as marsv024

2017-10-05 07:02:43 GMT <yreg> Morning everyone !

2017-10-05 07:02:47 GMT <yreg> Morning DarkStar1

2017-10-05 07:40:05 GMT <digcat> morning guys

2017-10-05 07:40:30 GMT <digcat> anyone read this https://www.techdirt.com/articles/20170930/00522238319/oracle-tells-white-house-stop-hiring-silicon-valley-people-ditch-open-source.shtml#comments

2017-10-05 07:40:31 GMT <alfbot> Title: Oracle Tells The White House: Stop Hiring Silicon Valley People & Ditch Open Source | Techdirt (at www.techdirt.com)

2017-10-05 07:56:21 GMT <bhagyas> digcat: haha, no

2017-10-05 07:56:27 GMT <bhagyas> quite interesting though

2017-10-05 07:57:04 GMT <bhagyas> we know at least one other company that constantly tells their open source product is not fit for use :p

2017-10-05 07:57:51 GMT <digcat> hey bhagyas, how are you going, yeah its a standard reply from closed sourced vendors, amazing its still a tactic

2017-10-05 07:58:27 GMT <digcat> you guys are oracle gold partners too, gotta love oracle

2017-10-05 07:58:28 GMT <bhagyas> digcat: doing goooood! back in sweden after some good time spent in sri lanka and maldives

2017-10-05 07:58:44 GMT <digcat> ahh so your nice and relaxed

2017-10-05 07:58:47 GMT <bhagyas> digcat: we discontinued the partnership last week

2017-10-05 07:59:03 GMT <digcat> definitely on my todo list, sri lanka and maldives !!

2017-10-05 07:59:38 GMT <digcat> interesting re oracle status

2017-10-05 08:00:03 GMT <digcat> i guess the worry is with Trump, he might listen to them

2017-10-05 08:00:07 GMT <bhagyas> haha nah

2017-10-05 08:00:13 GMT <bhagyas> trump listens to nobody

2017-10-05 08:00:14 GMT <bhagyas> :p

2017-10-05 08:00:43 GMT <digcat> yeah, but wonder if he uses oracle in trump inc, could get a huge discount!

2017-10-05 08:01:59 GMT <bhagyas> possibly

2017-10-05 08:02:12 GMT <digcat> ~later tell resplin, considering you guys do plenty with US Gov, does Oracles letter deserve a response, or is it better just to ignore?

2017-10-05 08:02:12 GMT <alfbot> digcat: The operation succeeded.

2017-10-05 08:02:18 GMT <bhagyas> working with Oracle actually changed our views about Oracle

2017-10-05 08:02:29 GMT <bhagyas> they are heavily investing in the success of their partners

2017-10-05 08:02:45 GMT <digcat> so how come leaving its family?

2017-10-05 08:03:37 GMT <bhagyas> we were not able to invest enough time with our other work to make it meaningful, which we felt was unfair to them as well

2017-10-05 08:03:40 GMT <digcat> ~later tell resplin heres their letter https://assets.documentcloud.org/documents/4064079/ATC-Response-1.pdf

2017-10-05 08:03:40 GMT <alfbot> digcat: The operation succeeded.

2017-10-05 08:51:41 GMT <yreg> guys is there a way to touch a node (trigger update behaviour) without actually changing anything

2017-10-05 08:54:23 GMT <DarkStar1> yreg: Sounds like an analogue of Pavlov's dog you're attempting right there :)

2017-10-05 08:59:15 GMT <DarkStar1> yreg: Not Pavlov. but schroedinger :)

2017-10-05 09:00:15 GMT <digcat> hey yreg, wouldnt that be really bad if you could do that ?

2017-10-05 09:00:39 GMT <AFaust> yreg: Well, you could disable the auditable behaviour and then simply do a setProperties() with the map you got from getProperties().... You might have to disable a couple of other interceptors to that could mess with the values transparently, i.e. filter out non-existing NodeRef values...

2017-10-05 09:01:27 GMT <bhagyas> AFaust: +1

2017-10-05 09:01:31 GMT <digcat> bhagyas, the time required re oracle, was that retooling, was chatting to an ex oracle, and they were saying the push to cloud is clearing out much of oracles existing support staff

2017-10-05 09:01:33 GMT <AFaust> digcat: Not really bad, because it is the responsibility of the behaviour to figure out if the update really is relevant. E.g. if you have an onUpdateProperties but the before/after maps are 100% identical, that would be valid

2017-10-05 09:02:02 GMT <digcat> ahh ok

2017-10-05 09:02:38 GMT <bhagyas> not really retooling, but rather aligning our offerings with their target customer base

2017-10-05 09:03:32 GMT <rusin_> hi all

2017-10-05 09:05:05 GMT <rusin_> i have tried add custom role through this.... https://github.com/Alfresco/alfresco-sdk-samples/tree/alfresco-51/ link

2017-10-05 09:05:06 GMT <alfbot> Title: GitHub - Alfresco/alfresco-sdk-samples at alfresco-51 (at github.com)

2017-10-05 09:06:02 GMT <rusin_> i have created repo and share jars, deployed in corresponding locations

2017-10-05 09:06:16 GMT <rusin_> but i got error like this

2017-10-05 09:06:32 GMT <rusin_> org.alfresco.repo.security.permissions.impl.model.PermissionModelException: 09050000 Failed to create permission model document: alfresco/module/add-permission-repo/model/customPermissionDefinitions.xml

2017-10-05 09:07:10 GMT <bhagyas> rusin: the sdk samples have last been updated two years ago, something might be different

2017-10-05 09:08:23 GMT <rusin_> @bhagyas ok thanks, how can i get latest one. if any share link

2017-10-05 09:10:07 GMT <rusin_> my alfresco version is community 5.2f

2017-10-05 09:18:48 GMT <bhagyas> there is no latest one

2017-10-05 09:19:09 GMT <bhagyas> i haven't seen any sdk 3 samples

2017-10-05 09:49:55 GMT <rusin_> is there any link to create custom role in alfresco community 5.2f

2017-10-05 09:50:38 GMT <rusin_> i have followed many links to do this but i can't get result

2017-10-05 10:47:48 GMT <fwu> hi all

2017-10-05 11:15:56 GMT <Loftux> When users connect to alfresco by other interfaces such as AOS, what approach have you used to prevent users to save in the Sites/<siteName> folder instead of the Sites/<siteName>/documentLibrary folder? What I can think of is permissions, but may break something

2017-10-05 11:31:14 GMT *** angelborroy_ is now known as angelborroy

2017-10-05 12:39:30 GMT <yreg> Loftux, what about rules ?

2017-10-05 12:40:15 GMT <yreg> Loftux, I thought AOS.. and webdav in general does not expose the level between site root and the doclib container

2017-10-05 12:41:13 GMT <yreg> but really a rule that would apply to the site directly and redirect any newly dropped/created document to documentLibrary would be my number 1 choice !

2017-10-05 12:41:46 GMT <Loftux> yreg: According to my customer, they have users that saved there

2017-10-05 12:42:35 GMT <yreg> that would be really odd, at least for AOS, maybe not for CIFS or FTP

2017-10-05 12:45:06 GMT <Loftux> yreg: Looking now in browser via https://loftux.net/alfresco/aos/https://loftux.net/alfresco/aos/Sites/ and it shows all.

2017-10-05 12:45:31 GMT <Loftux> that was ment to be just /alfresco/aos/

2017-10-05 13:08:58 GMT <fwu> ppl, anyone address a requirement like this in Alfresco: automatically replace document certificates when the certificate expire?

2017-10-05 13:11:08 GMT <angelborroy> fwu probably you need an LTA product

2017-10-05 13:11:51 GMT <angelborroy> which kind of signatures are you managing?

2017-10-05 13:11:55 GMT <angelborroy> AdES-T?

2017-10-05 13:12:22 GMT <fwu> angelborroy that would be my goal. Achieve a kind of document security store

2017-10-05 13:12:32 GMT <fwu> not any right now. just thinking on it

2017-10-05 13:12:48 GMT <angelborroy> so you have to find an LTA (Long Term Archiving) system

2017-10-05 13:13:12 GMT <angelborroy> and also some re-stamping process over AdES-T / AdES-A signatures

2017-10-05 13:13:37 GMT <fwu> this is the goal: Because PDF documents are capable of being stored for a long time, there’s a need to have tools available to ensure that electronically signed documents will remain valid for long periods too. Especially for important documents, the validity of the signature should remain, even if the signing key/certificate has expired or has been revoked, the issuing CA doesn’t exist anymore as well as if the cryptographic algo

2017-10-05 13:13:48 GMT <fwu> taked from https://www.cryptomathic.com/news-events/blog/pades-and-long-term-archival-lta

2017-10-05 13:13:49 GMT <alfbot> Title: PAdES and Long Term archival (LTA) (at www.cryptomathic.com)

2017-10-05 13:13:51 GMT <angelborroy> I know it

2017-10-05 13:13:55 GMT <fwu> nad this exactly what you are talking about

2017-10-05 13:14:00 GMT <angelborroy> yep

2017-10-05 13:14:10 GMT <angelborroy> LTA is your friend

2017-10-05 13:14:20 GMT <fwu> so Alfresco doesnt have nothing that help on this?

2017-10-05 13:14:24 GMT <angelborroy> nope

2017-10-05 13:14:41 GMT <angelborroy> Alfresco is not interested in eletronic signature

2017-10-05 13:14:55 GMT <angelborroy> I tried 2 years ago to build something similar but they rejected the project

2017-10-05 13:15:18 GMT <angelborroy> Probably as they are (mainly) americans, they don’t see electronic signature as an appealing feature

2017-10-05 13:15:36 GMT <fwu> yes, but in europe that is important

2017-10-05 13:15:39 GMT <angelborroy> I know

2017-10-05 13:15:57 GMT <angelborroy> in Spain every public administration has its own LTA

2017-10-05 13:16:01 GMT <angelborroy> so it’s "easy"

2017-10-05 13:16:15 GMT <angelborroy> Alfresco is used only as store and all the logic is implemeted by the LTA

2017-10-05 13:16:22 GMT <fwu> ok, not the case here in PT as far as I know

2017-10-05 13:16:38 GMT <angelborroy> I’ve been following this project: https://github.com/esig/dss

2017-10-05 13:16:39 GMT <alfbot> Title: GitHub - esig/dss: Digital Signature Service : creation, extension and validation of advanced electronic signatures (at github.com)

2017-10-05 13:16:48 GMT <angelborroy> It has all the required tools to build a simple LTA

2017-10-05 13:17:06 GMT <angelborroy> but Alfresco is not intested and I cannot find a client to fund the project

2017-10-05 13:17:20 GMT <fwu> ok, I will look at it

2017-10-05 13:17:43 GMT <fwu> maybe there are already some addons..?

2017-10-05 13:17:51 GMT <angelborroy> nope

2017-10-05 13:18:00 GMT <angelborroy> let me see if zylk has something

2017-10-05 13:18:50 GMT <angelborroy> it looks like this does not suport AdES-A and re-stamping: https://github.com/zylklab/alfresco-sinadura

2017-10-05 13:18:51 GMT <alfbot> Title: GitHub - zylklab/alfresco-sinadura: Protocol based digital signature for Alfresco 5 (at github.com)

2017-10-05 13:19:26 GMT <fwu> what about this: https://addons.alfresco.com/addons/orange-ds

2017-10-05 13:19:28 GMT <alfbot> Title: Orange DS | Alfresco Add-ons - Alfresco Customizations (at addons.alfresco.com)

2017-10-05 13:20:30 GMT <angelborroy> fwu I didn’t know this one

2017-10-05 13:20:32 GMT <angelborroy> let me see

2017-10-05 13:21:07 GMT <angelborroy> First fact: in Spain law does not cover certificates stored on the server

2017-10-05 13:21:17 GMT <angelborroy> So it has low legal value in Spain

2017-10-05 13:23:45 GMT <fwu> but that are server side certificates, like from the company certificate. Cant you use it in Spain?

2017-10-05 13:24:12 GMT <angelborroy> we use certificates to issue signatures as company

2017-10-05 13:24:24 GMT <angelborroy> but in this case it looks like it’s managing personal certificates

2017-10-05 13:24:33 GMT <angelborroy> which is not supported by Spanish regulation

2017-10-05 13:24:49 GMT <fwu> well, but if that is true than it doesnt make sense... we would loose security

2017-10-05 13:25:04 GMT <fwu> neither in Pt you can do that

2017-10-05 13:25:11 GMT <angelborroy> btw this addon is proprietary and there is not source code available

2017-10-05 13:25:23 GMT <angelborroy> so I cannot ensure what it’s really providing

2017-10-05 13:25:23 GMT <fwu> yes, it seems so

2017-10-05 13:26:01 GMT <fwu> nevertheless they dont talk about LTA

2017-10-05 13:26:37 GMT <angelborroy> but they are producing AdES-A

2017-10-05 13:26:53 GMT <angelborroy> so probably it should be easy to re-stamp an AdES-A

2017-10-05 13:30:40 GMT <fwu> I will take a look into it

2017-10-05 13:41:22 GMT <cesarcapi> fwu, angelborroy --> Sinadura supports Xades signatures for any mimetypes and Pades for PDF with TSA and OCSP validation.

2017-10-05 13:41:53 GMT <angelborroy> so you can build a basic LTA service with that

2017-10-05 13:42:27 GMT <angelborroy> cesarcapi does Sinadura support AdES-A re-stamping?

2017-10-05 13:43:34 GMT <cesarcapi> Mmmm, let me ask, I'm a little bit lost in digital signature standards

2017-10-05 13:44:22 GMT <angelborroy> what is required for LTA is a re-stamping of AdES-A signatures

2017-10-05 13:44:38 GMT <angelborroy> before the timestamp expires, a new timestamp is added over all the package

2017-10-05 13:44:56 GMT <angelborroy> so the original signature is still valid till the last timestamp expires

2017-10-05 13:46:17 GMT <cesarcapi> If you mean that we can use TSA authorithies when signing a PDF/A, yes

2017-10-05 13:48:29 GMT <angelborroy> cesarcapi I’m meaning something like this https://www.tractis.com/home/webservices/lta

2017-10-05 13:48:30 GMT <alfbot> Title: Tractis Long Term Archive - Description (at www.tractis.com)

2017-10-05 13:48:39 GMT <angelborroy> cesarcapi you can read the spec at RFC 4810

2017-10-05 13:49:27 GMT <angelborroy> https://tools.ietf.org/html/rfc4810

2017-10-05 13:49:28 GMT <alfbot> Title: RFC 4810 - Long-Term Archive Service Requirements (at tools.ietf.org)

2017-10-05 13:50:09 GMT <angelborroy> it’s not a PDF/A, it’s a PAdES-LTA, which is completely different

2017-10-05 13:51:01 GMT <angelborroy> you should use TSA authorities when re-signing PAdES-LTA

2017-10-05 13:52:53 GMT <cesarcapi> Ok, in fact we use CMS in PDF files instead of Pades, and we use TSA and OCSP if available. Is more like a T level.

2017-10-05 13:53:27 GMT <angelborroy> cesarcapi not really, it’s completely different

2017-10-05 14:03:48 GMT <cesarcapi> Sorry, I can't confirm this point. Sinadura is a digital signature client with some "advanced capatibilities" like TSA and OCSP validation signatures. It is applied to Xades and CMS signatures for PDFs, but we do not use Pades. Then we have some digital signature services available for the protocol based signatures implemented in Alfresco addon, that may be used to integrate an ADF action for digital sinature for example.

2017-10-05 14:09:02 GMT <angelborroy> fwu so Sinadura is not the right starting point to build an LTA service

2017-10-05 14:09:14 GMT <cesarcapi> Don't think so.

2017-10-05 14:09:50 GMT <cesarcapi> I can confirm that we can not do re-stamping

2017-10-05 14:10:14 GMT <angelborroy> cesarcapi hooray, so you have a new entry in your to-do list :)

2017-10-05 14:10:37 GMT <cesarcapi> :)

2017-10-05 14:14:46 GMT *** angelborroy_ is now known as angelborroy

2017-10-05 18:05:23 GMT <fwu> cesarcapi, so is re-stamping a goal in the near future? :)

2017-10-05 19:10:27 GMT <cesarcapi> maybe, now it's added in the TODO list

2017-10-05 19:11:51 GMT <fwu> nice!

End of Daily Log

The other logs are at http://esplins.org/hash_alfresco