With very large installations of Windchill PDMLink and/or ProjectLink, users passwords are managed by corporate naming services such as Active Directory. With this kind of solutions, you can assign security polices to user password management, like minimum password length, password expiration, dictinaries…
But with no so large installations of Windchill, commonly it is used Aphelion LDAP for managing users and tehir passwords. Aphelion can be used to configure users’ password policies easily installing Aphelion Web Tools module, but interactios with this policies with final users is not useful most of cases.
For example, you can configure in Apehlion a password expiration policy of 2 months for users, so the users must change their passwords before 2 months if he does not want his account locked automatically. But neither Aphelion nor Windchill are able themselves to advice the users about this situation when the password is close to expire.
Prambanan IT Services has designed a simple utility to perform this management, that has these features:
- Customised page in Windchill for password change with the password policies configured in Aphelion.
- Customised page in Windchill for password reset with the new password sent by e-mail.
- E-mails to users about password expirations customisables about design and days before the expiration.
Completing the conversion to PDF implanted in our client, we have developed a system to stamp electronic and digital signatures in PDF files contained in different documents in Windchill. When a user creates the documents from Document Templates defined in PDMLink, they have as primary content MS Office documents created from different templates that are common for documents of a same type within a same product or project in PDMLink.
This way, we can define the exact positions in which to print electronic and/or digital signatures of the different users who comprise in the validation process of each one of those documents. Once the primary content is converted to PDF, the system stamps the electronic and/or digital signature of the user who has completed the task, on the PDF file contained in that document. This stamping is made transparently to the user, so he/she only needs to press the “Task Complete” button in his tasks, and in case of approval its signature (previously scanned) is printed in the primary content that is in PDF format.
The result are PDF files that contains the signatures of the creator and the reviewers of the document through their process in Windchill, being able to include name, user identifier, date and hour of the validation, and even a watermark of the company, that in the case of our client is the logo of its organization.
This process is running in production system since the beginning of 2005.
Distinction between electronic signature and digital signature:
An electronic signature is a stamp of a scanned signature as an image in the PDF file.
The digital signature is applied to the pdf through a Digital Certificate. In the case of our client, those certificates are generated through a PKI, and from a root digital certificate of the organization of our client. In addition, in the case of including an electronic signature, we add the digital signature like visible signature within the PDF, in the same area occupied by the electronic signature. This way, the properties of the digital certificate as well as its validity are accessible over the scanned image of the electronic signature of a concrete user.
At the end of 2004 and the beginning of 2005, one of our customers needs to improve the security in some tasks of the Workflow processes in Windchill PDMLink. We were evaluating different possibilities, and decided to add to those tasks a biometric verification of the fingerprint of the users.
We developed a specific page in Windchill to register the fingerprint of all the special users. To get the fingerprint, we use biometric mouses of SecuGen that incorporate a fingerprint sensor in the left side of the mouse.
The sensible tasks for these users, require fingerprint verification, so when the user clicks on the “Task Complete” button, the browser asks to the user to place the fingerprint over the sensor, and the task is completed only if that fingerprint has been registered as the valid fingerprint of the user trying to complete the task.