Open

Description

Alison-Server is a Remote Signing Service Provider. It is a service that manages credentials on behalf of multiple users and allowing them to create a remote signature with a stored credential. A credential is the combination of a public/private key pair and a public x.509 certificate.

Alison-Server allows:

• The generation of credentials, protecting them with second-factor authentication (such as PIN, TOTP, eMail OTP, SMS OTP, and Passkey).

• Use the credentials to create remote signatures in different formats.

Its REST interface allows managing the complete life cycle of a credential, and it may require the participation of the holder for some tasks, such as the renewal or re-issue of it.

Alison-Server has a modular architecture, which allows defining several redundant modules to operate in high availability mode, with clusters replicated by means of a shared database.

Alison-Server is designed so the same instance can be shared between different organizations. It is also possible to separate different users of the same organization into isolated groups.

Below are some fundamental terms that are useful to understand the configuration and architecture:

Alison-Server

It refers to the installation of a component, distributed as a Docker component. Each component can manage several tenants.

Tenant

A Tenant defines the minimum control unit of Alison-Server, and it store certificates and credentials from related  end users. Each credential is created within a Tenant, which usually represents a complete organisation.

A Tenant can contain credentials with certificates that were issued by different issuers (Certification Authorities) within the PKI of an organisation.

Alison-Server can manage several Tenants within its configuration and each of them managed with its own security policy.

Seat

A Seat represents an individual, holder of credential. Each Seat belongs to a particular Tenant.

Each seat can contain several credentials.

Credential

A credential is the combination of a public/private key pair and an x.509 public certificate.

It is protected with second-factor authentication (PIN, TOTP, SMS-OTP, eMAIL-OTP, Passkey) to improve security.

Second Factor Authentication

An authentication factor is a piece of information used to verify the identity of an entity.

A second-factor authentication means that in order to access the protected resource (the credential) the user must have something to prove his identity. Alison-Server supports the use of PINs, OTPs or both.

OAuthClient

An OAuthClient is an application that can make use of Alison-Server services. It must have a key (API-Key) that allows access to all Alison-Server resources.

Development & Integration

Alison-Server certificates can be reached using AlisonJS and AlisonGUI libreries.

The latest documentation can be found in this link: https://homo-alisonserver.certisur.com/swagger-ui/index.html

This documentation is also published in the Postman site: service endpoints.

Administration

Open

Access https://alisonserver-admin.certisur.net to create a new administrator.

Contact CertiSur Validation to request that your account will be associated with your company tenants.

You have to enter a valid email (it will be validated), and a complex password with:

• Lower and uppercase letters

• Numbers

• Symbols

• Minimum of

Your Corporate Contact will be contacted to approve your enrollment and your role.

Administration Console

Access administration console https://alisonserver-admin.certisur.net. Each user is enabled to watch or administer several Tenants, depending of the role defined for each one.

Functionalities found in this console:

• Statistics: certificates and signatures quantities. 

• Last certificate and signature

• Log information

• Generate API-Keys to share with applications to allow listing certificates (by Tenant) and get Access-Token to share with End-User (certificate owner) to generate a signature.