The worklist supports the signature policy created in the human task:

• No signature required — Participants can send and act on tasks without providing a signature.

• Password required — Participants mus tspecify their login passwords.

• Digital certificate (signature) required —Participants must possess a digital certificate before being able to send and act on tasks. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. A digital certificate establishes the participant's credentials. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.

When you act on a task that has a signature policy, the Sign button appears, as shown in Figure 32-33.

The evidence store service is used for digital signature storage and nonrepudiation of digitally signed human tasks. You can search the evidence store, as shown in Figure 32-34.

See Evidence Store Service and Digital Signatures for more information.

To provide a digital signature:

1. In the upper right corner of Oracle BPM Worklist, click Preferences.

2. Select the Certificates link.

3. Upload the certificate you want to use to sign your decision, as shown in Figure 32-35.

   When signing a task outcome using your certificate, you must upload the entire chain of certificates through Oracle BPM Worklist as a .P7B (PKCS7 format) file, not just the one certificate issued to you by the certificate issuer. The entire chain can be exported through Internet Explorer. Mozilla Firefox does not let you export the chain as a .P7B file. Therefore, you can perform the following steps:

   1. Export the chain from Mozilla Firefox as a .P12 file (PKCS12 format that also contains your private key).

   2. Import the .P12 file in Internet Explorer.

   3. Export it again from Internet Explorer as a .P7B file.

   4. Upload it through Oracle BPM Worklist.

   Figure 32-35 Uploading a Certificate

   
   Description of "Figure 32-35 Uploading a Certificate"

   Note the following important points when providing your certificate to the system. Otherwise, you cannot use your certificate to sign your decisions on tasks.

   • The PKCS7 file format is a binary certificate format. Select this option if you have a standalone certificate file stored on your disk.

   • The PKCS12 file format is a keystore format. Select this option if you have your certificate stored inside a keystore.

   • If you want to copy and paste the contents of the certificate, select Type or Paste Certificate Contents and paste the BASE64-encoded text into the field. Do not paste a certificate in any other format into this field. Likewise, if you choose to upload a certificate, do not try to upload a BASE64-encoded certificate. Only PKCS12 and PKCS7 formatted files are supported for uploads.

4. Return to the task list by clicking the Home link in the upper-right corner of Oracle BPM Worklist.

5. Click a task to approve or reject.

   The task details are displayed.

6. Click either Approve or Reject.

   Details about the digital signature are displayed.

7. For a task that has a signature policy, click Sign.

   The Text Signing Report dialog appears.

8. Select the certificate from the list to use to sign your decision.

9. Enter the master password of the web browser that you are using.

10. Click OK.

    The web browser signs the string displayed in the upper half of the Text Signing Request with the certificate you selected and invokes the action (approval or rejection) that you selected. The task status is appropriately updated in the human workflow service.

For more information about how certificates are uploaded and used, see Evidence Store Service and Digital Signatures.