November 1, 2013 at 13:56The problem of a large number of EDS
Unfortunately, if you read the headline and decide that there is some solution in the post, then I hasten to disappoint you. Here, only a question is asked, which perhaps only concerns me (although I think that many other state employees are also), and I hope that in the post some solution or at least explanation will be offered why the methods proposed by me are unrealizable.
Today I would like to talk about the huge. There is not even a terrifying amount of EDS in the state. authorities, which in my opinion is a huge problem (including due to the spending of budget funds).
In my organization at the moment 26 digital signatures are used by different employees. In different fields of application. More precisely, there are fewer employees, just some have 2-3 digital signatures.
I will immediately voice the main problem of the post:Why it is impossible to issue 1 (ONE) EDS to each employee and simply add or remove areas of use in this certificate with any changes ?
See for yourself. Below is a table of separation of EDS by employees and areas of application (all data is depersonalized to avoid anything):
What are we observing here? One of the specialists has 1 EDS, and someone immediately 5.
Is it really impossible to give a person 1 key in which all areas of use will be written?
In this situation, the number of EDS used will decrease from 26 to 14 (in terms of the number of employees).
Unfortunately, I’m not very familiar with all the nuances of issuing EDS certification centers, and I myself guess what the answer will be from them: “What to do with EDS issued by different CAs to one person?”
I’m doing a good layout for the CAs that my organization personally works with:
In this situation (for each person each DTC issues its own EDS), we again get savings, although not so much. 20 EDS instead of 26 currently used. Total savings - 6 EDS.
The thing is that in addition to all paper work (and for each digital signature a separate order is needed, a separate set of documents in the CA), in this situation, budgetary savings will be obtained (the formation of a CA certificate + cost of carriers).
So the question to the experts is whether what I described is possible. And if not possible, then explain why?
PS:
I am not talking about a physical reduction in the number of carriers. I already use rutoken, on which each specialist has several containers. The problem is combining several applications within one container.
Today I would like to talk about the huge. There is not even a terrifying amount of EDS in the state. authorities, which in my opinion is a huge problem (including due to the spending of budget funds).
In my organization at the moment 26 digital signatures are used by different employees. In different fields of application. More precisely, there are fewer employees, just some have 2-3 digital signatures.
I will immediately voice the main problem of the post:Why it is impossible to issue 1 (ONE) EDS to each employee and simply add or remove areas of use in this certificate with any changes ?
See for yourself. Below is a table of separation of EDS by employees and areas of application (all data is depersonalized to avoid anything):
View 1 | View 2 | View 3 | View 4 | View 5 | View 6 | View 7 | View 8 | View 9 | View 10 | Total | |
Specialist. 1 | 1 | 1 | 1 | 1 | 1 | 5 | |||||
Specialist. 2 | 1 | 1 | |||||||||
Specialist. 3 | 1 | 1 | 1 | 3 | |||||||
Specialist. 4 | 1 | 1 | 1 | 3 | |||||||
Specialist. 5 | 1 | 1 | 2 | ||||||||
Specialist. 6 | 1 | 1 | |||||||||
Specialist. 7 | 1 | 1 | 1 | 3 | |||||||
Specialist. 8 | 1 | 1 | |||||||||
Specialist. 9 | 1 | 1 | |||||||||
Specialist. 10 | 2 | 2 | |||||||||
Specialist. eleven | 1 | 1 | |||||||||
Specialist. 12 | 1 | 1 | |||||||||
Specialist. thirteen | 1 | 1 | |||||||||
Specialist. 14 | 1 | 1 |
What are we observing here? One of the specialists has 1 EDS, and someone immediately 5.
Is it really impossible to give a person 1 key in which all areas of use will be written?
In this situation, the number of EDS used will decrease from 26 to 14 (in terms of the number of employees).
Unfortunately, I’m not very familiar with all the nuances of issuing EDS certification centers, and I myself guess what the answer will be from them: “What to do with EDS issued by different CAs to one person?”
I’m doing a good layout for the CAs that my organization personally works with:
CA 1 | CA 2 | CA 3 | |
Specialist. 1 | 1 | 2 | 2 |
Specialist. 2 | 0 | 1 | 0 |
Specialist. 3 | 1 | 1 | 1 |
Specialist. 4 | 1 | 2 | 0 |
Specialist. 5 | 0 | 2 | 0 |
Specialist. 6 | 0 | 1 | 0 |
Specialist. 7 | 1 | 2 | 0 |
Specialist. 8 | 1 | 0 | 0 |
Specialist. 9 | 1 | 0 | 0 |
Specialist. 10 | 2 | 0 | 0 |
Specialist. eleven | 1 | 0 | 0 |
Specialist. 12 | 1 | 0 | 0 |
Specialist. thirteen | 0 | 0 | 1 |
Specialist. 14 | 0 | 0 | 1 |
In this situation (for each person each DTC issues its own EDS), we again get savings, although not so much. 20 EDS instead of 26 currently used. Total savings - 6 EDS.
The thing is that in addition to all paper work (and for each digital signature a separate order is needed, a separate set of documents in the CA), in this situation, budgetary savings will be obtained (the formation of a CA certificate + cost of carriers).
So the question to the experts is whether what I described is possible. And if not possible, then explain why?
PS:
I am not talking about a physical reduction in the number of carriers. I already use rutoken, on which each specialist has several containers. The problem is combining several applications within one container.