...
The eSign processing servers are hosted securely by Heroku and AWS. The eSign processing servers are hosted securely by AWS. See https://wwwaws.herokuamazon.com/policycompliance/iso-certified/security for more information on Heroku and the Amazon physical security infrastructure AWS security compliance and accreditation.
The following table identifies the Jira data that is accessed temporarily by the eSign servers and why each is necessary.
Jira API | Fields Accessed (Not Stored) | Purpose |
|---|---|---|
Jira Configuration | Project name, enabled Issue Types, defined User Fields and allowed Issue States | eSign workflow controls allow restricting Signatures to User Fields. The list of defined User Fields is retrieved for eSign Configuration (e.g. Reporter, Assignee, Custom). eSign allows restricting Signature function by Issue State (e.g. Open/In Progress) Project display name and issue types are displayed on the Verification Report |
Issue Data | Project, Issue Status, User Fields (subset) | Issue Status is required to enforce workflow status restrictions configured at the project level. The contents of User fields configured in eSign as restricted User Fields are accessed to determine if the current user is permitted to execute a signature on that issue. |
Issue Data | Issue Type, Summary, Description, Attachment metadata | Signature verification requires a cryptographic link to the contents of the issue. The Issue Summary, Description and Attachment (metadata) is hashed into a checksum that is stored with each executed signature. This checksum is used during signature verification to detect if issue contents or attachments were changed after signing. |
User Data | Display Name, Time zone and Locale, E-mail Address | The user name, time zone and locale are retrieved to populate the signee name and local date/time for the electronic signature. |