The Sun JCE provider has RSA for digital signing, but it doesn't allow you to encrypt, and that was a requirement for us because our distributed processes need to be able to securely communicate with each other to ensure that no rogue process attempts to join the network. Therefore we went with Bouncy Castle.

Finally, we had everything needed to build a secure messaging service with e-signatures on a distributed architecture. But how were we going to have multiple developers at multiple locations write code without causing lots of pain and lost updates?

Because distributed development of open source is a cornerstone of its success, we were surprised that open source had an answer to this problem. We chose CVS, WinCVS, and OOpenSSH. CVS provides a reliable, distributed file repository for source code and binaries. WinCVS provided an easy-to-use interface for Windows developers. And OpenSSH provides secure terminal and file transfer access for both interactive work as well as for securing communications to the CVS repository.

Finally, there's a bunch of software that's needed to complete a working Web service. Again, the open-source community played a significant role in helping us out.

Yozons is a heavy user of email, providing alerts and sending return receipts when documents are read or signed. JavaMail provided the programmatic interface, but Sendmail provided the SMTP server that did the work of delivering the email. For our domain name server, we stuck with the venerable Bind. Both have worked without any problems. Sendmail and Bind have a history of security issues, so we decided to run them on their own server to help ensure our application did not fall victim to an attack. The outbreak of the Code Red worm hurt a lot of sites running Microsoft software, but we were not affected, showing once again that open-source software saves time and money over competitors in the commercial world.

Providing accurate timestamps on messages, documents, and e-signatures is a critical feature of Yozons. The network time protocol fit the bill, and timeSync offered an easily configured, automated NTP solution that ensures our clocks remain highly accurate and synchronized.

When it came time to secure the Web servers from intrusion, we looked over a few firewall appliances, but the costs were prohibitive. Fortunately, Linux's ipchains offers a firewall for inbound as well as outbound traffic, and even provides for network address translation to allow us to run our application on a private network behind yet another firewall. Linux has proven to be secure and robust, particularly when coupled with Tripwire and Snort, which detect unexpected modifications to files and analyze logs for intrusions, turn off unnecessary Internet services, remove unnecessary user accounts, and ensure high-quality passwords for the accounts that remain.

In the end, the open source community of developers has been wonderful for our startup. The savings in up-front costs, the highly reliable and feature-rich software, and the excellent support networks allow us to be successful in providing a reasonably priced secure document delivery and e-signature solution to our business clients.