Basic Interface Security

There are the following aspects on interface security level:

• SecureChannel constraint - TLS-encrypted channel, in-process or specially marked as “secure channel” (e.g. over VPN).
• MessageSignature constraint - requires for Message Authentication Code to ensure message integrity and to authentication Invoker.
• Plain login & password authentication in sec field - not recommended.

• HMAC-based authentication in `sec field:

  • HMAC base is generated in logical structure and does not depend on coding format representation.

• Advanced security concept as separate large FTN8 specification:

  • Authentication & Authorization concept,
  • Global user identity,
  • Single Sign On (SSO),
  • Online SSO session tracking,
  • Dynamic Server-to-Service secret keys,
  • Separate secure domains and on-behalf-of call support.
• slvl - mininal security level required for function calls.

User identity

It’s expected that there is a short local user ID and long unique global user ID.