Basic Interface Security
There are the following aspects on interface security level:
SecureChannelconstraint - TLS-encrypted channel, in-process or specially marked as “secure channel” (e.g. over VPN).
MessageSignatureconstraint - requires for Message Authentication Code to ensure message integrity and to authentication Invoker.
- Plain login & password authentication in
secfield - not recommended.
HMAC-based authentication in `sec field:
- HMAC base is generated in logical structure and does not depend on coding format representation.
Advanced security concept as separate large FTN8 specification:
- Authentication & Authorization concept,
- Global user identity,
- Single Sign On (SSO),
- Online SSO session tracking,
- Dynamic Server-to-Service secret keys,
- Separate secure domains and on-behalf-of call support.
slvl- mininal security level required for function calls.
It’s expected that there is a short local user ID and long unique global user ID.