Security Aspects
Security is provided through passwords for user authentication and digital signatures for the authentication of individual software components.
- Am I who I say I am?
User authentication
Upon starting the client interface, the user is queried for a password. This user authentication is important for a correct assignment of user access rights. A guest account allows non-registered users to access the system. They are asked to provide their e-mail address for identification.
- Your signature is your word
Signatures
In order to have more than the minimal guest access rights, every delegate must be authenticated by its owner with a key pair (public and private). All public keys are deposited at a central repository (the applications and database server). Unless an owner's public key is deposited, no corresponding delegate will have access to the system.
When a delegate connects to a server, it authenticates itself by digitally signing a server-provided text for verification.
- Can I trust the system?
Webtop authentication
The system distinguishes requests that can be considered user-independent, e.g., retrieval of partner, project or document information, from other requests that require user identification during the servicing of the request. The latter include all actions to create or modify information as well as document search requests, where the search result depends on the user's access rights.
User-independent requests can be submitted by any webtop server at any time. Other requests are only accepted when these originate from users that have indicated they trust the webtop server's owner.
When a user authenticates, this is an automatic indication of trust with respect to the mediator (webtop server tier) this user is logging on to, until the moment the user logs off.
Through the security delegate, a partner can indicate such trust to span the periods between consecutive authentications, for any particular owner.
This allows a partner to enable a delegate to act on the partner's behalf even while she is logged off. It also provides the owner's administrator with the ability to overwrite a partner's password, to assist this partner when she has forgotten her password.
- What about other delegates?
Delegate authentication
For all other delegates, if a delegate has the same owner as the mediator (server tier) it connects to, then the delegate is allowed to submit a request from any user currently logged on to this mediator. Otherwise, a delegate is considered a guest (with corresponding privileges), and user-specific requests must be submitted from the user's client tier.
- Trust is a two-way issue
Trust
The above specifications concern the identification of users and delegates in the system. An additional security feature allows you to ensure that information provided is reliable and originates from the database. Data objects have a trust lock, that can only be set by a database service. This not only ensures the origin of the information but also inhibits anybody from tampering with the information.
|