RafaelAPB
commented
7 months ago Also make sure all messages * Gateway message signatures: All messages between gateways are assumed to be signed and verified (e.g. X.509).
Open RafaelAPB opened 7 months ago
RafaelAPB
commented
7 months ago Also make sure all messages * Gateway message signatures: All messages between gateways are assumed to be signed and verified (e.g. X.509).
RafaelAPB
commented
6 months ago Also, namespace sessions such that /audit returns only the sessions associated with each gateway client
See in SATP Core: (From terminology) Claim: An assertion made by an Entity [JWT].
Claim Type: Syntax used for representing a Claim Value [JWT].
and
4.5. Resources and Identifiers
(a) Resource addressing for systems or networks, using the URL syntax.
(b) Client identification based on the URN format. These are for identifying clients (developers and applications) who access these resources, and which in some use-cases require access authorization.
(c) Protocol message family for negotiating authentication, authorisation, and parameters for confidential channel establishment.
(d) Resource discovery mechanism for developers and applications to discover resources hosted at a gateway. The gateway response is subject to the level of access granted to that developer or application.