Integration Security

Security is a key part of any integration solution.



Security Concepts

The applications, APIs and data that you integrate with will have a number of different methods of securing access. Security is a highly specialised subject but the high-level concepts will be discussed below

Identification and authentication

Identification is the ability to identify uniquely a user of a system or an application that is running in the system. Authentication is the ability to prove that a user or application is genuinely who that person or what that application claims to be.

  • Who are you?
  • Can you prove you are who you say you are?

Authorization

Authorization protects critical resources in a system by limiting access only to authorized users and their applications. It prevents the unauthorized use of a resource or the use of a resource in an unauthorized manner.

  • What are you allowed to do?
  • What are you not allowed to do?

Confidentiality

The confidentiality mechanisms protect sensitive information from unauthorized disclosure.

  • How do you keep anyone from seeing your message?

Data integrity and nonrepudiation

The data integrity and nonrepudiation mechanisms detect whether unauthorized modification of data occurred.

  • How do you know if anyone has intercepted the message and tampered with it?
  • How do you verify the sender and authenticate they are who they say they are?


Join The Discussion

Your email address will not be published. Required fields are marked *