| Excerpt |
|---|
Describes how messages requesting operation on a collection is are checked against the permission model. |
| Child pages (Children Display) | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Permissions
The permissions are defined on a pr. user/role based for each operation or set of operations. See Collection settings for detailes model.
Signing messages
All messages in the system must be signed to ensure that the senders of the messages are who they claim they are and that the messages have not been tampered with.
| Child pages (Children Display) | ||||||||
|---|---|---|---|---|---|---|---|---|
|
...
Because messages are exchanged encapsulated in XML, there are two well defined ways to handle signing of the messages. One is XML Signatures, the other - and somewhat simpler - is Cryptographic Message Syntax - also known as PKCS#7. As one of the objectives is to prevent message tampering, there is no need for the granularity of XML Signatures. Therefore Cryptographic Message Syntax - or CMS for short - is chosen for signing and optionally encrypting messages. The identity of the signer is embedded in the public certificate
...