JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 11

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • HTTPS Server Authentication is preferably used in combination with Client Authentication (mutual authentication) as this allows a secure configuration without use of passwords.
    • The purpose of Server Authentication is to secure the identity of an HTTP server and to encrypt the communication between client and server.
    • The purpose of Client Authentication is to prove the identity of a client. Without proof of identity any HTTP client could perform a man-in-the-middle attack e.g. by pretending to be a Controller that connects to an Agent.
  • Consider the communication scheme between JS7 components as explained from the JS7 - System Architecture:
    • User browsers acting as HTTP HTTPS clients establish connections to JOC Cockpit as an HTTP HTTPS server.
    • JOC Cockpit acting as an HTTP HTTPS client establishes connections to Controllers acting as HTTP HTTPS servers.
    • Controllers acting as HTTP HTTPS clients establish connections to Agents acting as HTTP HTTPS servers.
  • We recommend to apply mutual authentication, however, there might be reasons why use of Client Authentication is not an immediate option, for example:
    • Use of a wildcard certificate for Server Authentication leverages the effort for certificate management. At the same time such certificates cannot be used for Client Authentication.
  • Should mutual authentication not be an immediate option then the recommendations from this article for the handling of passwords apply.

...