FTN8.5: FutoIn Security Concept - Defense System
Version: 0.3DV
Date: 2017-12-27
Copyright: 2014-2018 FutoIn Project (http://futoin.org)
Authors: Andrey Galkin

CHANGES

1. Intro

This sub-specification of FTN8 covers Defense System specification.

2. Concept

2.1. Defense Systems

Any open system requires effective reaction to errors generated by misconfiguration and intentional attacks. It is also required to impose limits on utilization of resources for normal operation.

There are no requirements on how defense system must behave to identify possible attacks and misconfiguration, and how to react to them. It is like a fraud detection system - a full time job type of thing.

However, this specification defines a universal interface for system audit and reaction.

2.2. Holistic pictures of defense integration

3. Interface

{
    "iface" : "futoin.defense",
    "version" : "{ver}",
    "ftn3rev" : "1.9",
    "imports" : [
        "futoin.ping:1.0",
        "futoin.auth.types:{ver}"
    ],
    "funcs" : {
        "onCall" : {
            "params" : {
                "user" : "AuthInfo",
                "client" : "ClientFingerprints",
                "request" : "FTNRequest"
            },
            "result" : {
                "refid" : "UUIDB64"
            },
            "desc" : "Call before processing each client's call"
        },
        "onResult" : {
            "params" : {
                "refid" : "UUIDB64",
                "response" : "FTNResponse"
            },
            "desc" : "Call after processing each client's call"
        },
        "onFail" : {
            "params" : {
                "refid" : "UUIDB64",
                "error" : {
                    "type" : "string",
                    "desc" : "Generated error"
                },
                "error_info" : {
                    "type" : "string",
                    "desc" : "Generated error info"
                }
            },
            "desc" : "Call before processing each client's call"
        }
    },
    "requires" : [
        "SecureChannel"
    ],
    "desc" : "AuthService Backend Provider interface"
}

=END OF SPEC=