Coordination

Administrators supply a copy of the FTL server trust file to developers and operations staff.

Developers code applications to specify the location or contents of the trust file in the realm connect call.

Administrators configure user credentials for authentication and authorization, and supply them to developers for testing applications and to operations staff for running applications.

Administrators configure user credentials for authentication and authorization. Supply credentials to developers so they can test applications. Supply credentials to device users so they can run applications that connect to a secure eFTL service.

An eFTL client connects to the FTL server address

Clients must trust a user-specified certificate (e.g., using the client host's default trust store if the certificate has been signed by a well-known certificate authority).

To configure the FTL server to present a user-specified certificate to eFTL clients, use the custom.cert, custom.cert.private.key, and custom.cert.private.key. password YAML configuration parameters, valid in the globals section. This will not affect FTL clients. A client used to access the UI or web API must trust the user-specified certificate.

An eFTL client connects directly to an eFTL service (e.g. legacy clients, or after migrating servers).

Clients must trust a user-specified certificate.

To configure how the eFTL service listens, use the listen parameter in the eftlservice section of the FTL server YAML (for secure connections, this must be a "wss" address).

To configure the eFTL service to use a user-specified certificate, use the server.cert", private.key, and private.key.password parameters in the eftlservice section of the FTL server YAML file.

Developers inform administrators about the publish and subscribe requirements of clients.

Administrators configure channels with publish and subscribe authorization groups.