Coordination

To secure a system that communicates using FTL software, administrators and application developers must coordinate to share security requirements and artifacts.

Coordination Forms

Go to the TIBCO FTL documentation set to download coordination forms to guide the conversation between administrators and application developers as well as record important information, such as security requirements and settings. The coordination forms include:

Application Coordination Form: Developers and administrators use the form to identify the application, coordinate general application information, and the detail the expected deployment.
Durable Coordination Form: Developers and administrators use the form to coordinate the details of durable subscribers.
Endpoint Coordination Form: Developers and administrators use the form to coordinate the details that enable effective and efficient data transmission among application programs. Administrators use the following details captured in the form to select appropriate host computers and transports.
- Information about each endpoint ability, including a brief description of the messages that each ability carries
- The expected volume of data in each ability
- The priority of the data (relative to other messages).

Format Coordination Form: Developers and administrators use the form to coordinate the details of message formats for an application. It captures specific details about each format including field, field name, and data type.

Trust Files, Credentials, and Authorizing Groups

Administrators and developers also coordinate credentials, trust files, and authorization groups.

FTL Application Development

Credentials
Administrators configure user credentials for authentication and authorization, and supply them to developers for testing applications and to operations staff for running applications.
Trust File
Administrators supply a the location or contents of the FTL server trust file to developers and operations staff.

Developers code applications to specify the location or contents of the trust file in the realm connect call.
Authorization Groups
Developers inform administrators about the publish and subscribe requirements of clients.

Administrators configure channels with publish and subscribe authorization groups.

eFTL Application Development

Credentials
Administrators configure user credentials for authentication and authorization. Credentials are supplied to:
- Developers so they can test applications
- Device users so they can run applications that connect to a secure eFTL service
Trust File (FTL Server)
An eFTL client connects to the FTL server address.

Clients must trust a user-specified certificate (for example, using the client host's default trust store if the certificate has been signed by a well-known certificate authority).

To configure the FTL server to present a user-specified certificate to eFTL clients, use these YAML configuration parameters that are valid in the globals section:

custom.cert

custom.cert.private.key

custom.cert.private.key.password

This will not affect FTL clients. A client used to access the UI or web API must trust the user-specified certificate.
Trust File (eFTL Service)
An eFTL client connects directly to an eFTL service (for example, legacy clients, or after migrating servers).

Clients must trust a user-specified certificate.

To configure how the eFTL service listens, use the listen parameter in the eftlservice section of the FTL server YAML. For secure connections, this must be a "wss" address.

To configure the eFTL service to use a user-specified certificate, use the parameters in the eftlservice section of the FTL server YAML file:

server.cert

private.key

private.key.password
eFTL Authorization Groups
Developers inform administrators about the publish and subscribe requirements of clients.

Administrators configure channels with publish and subscribe authorization groups.

Did you find this helpful?

Yes No