Messaging Guide

The Message Security Layer (MSL) Framework does not require that application data be transported with any specific security properties. Although encryption and integrity protection will automatically be provided whenever possible, the application must explicitly specify the security properties required by the data being sent. The MSL stack will then ensure the data is only transmitted if it can satisfy those requirements.

The message-specific properties that must be specified when sending a message are:

• Is encryption required?
• Is integrity protection required?
• Does the data need to be non-replayable?
• Are service tokens expected in the response?
• Is the data associated with a user?

API Mapping

Message security properties are dictated to the MSL stack by providing a MessageContext when sending a message. The message-specific properties described above map onto the MessageContext API as follows:

Property	API	Return Value Type
Encryption Required	MessageContext.isEncrypted()	boolean
Integrity Protection Required	MessageContext.isIntegrityProtected()	boolean
Non-Replayable Required	MessageContext.isNonReplayable()	boolean
Service Tokens Expected	MessageContext.isRequestingTokens()	boolean
User Associated	MessageContext.getUserId() MessageContext.getUserAuthData()	string UserAuthenticationData

Message Security Properties

The security properties required by a message depend upon the type, purpose, and effect of the data being transported. This guide documents the requirements associated with certain types of application data. These requirements can be used as guidance when determining the security properties required by other types of application data.

To ensure data is properly secured, message recipients should verify that the message was transmitted with the required security properties. If it was not, responding with an application level error is appropriate.

This guide covers some common message types:

• Crypto Failures
• Information
• Modification
• Authorization
• Command & Control