-
Notifications
You must be signed in to change notification settings - Fork 79
Messaging Guide
The Message Security Layer (MSL) Framework does not require that application data be transported with any specific security properties. Although encryption and integrity protection will automatically be provided whenever possible, the application must explicitly specify the security properties required by the data being sent. The MSL stack will then ensure the data is only transmitted if it can satisfy those requirements.
The message-specific properties that must be specified when sending a message are:
- Is encryption required?
- Is integrity protection required?
- Does the data need to be non-replayable?
- Are service tokens expected in the response?
- Is the data associated with a user?
Message security properties are dictated to the MSL stack by providing a MessageContext
when sending a message. The message-specific properties described above map onto the MessageContext
API as follows:
Property | API | Return Value Type |
---|---|---|
Encryption Required | MessageContext.isEncrypted() |
boolean |
Integrity Protection Required | MessageContext.isIntegrityProtected() |
boolean |
Non-Replayable Required | MessageContext.isNonReplayable() |
boolean |
Service Tokens Expected | MessageContext.isRequestingTokens() |
boolean |
User Associated | MessageContext.getUserId() MessageContext.getUserAuthData() |
stringUserAuthenticationData |
The security properties required by a message depend upon the type, purpose, and effect of the data being transported. This guide documents the requirements associated with certain types of application data. These requirements can be used as guidance when determining the security properties required by other types of application data.
To ensure data is properly secured, message recipients should verify that the message was transmitted with the required security properties. If it was not, responding with an application level error is appropriate.
This guide covers some common message types:
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide