The EXAMPLE-STOW-SERVICE supports the following transport level security measures:
HTTP BASIC Authorization over SSL
Digest Authorization
SSL Client Certificates
The transport level security measures support bi-directional authentication using TLS connections. The EXAMPLE-STOW-SERVICE can provide its certificate information, and can be configured with either a direct comparison (self-signed) certificate or a chain of trust certificates.
The EXAMPLE-STOW-SERVICE will refuse a connection over TLS from a source that does not have a recognized authentication. For example, a certificate authenticated by "Big Hospital Provider" will not be accepted unless the EXAMPLE-STOW-SERVICE has been configured to accept authentications from "Big Hospital Provider". The list of acceptable certificates for EXAMPLE-STOW-SERVICE is not shared with certificates used by other system applications and must be maintained independently.
The EXAMPLE-STOW-SERVICE can optionally be configured to use the following session authentication mechanisms:
Kerberos Local Domain Sessions
Shibboleth Cross Domain Sessions (using SAML2.0)
OAuth 2.0 complying with IHE ITI Internet User Authentication (IUA)