The EXAMPLE-QIDO-SERVICE supports the following transport level security measures:
HTTP BASIC Authorization over SSL
Digest Authorization
SSL Client Certificates
The transport level security measures support bi-directional authentication using TLS connections. The EXAMPLE-QIDO-SERVICE can provide its certificate information, and can be configured with either a direct comparison (self-signed) certificate or a chain of trust certificate.
The EXAMPLE-QIDO-SERVICE will refuse a connection over TLS from a source that does not have a recognized authentication. For example, a certificate authenticated by "Big Hospital Provider." will not be accepted unless the EXAMPLE-QIDO-SERVICE has been configured to accept authentications from "Big Hospital Provider." The list of acceptable certificates for EXAMPLE-QIDO-SERVICE is not shared with certificates used by other system applications and must be maintained independently.
The EXAMPLE-QIDO-SERVICE can optionally be configured to use the following session authentication mechanisms:
Kerberos Local Domain Sessions
Shibboleth Cross Domain Sessions (using SAML2.0)
OAuth 2.0 complying with IHE ITI Internet User Authentication (IUA) Profile