Security
The Security section describes the collective measures (security mechanisms) that enable the service to provide protection against security threats such as unauthorized access to service information; unauthorized disclosure, modification and destruction of information; unknown status and repudiation in execution; and denial of service. NOTE: A service can have more than one security mechanism.
The Security page contains an overall Security Description, as well as the following information for each security mechanism:
- Security Mechanism (required): A characteristic action or activity that the service performs to achieve a real world effect. Note that as soon as the user types in this field, a list will appear with Security Mechanisms required for the Service On-ramping form. The user may select one of these mechanisms, or populate the field with a free-form entry. If a mechanism from the list is chosen, the Description field will also be pre-populated with a standard definition.
- Description (required): An ultimate purpose associated with interacting with the service; the effect that results from invoking the function.
- Regulating Protocol: The location (URL) of the standard protocol or specification document that describes and governs the mechanism's implementation, or, if the mechanism is delegated to an external security service, the document that specifies that external service.