Following assumptions are made on security, which will have to be ratified in consultation with infrastructure.

  1. There will be cert based mutual SSL between the remote client and Convera at the infrastructure level between endpoints.
  2. The application will provide role-based access using HTTP BASIC authentication.

In two-way SSL authentication, the SSL client application verifies the identity of the SSL server application, and then the SSL server application verifies the identity of the SSL-client application. Two-way SSL authentication is also referred to as client authentication because the application acting as an SSL client presents its certificate to the SSL server after the SSL server authenticates itself to the SSL client. The assumption is that the two way SSL authentication will be implemented at the web server layer.