Authorization and authentication
To authorize both subscriber and publisher, you can use JWT and Mutual Authentication. To complete the configuration you have to configure at least one of these methods.
Mutual Authentication
Mutual authentication, also known as two-way authentication, is a security process in which entities authenticate each other before actual communication occurs. In a network environment, this requires that both the client and the server must provide digital certificates to prove their identities. In a mutual authentication process, a connection can occur only if the client and the server exchange, verify, and trust each other’s certificates. The certificate exchange occurs by means of the Transport Layer Security (TLS) protocol. The core of this process is to make sure that clients communicate with legitimate servers, and servers cooperate only with clients who attempt access for legitimate purposes.
JSON Web Token (JWT)
- Header
- Describes the type of the token and the encryption algorithm used.
- Payload
- In the Edge Connect context, it contains the claims. In this case it would be user ID and groups he belongs to.
- Signature
- The signature is used to prove that the message wasn't changed after being sent, and, in the case of tokens signed with a private key, it can also verify that the sender of the JWT is who it says it is.