Security considerations
Authentication and Authorization
Orion doesn't provide "native" authentication nor any authorization mechanisms to enforce access control. However, authentication/authorization can be achieved the access control framework provided by FIWARE GEs.
More specifically, Orion is integrated in this framework using the FIWARE PEP Proxy GE. At the present moment, there are two GE implementantions (GEis) that can work with Orion Context Broker:
In the above links you will find the documentation about how to use both GEis.
HTTPS API
Orion Context Broker supports HTTPS, using the -https
options (which in addition needs the
-key and -cert options, to especify the files containing the private key
and certificates for the server, respectively). Check the command line
options section in the administration manual for
details.
Note that current Orion version cannot run in both HTTP and HTTPS at the
same time, i.e. using -https disables HTTP.
HTTPS notifications
Apart from using HTTPS in the API server exported by Orion, you can also use HTTPS in notifications. In order to do so:
- You have to use the "https" protocol schema in URL in you reference element in subscribeContext or subscribeContextAvailability subscriptions, e.g.
...
"reference": "https://mymachime.example.com:1028/notify"
...
- You have to use Rush as relayer (as the HTTPS encoding is implemented in Rush). See how to run Orion using Rush for additional information on this topic.