Difference between revisions of "Startup FAQ"

From TempusServa wiki
Jump to navigation Jump to search
old>Admin
old>Admin
Line 27: Line 27:
== Security ==
== Security ==


==== Authentication ====
=== Authentication ===
Authentication is based on username/password.
Authentication is based on username/password.


Line 39: Line 39:
* Google, Azure, Facebook, LinkedIn
* Google, Azure, Facebook, LinkedIn


==== Authorization ====
=== Authorization ===
User permissions are granted via inheritable group membership
User permissions are granted via inheritable group membership


Line 51: Line 51:
* Bulk operations
* Bulk operations


==== Encryption ====
=== Encryption ===
Transport encryption is based on SSL via HTTPS policies
Transport encryption is based on SSL via HTTPS policies


Line 60: Line 60:
Password are hashed using BCrypt algorithm.
Password are hashed using BCrypt algorithm.


==== Protection ====
=== Protection ===
Platform complies with all requirements in OWASP level 2
Platform complies with all requirements in OWASP level 2
* Hacking: SQL injection, XSS, CSRF
* Hacking: SQL injection, XSS, CSRF

Revision as of 10:22, 19 February 2020

Data handling

Storage and backup

You can choose between

  • On premisis (your location)
  • Cloud hosting

Cloud hosting will be handled on AWS datacentres in either Ireland or Sweden.

Backup is done to segregated triple redundant storage

  • Daily for at least a month
  • Monthly for at least 2 years

Access and ownership

Data in the systems belongs to exclusively to the customer.

TS support will in some cases need to access data under non-disclosure obligations.

GDPR compliance and retention

The platform contains everything needed for GDPR compliance in you systems.

Using workflow automation automatic deletion or annoumization can be set up: This should be configured in accordance with your retention and privacy policy.

A data processing agreement will be issued to your organization automatically,

Security

Authentication

Authentication is based on username/password.

Optionally 2-factor authentication can be set up using af mix of

  • SMS sent to phone
  • IP address of callers

Single signon integration is included for

  • ADFS
  • LDAP (and AD)
  • Google, Azure, Facebook, LinkedIn

Authorization

User permissions are granted via inheritable group membership

Authorization schemes

  • Field level control
  • State model
  • Data ownership

Additionally special roles can be assigned

  • Administrator (backend)
  • Bulk operations

Encryption

Transport encryption is based on SSL via HTTPS policies

Storage encryption is best handled via operating system measures

  • Linux: LUKS
  • Windows: Bitlocker

Password are hashed using BCrypt algorithm.

Protection

Platform complies with all requirements in OWASP level 2

  • Hacking: SQL injection, XSS, CSRF
  • Password policies

Requirements

Languages

Frontend can run multiple languages simultanously.

  • Preconfigured languages
    • English
    • Danish
  • Other languages must be setup in the backend

Backend language is english

Software

User clients

A modern browser is needed

  • Chrome
  • Mozilla firefox
  • Microsoft edge

To use certain features an office suite will be needed (any version later than 2010)

Servers (option)

On premesis installations will need

  • Java 7+
  • MySQL 5+
  • Servlet engine

Skills

Developer (option)

In order to build and maintain applications 1 day of training is needed.

Administrators (option)

Platform maintainence upgrade requires very little skill, as software is self upgrading

  1. Stop service
  2. Copy archieve
  3. Start service

Licenses

Anonoumous users

Anonoumous users are paid for per interface: All users using a specific interface is counted as a single user license (1 SUL).

Light users

Some users will only cost a fraction of a normal user license (SUL)

  • Only read access
  • Infrequent users
  • Simple solutions