Authn. of delegating entity
20.1.6. Authentication of the delegating entity (REST client authentication)

To ensure that transaction approvals can only be performed by valid delegating entities (e.g. the e-banking system) the delegating entity must be authenticated by configuring an "Authenticator" and a "request Credential Policy" in the transaction approval module:

81010366.png
  • Request Credential Policy: defines how credentials are extracted from the request (e.g. BasicAuth header or client certificate)
  • Authenticator: authenticates the system by checking the credentials (e.g. check a password)

Logging

The delegating entity (e.g. e-banking system) executes actions in the name of the user. The logs are prefixed with "Transaction Approval by 'entity name': ", where 'entity name' is the name of the authenticated delegating entity.

Example Log Transaction Approval

2018-11-09 16:29:24,443 INFO  [TRC - auth - transaction-approval - SID: 818812557146449435 - RID: 991480948611470148] | 001 UserTrailLogger: uid:jdoe - Transaction Approval by ebankwebsrv1: Successful username check for user 'jdoe'.
2018-11-09 16:37:48,701 INFO  [TRC - auth - transaction-approval - SID: 818812557146449435 - RID: 211156898333224989] | 001 UserTrailLogger: uid:jdoe - Transaction Approval by ebankwebsrv1: Sending mTAN OTP for user 'jdoe' to mobile number '+41765403428'