Go Up
 

Introduction

Keeping the customers’ information secure is a top priority when it comes to any application. It is crucial for the business to do everything in power to ensure that customer’s information is safe on our website. One of the ways to do this is by having an authentication system in place. Authentication is the practice of verifying that someone is who they claim to be. When a customer is logging on to our system, where they have their confidential information stored, and we want to make absolute certain that they are indeed that customer.

The Medianet authentication and identity module is a stand alone module for authentication and storage of user and application data. It is centralized for all applications and is available to the applications via a well defined REST API, protected by HTTPS transport security.

An authentication module is a plug-in that collects user information such as a user ID and password, and compares the information against entries in a database. If a user provides information that meets the authentication criteria, the user is validated and, assuming the appropriate policy configuration, granted access to the requested resource. If the user provides information that does not meet the authentication criteria, the user is not validated and denied access to the requested resource.

mniam Features

Mniam come with a variety of features, such as.

medianet solutions

Authentication Data

The mniam stores all required authentication data to provide a login service for all applications attached to this module. The module handles the authentication of a user and the required tasks to safely store the userdata like the users password and then returns the user to the calling application.

Features:

  • Centralized Storage of authentication data
  • "One way" password hashing with state-of-the-art hashing methods
  • Available only via HTTPS with strong transport security
  • Works as the only authentication handler for all application
desing web shop
desing web shop

User Metadata

User may need additional data to be saved along with the login credentials to ensure the ease of use in the application, this data may be like User name, Shipping Address, Invoicing infromation and other confidencial information or settings from with in an application. So the mniam will store such information stored and available

Features

  • Centralized Storage of user metadata
  • Strong encryption with individual encryption keys per user
  • Available only via HTTPS with strong transport security
  • Well defined REST API to access the data from all attached applications
 

Roles

mniam provides a role management interface for attached applications. Every application has its own roles and need to attach users to this roles. On way would be, to let the applications handle the storage and assignment of roles to their own, but that might lead to inconsistent data. For example when a user gets deleted an application might be unreachable and not deleting the role assignments of this user. To guarantee a consistent set of user to role assignments, the module also provides a role management interface for attached applications.

mniam includes an API to create, read, update and delete roles per application and assigning or removing users from or to this roles. And mapping of permissions to this roles and frontend for managing the roles will be handled at the application level

Features

  • Centralized Storage of roles
  • Well defined REST API to access the role information
  • Available only via HTTPS with strong transport security
desing web shop
webshop services

Authentication token

Instead of using a general session cookie to handle userdata, mniam uses an Authentication token which contains infromations encrypted in a way, that with the decryption the validity of the data can be confirmed in a single step. And it provides a self-authenticating token and mniam provides required API to provide a validation service for every token and to revoke single tokens

 

Password complience

very application is only as secure as the weakest password from one of its users. mniam enforces different requirements on password strength, such as

  • the length of the password
  • if the password requires lower case characters
  • if the password requires upper case characters
  • if the password requires numbers
  • if the password requires special chars

As it is a central module which handles all the password actions for all the applications, any change in the existing requiremets or adding new requirements will be done in one time which can be refelcting in all the applications using it.

webshop services
 
webshop services

Bruteforce Detection

Bruteforcing users and passwords is a common technique on the internet to gain unallowed access to protected systems. When bruteforcing an application the attacker tries to guess the used password for a specific user account. Every guess is a new request to the application which, depending on the level of agressivness of the attacker, might lead to load problems within the application. And if a weaker password is used it might lead to the exposure of a user password.

mniam provides built-in Bruteforce detection and mitigation. And it detects such bruteforce actions and uses different techniques to mitigate the attack.

 

Logging

Provides a different logging data such as

  • Error Logs
  • Security Logs
  • Audit logs
  • General Logs

mniam uses an extensive logging framework to log such information into an external logging systems, which is specially protected against attacks and not directly accessible from the internet.
Provides safe and secure logging backend with the capabilities to track even actions from internal prepetrators.

web service
webshop services

GDPR Supportive

All API calls and internal data structures are written with the european General Data Protection Regulation in mind. Data is only transferred via connections with strong encryption in place and where it is possible and feasible the data is stored in an encrypted way. Every application using the API from this module will automatically benefit from the features, because they can not be deactivated.