"Secure by designed” deployment
The BOS is a platform operating in "edge computing". The SpinalCore BOS can be deployed at the customer's choice either "on-premise" in the building network or on the customer's internal network. In both cases, the BOS is deployed in a secure environment and managed directly by the rules of the customer's ISD. The platform will be accessible according to the rights and rules of the customer ISD, the data belongs to the customer and the data exchanges are orchestrated by the local API gateway of the BOS. The BOS deployment environment itself is therefore a "secured by design" environment controlled by the IT department of the MOA.
Access management, authentication
SpinalCore offers administrator access allowing the creation, deletion and management of users. Each user is provided with a login and password and goes through an authentication procedure to access his dedicated space on the platform.
Rights management, confidentiality
The heart of the SpinalCore database management system provides rights management with very fine granularity. Each graph, sub-graph or node of the graph can be shared with read-only, read and write or read, write and share access rights. Rules make it possible to simplify the management of rights by file or by complete sub-graph to facilitate management of the platform.
Secure SSL access and via API Gateway
Data access can be done in two ways:
either via the SDK in direct access for the development of native applications certified by the integrator
or via APIs through API servers.
From this point of view, the API gateway has several roles:
provide selected and pre-filtered data
secure access to data by offering an intermediary (proxy) capable of filtering access, restricting accessible data and managing data flows
make it possible to adapt the modes of access or authentication to the specific needs of a client