Security Considerations

Security is paramount in the Issuer Service:

  1. API Authentication and Authorization:

    • Client Secret: Sensitive operations (schema management, issuing offerings) require x-client-secret.

    • Bearer Tokens: Wallets use bearer tokens (obtained from authorization codes) to retrieve credentials.

  2. Transport Security: Always use HTTPS to protect data in transit.

  3. Credential Integrity: Credentials are cryptographically signed. Any tampering invalidates the signature.

  4. Replay Attack Prevention: Authorization flows use state and nonce parameters. Replayed requests are rejected.

  5. Access Controls and Monitoring: Consider IP whitelisting, firewalls, and audit logs to track suspicious activities. Implement rate limiting to prevent brute-force attempts.

  6. Key Management: Keys are managed internally. Future enhancements will support key rotation, maintaining long-term security.

By following these measures, the Issuer Service maintains trust and integrity within the SSI ecosystem.

PreviousInteracting with WalletsNextError Handling and Troubleshooting

Last updated