Security context provide context about components during validation to determine how to best enforce security requirements. Oak9 applies security based on the tags associated with a component. In other words, different security context's apply a different level of security rigor.
Oak9 allows projects that can have a database that holds sensitive customer data. Due to the risk the database represents oak9 suggests security context be used to ensure stricter requirements are applied to it. See the figures below. As our business/project needs change, more tags can be applied to a component or they can be changed.
Types of Security Context
· Workforce - End users are workforce (employees/contractors).
· Consumers - End users are B2C consumers.
· Business Partners - End users are B2B partners.
· Physical - Person users have physical access to this component.
· Open: - Person or non-person users have open access to this component.
· Limited Sensitive Data: - Person or non-person users have limited access to
business sensitive data.
· Broad Sensitive Data: - Person or non-person users have broad access to business
· Security Privileged: - Person or non-person users have security privileged access
to business sensitive data.
· External Access - Component is externally accessible.
· Internal Access - Component is internally accessible.
· Remote Access - Component is remotely accessible.
· Wireless Access - Component is wirelessly accessible (for specific wireless use-
cases as opposed to externally or remotely accessible use-cases).
· Outbound Access - Component has outbound access to external networks.
· Data Sensitivity - Public, Business Sensitive
· Business Impact - Low, Medium, High