The Security Model
Retail Home's security requirements come from the need to protect application data from unauthorized changes. This is accomplished by the following security features:
-
Authentication - Retail Home services restrict access to users that have been authenticated by the configured security provider.
-
Authorization - Retail Home uses enterprise roles to limit what features individual users can access. OAuth scopes are used to limit access from automated processes.
-
Origin Control - Retail Home services implement the Cross-Origin Resource Sharing (CORS) protocol using a domain allowlist to limit where requests may be made from.
-
Transport Security - The Retail Home client and services communicate via REST calls from the client. The services also make SOAP calls if configured to use an OBIEE instance. These communications need to be secured.