B Secure Development Guide
This appendix provides an overview of common security risks for developers using the SL4000 web services API called StorageTek Library Control Interface (SCI), and information on how to address those risks.
SCI is a Web Services Definition Language (WSDL) based API that uses XML for data transmission and HTTPS for transport. SCI is bidirectional. For inbound SCI, the library is a server that responds to requests from a client program. Inbound SCI defines about 300 methods used to operate, configure, or monitor the library. Outbound SCI defines a set of about 25 methods that the library uses to send notifications. For outbound SCI, the library is the client for an external server.
Both the inbound and outbound interfaces provide similar security functionality:
-
Transport layer security with HTTPS using TLSv1.1 or TLSv1.2 protocols
-
Authentication with a username password token
-
Authorization for role based access control on inbound methods