Fusion Security is a web application that manages user accounts for the Fusion Product range. Fusion Security provides an authentication service that is used by the Fusion Products to authenticate user login requests.
Fusion Security is a web application, and provides a secured HTML web interface to manage user accounts.
Fusion Security provides a number of services to Fusion Products, including primarily an authentication service. In addition it contains services to support forgotten credentials, and generation of public/private key pairs, which support Fusion Matrix Embargo requirements.
Fusion Security, like all Fusion Products, is SDMX Aware. For Fusion Security this means that the available organisations that a user can be a member of are obtained from external SDMX web services, allowing Fusion Security to be connected to a Fusion Registry for example. When a Fusion Product performs an authentication request, it is actually submitting an SDMX REST query to Fusion Security for organisations. Fusion Security responds with an SDMX Structure Document containing the organisations to which the user belongs.
The entire state of Fusion Security can even be exported as a single SDMX Structure document; passwords are of course encrypted using a strong one way encryption algorithm.
A user account in Fusion Security may be linked to one or more organisations, where the available organisations are obtained from the connected SDMX Web Service. This means the Fusion Registry can be used to set up Agencies, Data Providers, and Data consumers, and Fusion Security will query the Fusion Registry SDMX Web Service in order to provide these organisations as valid choices to link a user account to.
In addition it is possible to configure Fusion Security to link to multiple SDMX Web Services. Fusion Security terms each external SDMX service as a Domain. By allowing Fusion Security to connect to multiple domains, it is possible to create a single user and grant them different levels of access to each connected Fusion Product.
Fusion Security provides the ability to restrict a user account to one or more specific or partial IP address definitions. If a user attempts to login to a Fusion Product with the correct credentials, but their IP address does not match any of the IP restrictions against their account, then they will not be authenticated and will be denied access.
Fusion Security provides the means to define password rules, such as minimum length, minimum number of characters and numbers, minimum number of uppercase and lower case characters. There is also the option of referencing a text file containing a list of disallowed passwords due to them being deemed to common or easy to guess.
Fusion Security provides the means to specify the maximum number of login attempts before automatic account lock down. If a user’s account is locked the user and all of the Fusion Security admin users will receive an email informing them of this. If connected to Fusion Audit an account lock event will also be audited. It is important to note that the process Fusion Security uses to authenticate a user makes a brute force attack on a user’s account infeasible.
Fusion Security can integrate with Fusion Audit, which is another web application which will capture and categorise security events such as log in, change password, account lock, and more.
Information on Fusion Audit is available here.