13.9.1 - Authentication between participant agents

13.9.1 - Authentication between participant agents

Description

Simpl shall provide an API that allows any data space participant agent component to interact with other agent components, establishing mTLS connections with the agent credentials.
Simpl shall provide an HTTP proxy to any data space participant agent that will enforce mTLS outbound connections, made by any component, with the agent credentials (coming from onboarding).
Simpl shall provide a reverse proxy to any data space participant agent that will handle the incoming mTLS connection from any agent.
Simpl shall provide an API that:

• shall verify if any request from any data space participant agent component can be accepted or rejected.
• shall enforce the presence of the requestor's authentication, incorporating it into the forwarded request.
• shall verify the credentials of the data space participant agent that the data space participant agent component what to communicate with.
• shall block the communication if the credentials of the data space participant agent that the data space participant agent component is not valid (e.g. expired validity, revoked credentials, ...).
• shall verify if the credentials provided in the intra-agent communication are trusted by the data space governance authority identity provider federation.
• shall accept only trusted (by the data space governance authority identity provider federation) mTLS connections and reject the others.
• shall verify the credentials of the calling participant compliant with the selected IAA Tier 2 option.
• shall accept only requests that have validated identity attributes attached to the credentials of the calling participant.
• shall verify that the credentials are trusted by the data space governance authority identity provider federation.
• shall enforce deployed agent policies based on the attached attributes attached the credentials of the calling participant, if any.

Back to Simpl requirements overview