IAM and Security Practices

The various applications that the P2 (Platform 2.0) technology stack utilizes need to be installed on either on-premise machines or cloud based machines. They all run on a Linux variant as the underlying OS. Normally one or more applications are then installed in these servers to provide the required functionality. These servers and the applications contained on them need to be protected. This policy also applies to those organizations that PSI supports with their technology, either for on-premise installations or cloud based setups.

Security Policy

The Standard of Practice for Security covers the following areas:

1. Authentication: how users and clients are verified and granted access to the web application server.

2. Authorization: how permissions and roles are assigned and enforced for different users and clients.

3. Encryption: how data is encrypted in transit and at rest to prevent interception or tampering.

4. Backup: how data is backed up and restored in case of loss or corruption.

5. Disaster recovery: how the web application server is prepared and recovered from natural or man-made disasters.

6. Logging: how activities and events are recorded and monitored on the web application server.

7. Auditing: how security incidents and violations are detected and reported on the web application server.

IAM (Identity Access Management)

Identity Access Management (IAM) is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. The P2 Architecture uses Keycloak, an open source IAM solution.

IAM - Identity and Access Management

Keycloak Realm Configuration Guidelines