Xentara WebSocket API Specification v2.0.3
User Manual
Light-Weight Sub-Sessions
See also
Xentara Security Authentication

The Xentara WebSocket interface includes light-weight sub-session features designed to efficiently manage and control access to resources. Although these sub-sessions are optional, they are particularly useful when integrated into the Graphical User Interface (GUI). Utilizing sub-sessions allows for integrated logging within the GUI, providing an additional security layer to prevent unauthorized write access. This approach enhances overall system security and ensures stronger access control within Xentara.

Key Features of Sub-Sessions:

  1. Efficient Resource Management: Sub-sessions facilitate fine-grained control over access to resources, optimizing resource usage and management.
  2. Enhanced Security: By enabling logging and detailed access control, sub-sessions add an extra layer of security, particularly valuable for GUI operations.
  3. Integration with GUI: The ability to directly incorporate logging into the GUI helps monitor and restrict access, ensuring that only authorized users can perform write operations.

Supported Authentication Methods:

The Xentara WebSocket interface supports three distinct authentication methods for establishing sub-sessions, each tailored to different security needs:

  1. OAuth 2.0 Authorization
  2. Certificate-Based Authentication.
  3. Username/Password Authentication

Each authentication method offers unique benefits and can be selected based on specific security requirements.

Establishing and Managing Sub-Sessions:

To initiate a sub-session, use the create light-weight sub-session command provided in the WebSocket API. This command allows you to set up a sub-session with the chosen authentication method.

Once the sub-session's purpose is fulfilled or no longer needed, it can be terminated using the close light-weight sub-session command. This ensures efficient management and timely release of resources.

Access Control with Sub-Sessions:

It is crucial to understand that sub-sessions can only impose additional restrictions on access rights. They cannot grant higher privileges than those originally assigned during the initial WebSocket connection. This ensures that sub-sessions adhere to the principle of least privilege, enhancing security by not allowing privilege escalation.

For more details on security and authentication in Xentara, refer to the section on Xentara Security and Authentication in the Xentara documentation.