top of page
Test Stuff (64)_edited.png

N-CAPIE
Security Standards

Security

OAuth 2.0

OAuth enhances security by providing a more secure and controlled way to grant and manage access to resources, reducing the risks associated with traditional authentication and authorization methods.

N-CAPIE can integrate with any Identity Provider (IDP) implementing the OAuth standard. We configure the service for each client’s specific security integration requirements at the time of Onboarding.

Authentication and Access

Test Stuff (1)_edited.jpg

Authentication of Users and Access to Runtime Environments​ works as follows:

  1. Users Login credentials are redirected to IDP for Authentication

  2. Once Authentication occurs, the IDP sends an Authorization Code

  3. N-CAPIE requests the IDP to exchange the Authorization Code for a JWT

  4. IDP validates the Authorization Code and returns a valid JWT

  5. N-CAPIE sets the JWT into the HTTP Authorization Header and sends requests to the Design Environment

  6. The Design Environment validates that the JWT is valid, processes the API request and returns the response to N-CAPIE.

JSON Web Key Set (JWKS): When each environment is started, it downloads a JWKS from the IDP which is used to validate JWTs sent to the environment.

API Accessors

Test Stuff (2)_edited.jpg

For Applications attempting to access N-CAPIE APIs the process is as follows:

  1. The API Accessor redirects to IDP for Authentication

  2. Once Authorization occurs, the IDP returns an Authorization Code

  3. The API Accessor requests the IDP to exchange the Authorization Code for a JWT

  4. IDP validates the Authorization Code and returns a valid JWT

  5. The API Accessor then sets the JWT into the HTTP Authorization Header and sends requests to the Design Environment. (Where the UI must access the other Environments, this token must also be provided).

  6. The Design Environment validates that the JWT is valid, processes the API request and returns the response to N-CAPIE.

Standards

ISO 27001:2002 & CIS

Test Stuff (67).png

ISO 27001:2002

Ostia adheres to the ISO 27001:2022 standard and has implemented a systematic approach to managing sensitive company and customer information, including:

  1. Risk Management: Identifying, assessing, and mitigating risks to your data

  2. Continuous Improvement: Regularly updating our security practices to address emerging threats

  3. Compliance: Meeting stringent regulatory and legal requirements.

CIS Benchmark Standards

We align our security practices with the Center for Internet Security (CIS) Benchmarks in order to:

  1. Harden Systems: Implementing configurations that reduce vulnerabilities

  2. Ensure Consistency: Standardizing security measures across our environment

  3. Enhance Visibility: Providing clear insights into our security posture

Test Stuff (59).png
bottom of page