The SAM Peer Interface is an interface that manages requests from remote systems. The SAM initiates connections to a peer connector via the SAM Peer Interface.
A peer connector is a representation of a remote instance. More precisely, these are instances that are known to the system currently under consideration and to which it can establish a connection. Peer Connectors are characterized in particular by a connection URL and TLS certificate information, as well as a pool of reusable outgoing connections. The identity of an instance consists of a client SSL X509 certificate and a key pair in one of the instance's crypto tokens.
Connections are made over mutually authenticated HTTPS and are also designated as a channel. The first connection to a peer using the same client certificate undergoes a full authentication check.
To allow connections, a new peer connector must be added to the system. The connection must be checked for mutual trust. Messages are authorized. Furthermore, roles and access rules must be assigned to the peer connector. The following configurations must be set up to obtain the necessary roles and thus correct access rules:
|
Role |
Allowed SAM PI Operations |
|
Privileged User |
Create_New_Privileged_User, Create_New_Signer, Signer_Maintenance, Generate_Signer_Key_Pair, Delete_Signer_Key_Pair |
|
Signer |
Signer_Maintenance, Generate_Signer_Key_Pair, Delete_Signer_Key_Pair, Signing |
|
Privileged User Technical |
Create_New_Signer |
Table 16: Roles and allowed operations of the SAM Peer Interface