end-to-end Mutual TLS (mTLS) for authenticating DSS API consumers

I am writing to discuss an important security related matter to our integration with DSS APIs. Previously, We have been informed that DSS is not currently using end-to-end Mutual TLS (mTLS) for authenticating API consumers. While we understand the operational considerations, our security team has raised this as a significant concern due to the sensitivity of the data being exchanged.
We prioritize the security and integrity of our data and communications. End-to-end mTLS provides an additional layer of security by ensuring that both the client and the server authenticate each other, thereby mitigating the risk of man-in-the-middle attacks and unauthorized access.
We would greatly appreciate your insights and suggestions on how we can address this concern. Specifically, we are interested in understanding:
- Are there any plans to implement end-to-end mTLS or similar robust authentication mechanisms in the near future?
- If mTLS is not feasible, are there alternative security measures that we can consider to enhance the security of our API interactions?
We value our partnership with DSS and are confident that together we can find a solution that meets our security requirements.
Thank you for your attention to this matter. We look forward to your response and any guidance you can provide.
Answers
-
Thank you for reaching out to us.
The DSS server is on the Internet so it uses standard TLS.
As far as I know, it also supports Private Network through Delivery Direct/Financial Community Network (FCN), as mention on this document.
Please contact the DSS support team directly via LSEG Support for more information.
0
Categories
- All Categories
- 3 Polls
- 6 AHS
- 36 Alpha
- 166 App Studio
- 6 Block Chain
- 4 Bot Platform
- 18 Connected Risk APIs
- 47 Data Fusion
- 34 Data Model Discovery
- 690 Datastream
- 1.5K DSS
- 629 Eikon COM
- 5.2K Eikon Data APIs
- 11 Electronic Trading
- 1 Generic FIX
- 7 Local Bank Node API
- 3 Trading API
- 2.9K Elektron
- 1.4K EMA
- 255 ETA
- 560 WebSocket API
- 39 FX Venues
- 15 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 25 Messenger Bot
- 3 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 60 Open Calais
- 281 Open PermID
- 46 Entity Search
- 2 Org ID
- 1 PAM
- PAM - Logging
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 23 RDMS
- 2K Refinitiv Data Platform
- 723 Refinitiv Data Platform Libraries
- 4 LSEG Due Diligence
- LSEG Due Diligence Portal API
- 4 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.2K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 12 World-Check Customer Risk Screener
- 1K World-Check One
- 46 World-Check One Zero Footprint
- 45 Side by Side Integration API
- 2 Test Space
- 3 Thomson One Smart
- 10 TR Knowledge Graph
- 151 Transactions
- 143 REDI API
- 1.8K TREP APIs
- 4 CAT
- 27 DACS Station
- 121 Open DACS
- 1.1K RFA
- 106 UPA
- 194 TREP Infrastructure
- 229 TRKD
- 918 TRTH
- 5 Velocity Analytics
- 9 Wealth Management Web Services
- 95 Workspace SDK
- 11 Element Framework
- 5 Grid
- 19 World-Check Data File
- 1 Yield Book Analytics
- 48 中文论坛