end-to-end Mutual TLS (mTLS) for authenticating DSS API consumers

Options
pradhikshan
pradhikshan Newcomer
edited 6:07AM in DSS

I am writing to discuss an important security related matter to our integration with DSS APIs. Previously, We have been informed that DSS is not currently using end-to-end Mutual TLS (mTLS) for authenticating API consumers. While we understand the operational considerations, our security team has raised this as a significant concern due to the sensitivity of the data being exchanged.

We prioritize the security and integrity of our data and communications. End-to-end mTLS provides an additional layer of security by ensuring that both the client and the server authenticate each other, thereby mitigating the risk of man-in-the-middle attacks and unauthorized access.

We would greatly appreciate your insights and suggestions on how we can address this concern. Specifically, we are interested in understanding:

  • Are there any plans to implement end-to-end mTLS or similar robust authentication mechanisms in the near future?
  • If mTLS is not feasible, are there alternative security measures that we can consider to enhance the security of our API interactions?

We value our partnership with DSS and are confident that together we can find a solution that meets our security requirements.

Thank you for your attention to this matter. We look forward to your response and any guidance you can provide.

Answers

  • Jirapongse
    Jirapongse ✭✭✭✭✭

    @pradhikshan

    Thank you for reaching out to us.

    The DSS server is on the Internet so it uses standard TLS.

    As far as I know, it also supports Private Network through Delivery Direct/Financial Community Network (FCN), as mention on this document.

    Please contact the DSS support team directly via LSEG Support for more information.