RTM Security Considerations

In creating an integration between the ColdTrace and OpenLMIS systems, there are certain security considerations that come up related to data and network security. The purpose of this page is to identify and document any security issues or needs that we anticipate will be related to integration between these two system, or more general integration with other RTM systems. This page can also include information on security best practices to build into our work.

This is an initial list, to be filled in as work progress.

  • What is the data exchanged:
    • LMIS - > RTM system
      • Facilities
      • Equipment
    • RTM System -> LMIS
      • Equipment notification

  • Standard risks:
    • Unauthorized access to facility/equipment records
    • Unauthorized access to notification data
    • Corruption/deletion of facility/equipment records
    • Spoofed notification data to LMIS system
    • Snooping on data exchanged in both directions

  • How are risks mitigated
    • SSL
    • RTM System
      • Inputs to notification are temperature data and rules which define the notifications. Only Nexleaf Staff can modify/edit these. In the future we may allow managing users to edit the rules for the notifications.
      • Facility and equipment data is access controlled.
      • Key exchanged for API access
      • If LMIS wants, we can add message authentication code (HMAC, etc…)
    • LMIS
      • Josh Zamor ... please fill in here.
      • Is facility and equipment data access controlled?
      • Is access to notification data access controlled?