MOSIP and Partners communicate with each other when indviduals avail services of Partners. The communication must to be executed safely and securely.
Confidential: The communication should be confidential and no other parties should be able to eaves drop the communicated details.
Integrity: The integrity of the communication should be maintained.
All communication from Partners to MOSIP is routed via the MISP.
The communication is protected via the secured network protocol suite of IPSec.
Process flow for communication at Presentation Layer:
Partner pings MOSIP.
Partner gets the MOSIP certificate which is signed by the Root CA.
Partner then verifies the MOSIP certificate with the Root CA.
Once validated, the Partner shares its SSL certificate to the MOSIP. This SSL certificate is already signed by MOSIP as Root CA.
MOSIP verifies the SSL certificate.
Once both the SSL certificates are validated, the communication channel is established and communication happens.
The data is encrypted in the Application Layer itself before it gets into the Presentation Layer.
The Encryption certificate is shared across by both the parties (MOSIP & Partners) to decrypt the content.
Both the parties (MOSIP and Partner) have to sign the request and response in the communication.
Partner signs request and response using Partner's signature certificate. MOSIP can verify the signature using Partner's public key.
MOSIP signs request and response using MOSIP signature certificate. Partner can verify signature using MOSIP's public key.
Altogether, 3 certificates are used in the communication:
SSL certificate: Used in the Presentation Layer
Encryption certificate: Used in the Application Layer
Signature certificate: Used in the Application Layer