S4. Security Considerations
XDOC can pass a Security Token to the External System that can be used to ensure that the Request is Trusted. The Security Token can use the same structure and encryption as the Security Token in the XDOC Container Provider Service and other XDOC Services, or it can be defined by the External System as either a static string or some other dynamically generated algorithm.
The use of a Security Token is optional for Service invocations from trusted applications. It is merely provided as an additional security measure. Implementing security can always be handled using standard Firewall and Webs Server based mechanism that are outside of either system, such as:
- Firewall restrictions based on the Invoking Application’s IP Address.
- Certificates required in the Invoking Application’s HTTP Request.