Chapter 6 DXp SeCurity The key elements of the DXP security framework are as follows: • Authentication validates the user’s identity. This includes the authentication mechanism, single-sign-on (SSO), and management of user credentials. • Privacy management ensures that the user’s personal information is protected. Privacy concerns should be addressed while storing the information, during transit, and sharing the information with third- party services. • Authorization validates the user’s permission and fine-grained access privileges to functionality and resources. Authorization enforces the privilege/role-based access to secure resources. • Confidentiality ensures that information exchange between intended parties is done securely on a need to know basis. • Data integrity ensures that information is not modified during transmission. Encryption and secure transport are needed to guarantee the data integrity. • Nonrepudiation ensures that data and proof cannot be altered or deleted, using robust tracing, authentication and authorization processes, and auditing. DXP Layer-Wise Security As a DXP is built with various layers, it is necessary to enforce security at each of the layers. Layer-wise security vulnerabilities and security measures for the DXP are shown in Figure 6-2. 184