Citizen Account Security Considerations

Displaying sensitive data to clients over the web inherently is dangerous and security must be a primary concern when administrators develop Citizen Account customizations. All public-facing applications must undergo rigorous security analysis and testing before they are deployed. Users must contact IBM support to discuss unusual customizations that might have specific security issues.

For more information, see the topic, Securing Universal Access (UA).

Refer also to the related link for a description of how to make the enhancement request.

Permission to call the server facade methods that serve data to Citizen Account pages is managed by the standard authorization model. For more information, see the Cúram Server Developer documentation. In addition to the standard authorization checks, each facade method that is called by a Citizen Account page must complete the following security checks to ensure the user who is associated with the transaction (the currently logged in user) has permission to access the data they are requesting:

• Ensure that the currently logged in user is of the correct type. They must be an External user with an applicationCode of CITWSAPP, and have a UA account of type Linked.
• Ensure that the currently logged in user has permission to access the specific records that they are reading. For instance, validate any page parameters that are passed in to ensure that the records requested are related to the currently logged in user in some way.