4 Source: Provozní řád ISDS, version 2010-01-22, Pages 10–13, 16
5 Source: Vyhláška o stanovení podrobností užívání a provozování ISDS (194/2009
7 Source: Webové služby ISDS pro manipulaci s datovými zprávami,
11 Connection tracking of web services is done via HTTP Cookie, or HTTP client
12 must attach authentication data to each request. These two different
13 connection trackings are differentiated on base URL clients connect to.
15 Allowed log in methods:
17 – HTTPS connection, server authenticated using SSL server certificate,
18 user authenticated using HTTP 1.1 basic authentication with user name and
21 – SSL connection, user authenticated using `commerical' client
22 certificate AND username and passwod. The client certificate must be
23 preregistered in web (browser) interface.
25 – SSL connection, user authenticated using `system' client certificate.
26 Client certificate must be preregistered to the box.
28 – SSL connection, user authenticated using `system' client certificate of
29 third party AND using HTTP 1.1 basic authentication (user name is box ID,
30 password is empty). This case is intended for hosted Software as Service
33 Note: Certificate attributes `commercial' and `system' are defined in Czech
34 Electronic Signature Act.
36 Once client certificate is registered, user could not log in with HTTP basic
39 Client private key must be stored in cryptographic device in unexportable way.
40 The device driver must provide any of the APIs in addition:
43 – PKCS#11 API through libp11 library.
45 Login HTTP request must not be larger than 50 KB because server implementation
46 uses weird HTTP redirects etc. Therefore SOAP DummyOperation is available for
47 login purposes that is small enough (other SOAP requests can be much bigger).
49 Desktop applications accesing ISDS must log in only on manual request of
50 a user. Daemon implementations can log in automatically, but they are forbiden
51 to abuse ISDS (e.g. redownloading old messages).