From 521e93f68eeec9e83a773e1a9de6000033e44fb1 Mon Sep 17 00:00:00 2001 From: Jeremy Tandy Date: Thu, 24 Oct 2024 16:00:38 +0100 Subject: [PATCH] Minor edits following review editorial only - no content changes --- guide/sections/part2/wis2node.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/guide/sections/part2/wis2node.adoc b/guide/sections/part2/wis2node.adoc index b737b9b..9ed7d45 100644 --- a/guide/sections/part2/wis2node.adoc +++ b/guide/sections/part2/wis2node.adoc @@ -66,11 +66,11 @@ It is not advisable to use a system name in the centre-id because system names m When configuring a WIS2 Node, it is necessary to consider how it will be accessed by Global Services and data consumers. -Global Brokers must authenticate when they connect to the MQTT Message Broker in the WIS2 Node. Username and password credentials are used.footnote:[The default connection credentials for a WIS2 Node Message Broker are username ``everyone`` and password ``everyone`` WIS2 Node operators should choose credentials that meet their local policies (for example, password complexity).]. When registering the WIS2 Node with the WMO Secretariat, these credentials must be provided. The WMO Secretariat will share the credentials with the Global Service operators and store them in the WIS register. These credentials should not be considered confidential or secret. +Global Brokers must authenticate when they connect to the MQTT Message Broker in the WIS2 Node. Username and password credentials are used.footnote:[The default connection credentials for a WIS2 Node Message Broker are username ``everyone`` and password ``everyone`` WIS2 Node operators should choose credentials that meet their local policies (for example, password complexity).] When registering the WIS2 Node with the WMO Secretariat, these credentials must be provided. The WMO Secretariat will share the credentials with the Global Service operators and store them in the WIS register. These credentials should not be considered confidential or secret. Given that Global Brokers republish notification messages provided by the WIS2 Node, access to the MQTT Message Broker may be restricted. Global Brokers operate using a fixed IP address, which allows access to be granted using IP filtering.footnote:[In WIS2, IP addresses are used to determine the origin of connections and confer trust to remote systems. It is well documented that IP addresses can be hijacked and that more sophisticated mechanisms, such as Public Key Infrastructure (PKI), are available for reliably determining the origin of connection requests. However, the complexities of implementing such mechanisms create barriers to Member participation in WIS2. For the purposes of WIS2, which involves distributing publicly accessible data and messages, IP addresses are considered to provide an adequate level of trust.] MQTT Message Brokers must be accessible by more than one Global Broker to ensure resilient transmission of notification messages to WIS2. -If your WIS2 Node only publishes core data,footnote:[In some cases, WIS2 Nodes will need to serve core data directly (see <<_1_3_3_5_considerations_when_providing_core_data_in_wis2>>). In these situations, the WIS2 Node data server must remain publicly accessible.] access to the data server may also be restricted, with the distribution of data handled by Global Caches. Global Caches also operate on fixed IP addresses, allowing their connections to be easily identified. Again, access must be granted to more than one Global Broker to ensure resilience. +If your WIS2 Node only publishes core datafootnote:[In some cases, WIS2 Nodes will need to serve core data directly (see <<_1_3_3_5_considerations_when_providing_core_data_in_wis2>>). In these situations, the WIS2 Node data server must remain publicly accessible.], access to the data server may also be restricted, with the distribution of data handled by Global Caches. Global Caches also operate on fixed IP addresses, allowing their connections to be easily identified. Again, access must be granted to more than one Global Broker to ensure resilience. During registration, the WMO Secretariat will provide host names and IP addresses of the Global Services to enable access controls to be configured.