Cybersecurity WG – FIX Authentication (FIXA) Subgroup
The FIX Authentication (FIXA) Subgroup is working to standardise and propose best practice for how firms are authenticated as part of the FIX session protocols. This is independent of using TLS (the Internet Transport Layer Security protocol) and FIXS (FTC’s FIX-over-TLS standard). However, the output will also provide an essential part of FIXS.
Our scope is currently to standardise authentication across the FIX4, FIXT and FIXP session protocols, and we are additionally considering WebSockets. The idea is to leverage HTTP Authentication and provide a standard framework across the FIX session protocols to allow us to embed or map HTTP Authentication. We can then use various HTTP Authentication schemes which we intend to shortlist or add to as necessary.
We are ultimately looking to make it easier for firms to communicate securely. We intend on doing this by improving standardisation and extensibility, using proven and generally accepted methods, and by deprecating out-of-date methods. The FIXA workstream is part of the FIX Cybersecurity Working Group and its focus is just one security control area from the many controls which the Cybersecurity Working Group is considering.
If you would like to get involved, please contact the FIX Program Office (firstname.lastname@example.org).
This is a private group. To join you must be a registered site member and request group membership.