Questionmark's Open Assessment Platform

Security settings

There are three configuration settings that determine how QMWISe enforces security:

  • SecurityRequire
  • TrustRequire
  • TrustedKey

The table below outlines how QMWISe enforces security with the various permutations of the SecurityRequire and TrustRequire settings.

Please note that if you want to communicate securely with Perception through your own application, you will need to use security headers. Only Questionmark applications (such as Questionmark to Go) can use trusted security. You cannot implement trusted security for your own applications.

Note: 1 indicates true and 0 indicates false.

TrustRequire SecurityRequire Effect
1 0 When TrustRequire is set to 1 (true), requests to QMWISe must include a valid trust header which will be validated with the value of the TrustedKey. When TrustRequireis set to true, SecurityRequire is ignored. 
1 0
0 1 All requests to QMWISe must be accompanied by either a valid security header or a valid trust header. If a trust header is sent it will be validated using the TrustedKey.
0 0 Requests to QMWISe need neither a security nor a trust header. However, if a trust header is sent this will be validated using the value of the TrustedKey. If a security header is sent with the request this will be ignored.

If SecurityRequire is missing, then the value is treated as if it were set to false. The same is true for TrustRequire.

Trusted security

Only Questionmark applications (such as Questionmark to Go or the Blackboard Connector) can use trusted security, you cannot implement it for your own applications. However, you can use the TrustRequire and TrustedKey settings to ensure that only your own users can use Questionmark applications.