Log in specification ===================== Source: Provoznà Åád ISDS, version 2010-01-22, Pages 10â13, 16 Source: Vyhláška o stanovenà podrobnostà užÃvánà a provozovánà ISDS (194/2009 Coll.) Source: Webové služby ISDS pro manipulaci s datovými zprávami, version 2 (2009-06-25) Connection tracking of web services is done via HTTP Cookie, or HTTP client must attach authentication data to each request. These two different connection trackings are differentiated on base URL clients connect to. Allowed log in methods: â HTTPS connection, server authenticated using SSL server certificate, user authenticated using HTTP 1.1 basic authentication with user name and password. â SSL connection, user authenticated using `commercial' client certificate AND user name and password. The client certificate must be preregistered in web (browser) interface. â SSL connection, user authenticated using `system' client certificate. Client certificate must be preregistered to the box. â SSL connection, user authenticated using `system' client certificate of third party AND using HTTP 1.1 basic authentication (user name is box ID, password is empty). This case is intended for hosted Software as Service solutions. Note: Certificate attributes `commercial' and `system' are defined in Czech Electronic Signature Act. Once client certificate is registered, user could not log in with HTTP basic authentication only. Client private key must be stored in cryptographic device in non-exportable way. The device driver must provide any of the APIs in addition: â Microsoft CryptoAPI â PKCS#11 API through libp11 library. Log-in HTTP request must not be larger than 50 KB because server implementation uses weird HTTP redirects etc. Therefore SOAP DummyOperation is available for log-in purposes that is small enough (other SOAP requests can be much bigger). Desktop applications accessing ISDS must log in only on manual request of a user. Daemon implementations can log in automatically, but they are forbidden to abuse ISDS (e.g. redownloading old messages).