Secure Electron Adapter

Description

Business Problem

The Secure Electron Adapter (SEA) targets the need for a completely open source means of developing secure, enterprise-class desktop applications. This technology is the means to host Web technology based (HTML5) applications directly on a computer desktop (versus within a consumer Web browser like Chrome or Edge). Specifically, this contribution offers a means to use Electron in a secured manner, making its use appropriate for the financial institution.

Proposed Solution

SEA provides a secure alternative to working directly with the Electron API. It acts as a firewall, intermediating API calls within a permission structure that obviates the risk of running third party content in a desktop agent.

It is pure open source, requiring no commercial software, relying exclusively on Electron.

The contribution has been assessed by a third party to be secure and of appropriate architecture to address security considerations generally. In addition to our own work designing a secured Electron, we have implemented or provided vetted, alternative approaches to all recommendations for security provided by the Electron community.

Architecturally, SEA is a JavaScript adapter, giving access to Electron window-manipulation and OS capabilities, via a disintermediation of the actual Electron APIs for security reasons. Access to the Node main process is restricted and security profiles have been provided and configured according to recommended practice. The framework provides an inter-application communication facility hosted from within the Electron main process.

Current State

SEA is currently a part of ChartIQ's commercial Finsemble offering. It was developed in 2018 and early 2019 as part of Finsemble's migration off of OpenFin technology due to the wish to run more purely on standard Electron capability. This is a production offering and the basis of current Finsemble client installations. It is our actively maintained product capability and we intend to continue evolving and maintaining it as such.
It is currently not completely isolated in a form we can contribute. We are in discussions regarding the appropriate packaging/isolation of it as a standalone framework appropriate for general consumption.

Existing Materials

We do not yet have this contribution in a form that is appropriate for open consumption. This submission is an indication of our intent and we are discussing the steps needed to extract from our commercial offering the capability described here.

Development Team & Commitment

We are actively maintaining and evolving this code base. We will continue to do so and we have an entire engineering team contributing. We have not decided how we will structure committers vs contributors from our teams.

We already maintain an active FINOS membership and participate in other programs. We will work to align this contribution with other appropriate programs within FINOS.

Activity

Show:
Gabriele Columbro
April 7, 2020, 5:45 PM

That's amazing - thanks for the update. In order to get this done by the Board meeting we should get this done next week. Do you see it still doable?

I also know your team is also connecting with and to talk about a virtual meetup in early May, so it could be a great timing to announce the contribution!

Rob Schmidt
April 7, 2020, 8:34 PM

In order to get this done by the Board meeting we should get this done next week.

Makes sense. I have a meeting on Thursday afternoon that should confirm our ability to make that deadline…will be in touch w/ confirmation.

Rob

 

Gabriele Columbro
April 22, 2020, 5:01 PM

Per today's Board resolution on Program Deprecation FINOS officers can now approve top-level incubating Projects when not fitting in a specific Program.

So I will now proceed approving this contribution, congratulations and thanks for putting it forward!

Maurizio Pillitu
April 22, 2020, 7:17 PM

The code have been transferred and project have been registered in FINOS internal metadata.

Code is publicly available on https://github.com/finos/secure-electron-adapter and https://github.com/finos/sea-quick-start

Website is public on sea.finos.org - some styling fixes must be applied before sharing it.

I'm aware that and and are talking abour broder promotion plans, ie meetups and blogs, but we suggest sending out an announcement to announce@finos.org, we've put together a simple template you can follow if you'd like.

Finally, please sign up to community+subscribe@finos.org to be able to follow up on announcement reactions.

Maurizio Pillitu
May 5, 2020, 8:29 PM

Announcement sent out, contribution onboarded. Thanks and congratulations!

Assignee

Rob Schmidt

Reporter

Christian Hall

Program

Unknown/Not sure/TBD

Project Lead

None

GitHub Repository

None

Story Points

13
Configure