Secure Electron Adapter

Description

Business Problem

The Secure Electron Adapter (SEA) targets the need for a completely open source means of developing secure, enterprise-class desktop applications. This technology is the means to host Web technology based (HTML5) applications directly on a computer desktop (versus within a consumer Web browser like Chrome or Edge). Specifically, this contribution offers a means to use Electron in a secured manner, making its use appropriate for the financial institution.

Proposed Solution

SEA provides a secure alternative to working directly with the Electron API. It acts as a firewall, intermediating API calls within a permission structure that obviates the risk of running third party content in a desktop agent.

It is pure open source, requiring no commercial software, relying exclusively on Electron.

The contribution has been assessed by a third party to be secure and of appropriate architecture to address security considerations generally. In addition to our own work designing a secured Electron, we have implemented or provided vetted, alternative approaches to all recommendations for security provided by the Electron community.

Architecturally, SEA is a JavaScript adapter, giving access to Electron window-manipulation and OS capabilities, via a disintermediation of the actual Electron APIs for security reasons. Access to the Node main process is restricted and security profiles have been provided and configured according to recommended practice. The framework provides an inter-application communication facility hosted from within the Electron main process.

Current State

SEA is currently a part of ChartIQ's commercial Finsemble offering. It was developed in 2018 and early 2019 as part of Finsemble's migration off of OpenFin technology due to the wish to run more purely on standard Electron capability. This is a production offering and the basis of current Finsemble client installations. It is our actively maintained product capability and we intend to continue evolving and maintaining it as such.
It is currently not completely isolated in a form we can contribute. We are in discussions regarding the appropriate packaging/isolation of it as a standalone framework appropriate for general consumption.

Existing Materials

We do not yet have this contribution in a form that is appropriate for open consumption. This submission is an indication of our intent and we are discussing the steps needed to extract from our commercial offering the capability described here.

Development Team & Commitment

We are actively maintaining and evolving this code base. We will continue to do so and we have an entire engineering team contributing. We have not decided how we will structure committers vs contributors from our teams.

We already maintain an active FINOS membership and participate in other programs. We will work to align this contribution with other appropriate programs within FINOS.

Status

Assignee

Maurizio Pillitu

Reporter

Christian Hall

Program

Plexus Interop

GitHub Repository

None

Story Points

13