Identity Security: Ensures authentication and authorization of communicating parties.

• Authentication: Utilizes Public Key Infrastructure (PKI) technology. For FL projects, a Root CA with a self-signed root certificate issues all necessary certificates for communicating parties.
• Roles: Defines roles such as Project Admin, Organization Admin, Lead, and Member.
• Centralized Authorization: Enforces authorization based on user roles via NVIDIA FLARE servers.
• Federated Authorization: Allows each site to enforce their own defined authorization rules.
• Site Policy Management: Enables sites to define their own policies for resource management, authorization, and privacy protection.
• Event-Based Plugins: Supports site-specific authentication integration with site authentication systems and allows site-specific plugins for authorization enforcement.
• Data Privacy Enforcement: Uses a filter mechanism to enforce data privacy policies.

Communication Security: Ensures the confidentiality of data communication messages.

• Message Serialization: Applies techniques to ensure safe serialization and deserialization processes between communicating parties.

Component Security: Leverages a plugin mechanism to detect unsafe components.

Auditing: Provides built-in audit logs for increased transparency and accountability.

Privacy Protection: Offers multiple approaches to safeguard data privacy.

• Filtering Mechanism
• Traditional Privacy Enhancing Technologies (PET): Includes differential privacy techniques.
• Homomorphic Encryption
• Multi-party Private Set Intersection (PSI)
• Confidential Computing

To learn more, visit the Security section in our documention.