SEMI E132 - Specification for Equipment Client Authentication and Authorization
This Specification describes a method for restricting access to communication with equipment by requiring clients to authenticate to the equipment before proceeding with subsequent communication, and provides a flexible authorization scheme to control client application access. Authorization allows parties who want to exchange information with or control the equipment to do so on a need-to-know and/or need-to-use basis.
The authorization scheme specified in this Standard allows equipment vendor the flexibility to provide access control at any level of granularity, ranging from no access control restrictions, predefined role-based access control, to very fine-grained control.
This is a Standard that applies to all semiconductor manufacturing equipment that requires authentication and authorization for its services. It does not apply to communication that is governed by the SEMI E30 communication and control state models.
This Standard does not require data transmitted over an established session to be encrypted, encryption is only required as specified by the authentication protocol. It is assumed that the interface specified by this Standard will be operating in an environment where there are no malicious attacks such as inside a closed factory network.
SEMI E132.1-1015 - Specification for Soap Binding for Equipment Client Authentication and Authorization (ECA)
Referenced SEMI Standards
SEMI E30 — Specification for the Generic Model for Communications and Control of SEMI Equipment (GEM)
SEMI E128 — Specification for XML Message Structures