Enterprise 11: Bot execution access by dynamic access token

The Control Room implements and enforces a Trusted Path for registration and authentication of Bot Creators and Bot Runners in accordance with NIST SC-11 to protect against any attempt to execute unauthorized bots.

The Control Room issues new client access tokens or identifiers through hashing, signed by the Control Room and sent to Bot Creators and Bot Runners over HTTPS. Every subsequent communication between Control Room and Bot Creator or Bot Runner is serviced by the Control Room after validation of the signature of the latest access token sent by the Bot Creator or Bot Runner. Each access token is unique to every Bot Creator or Bot Runner. This ensures that even if an unauthorized user could bypass enterprise security and access the system, the Control Room security restricts any damage.