03.10.2015 the digital library hussayn dabbous the access control system what it does … how it...
TRANSCRIPT
21.04.23
The digital library
Hussayn Dabbous
• The access control system What it does … How it works ... Known Problems
•The User authentification subsystem
•Future plans Interfaces to Oracle, SAP- R/3 LDAP . . .
21.04.23
Some Definitions ...
Aman (Access Manager):• knows, where the local CON is running• can transport order requests to the Billing System
CON (Access Control System):• handles the access to the digital library• Denies unauthorized accesses• Finds out, which items have to be payed • ...
ZUS (Access System):• Handles queries to multiple search DB‘s• Creates the usergroup dependent search-entry-pages
BILL (Billing System):• Handles all issued orders• Creates bills• Stores/archives Billing data
DBServer (User Database):• Provides the User account• Stores user specific profiles
CGI (Plugin Module):• Is the Portal into the Digibib• Distributes incoming requests to the appropriate CON
21.04.23
The access control system What it does …
What the System should do : • On/Off-Campus access• IP-Checker for Anonymous Login• User accounting• User groups• Access via Smartcard• Session Control• Secure comunication (SSL)• Order Control
21.04.23
How it works
Con(1)
CGI
Aman
Where is the Con ?
Con(2)
Zus
Order info
request
request
order
queryquery
The access control system
DBServer
User ok ?
21.04.23
WWW-ServerCON
Access-Manager (AMan)
WWW-Server
CON
AMan
ZUS
ZUS
Bill
How it works
Order Data The proposed Configuration ofThe Digital Library NRW
Cologne Bielefeld
Cologne
The access control system
21.04.23
How it works
BillOrder Data
WWW
WWW
WWW
WWW
BillOrder Data
AManAMan
AMan
AMan
AMan
AMan
A moreComplex configurationexample
ZUS
ZUS
CON
CON
CON
WWW
Essen
Dortmund
Bonn
HBZ
Bielefeld
HBZ Bielefeld
The access control system
21.04.23
How it works
And what about the configuration ?
Kon.ipAddress = ariadne.hbz-nrw.deZus.ipAddress = kirke.hbz-nrw.deAman.ipAddress = $(Kon.ipAddress)
Zus.port = 9302Aman.port = 12345Aman.encryption.port = 12346Aman.Kon.ports = 9898,9897
Cgi.addr = https://kirke.hbz-nrw.de:444/$(Cgi.base)Cgi.base = Digibib
Kon Access Control SystemZus Access SystemAman Access ManagerCgi WWW-Server-PluginBill Billing System
The access control system
21.04.23
How it works
Why is configuration complex ?
The access control system
We need to provide:
• Usergroups• views on services• Services• group specific service properties• service properties specific billing composits• pricing models• vendors• . . .
21.04.23
How it works
How we deal with the complexity ?
The access control system
config
resources
Bielefeld Essen Koeln Hagen
Views.rcProperties.rcUsergroups.rcVendors.rcSystems.rc...
Usergroup.Student.name = "Student Uni-Bielefeld"Usergroup.Student.viewlist = Central, Local
Configuration files may bedistributed ...
The Whole Worldis a matter ofConfiguration
21.04.23
How it works
Distributed configuration
The access control system
AMan
Essen
Config
AMan
Bielefeld
Config
AMan
Koeln
Config
AMan
Bonn
Config
CON
Advantages:
• local administration possible• no replication necessary
21.04.23
How it worksThe access control system
And beyond the limits ...
• Easy integration of external services• Complex pricing models• Sophisticated template mechanism for html-resources• Multiple languages supported • English and German resource files provided in distribution• new languages may be added on the fly ...• Multi language support everywhere:
• Administratior logfiles• User login• Admin management tool• User administration• Error messages
21.04.23
Cologne
BielefeldEssen Dortmund
Münster
Central Library access System
• Find user in local database• Get user environment• Start controlled user session
• Deny access for unknown user• allow specific user groups• allow guest access with restricted privileges
Essential tasks :
User-dbUser-dbUser-db
User-db
User-db
How it worksThe user authentification subsystem
21.04.23
How it worksThe user authentification subsystem
Current implementation:
• file based database• no complex (expensive) database needed• one ASCII-File per user• very quick access to the data• user db server for distributed access fully integrated• Tool for mass import of existing user databases• prepared for LDAP (easy migration)
21.04.23
How it worksThe access control system
Problems with the current Web-Technology
The IP-Masquerading problem (Network Adress Translation, NAT)
detecting successfull delivery
of online requests
Delivery of fragmented documents (e.g. html-documents)
partially unencrypted data transfer
21.04.23
• Future plans
Interfaces to Oracle, SAP- R/3, . . . LDAP load distribution Port to linux Apache support stand alone con-http graphical administration tool refined user permission concept standalone search engine (http) graphical presentation of query results . . .
How it worksFuture plans
21.04.23
The digital library
Hussayn Dabbous
• The access control system What it does … How it works ... Known Problems
•Future plans Interfaces to Oracle, SAP- R/3 LDAP . . .
•The User authentification subsystem
AXION GmbH Goltsteinstraße 89 50968 KölnTel.: 0221/94 36 98-0, Fax -11