![Page 1: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/1.jpg)
21.04.23
The digital library
Hussayn Dabbous
• The access control system What it does … How it works ... Known Problems
•The User authentification subsystem
•Future plans Interfaces to Oracle, SAP- R/3 LDAP . . .
![Page 2: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/2.jpg)
21.04.23
Some Definitions ...
Aman (Access Manager):• knows, where the local CON is running• can transport order requests to the Billing System
CON (Access Control System):• handles the access to the digital library• Denies unauthorized accesses• Finds out, which items have to be payed • ...
ZUS (Access System):• Handles queries to multiple search DB‘s• Creates the usergroup dependent search-entry-pages
BILL (Billing System):• Handles all issued orders• Creates bills• Stores/archives Billing data
DBServer (User Database):• Provides the User account• Stores user specific profiles
CGI (Plugin Module):• Is the Portal into the Digibib• Distributes incoming requests to the appropriate CON
![Page 3: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/3.jpg)
21.04.23
The access control system What it does …
What the System should do : • On/Off-Campus access• IP-Checker for Anonymous Login• User accounting• User groups• Access via Smartcard• Session Control• Secure comunication (SSL)• Order Control
![Page 4: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/4.jpg)
21.04.23
How it works
Con(1)
CGI
Aman
Where is the Con ?
Con(2)
Zus
Order info
request
request
order
queryquery
The access control system
DBServer
User ok ?
![Page 5: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/5.jpg)
21.04.23
WWW-ServerCON
Access-Manager (AMan)
WWW-Server
CON
AMan
ZUS
ZUS
Bill
How it works
Order Data The proposed Configuration ofThe Digital Library NRW
Cologne Bielefeld
Cologne
The access control system
![Page 6: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/6.jpg)
21.04.23
How it works
BillOrder Data
WWW
WWW
WWW
WWW
BillOrder Data
AManAMan
AMan
AMan
AMan
AMan
A moreComplex configurationexample
ZUS
ZUS
CON
CON
CON
WWW
Essen
Dortmund
Bonn
HBZ
Bielefeld
HBZ Bielefeld
The access control system
![Page 7: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/7.jpg)
21.04.23
How it works
And what about the configuration ?
Kon.ipAddress = ariadne.hbz-nrw.deZus.ipAddress = kirke.hbz-nrw.deAman.ipAddress = $(Kon.ipAddress)
Zus.port = 9302Aman.port = 12345Aman.encryption.port = 12346Aman.Kon.ports = 9898,9897
Cgi.addr = https://kirke.hbz-nrw.de:444/$(Cgi.base)Cgi.base = Digibib
Kon Access Control SystemZus Access SystemAman Access ManagerCgi WWW-Server-PluginBill Billing System
The access control system
![Page 8: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/8.jpg)
21.04.23
How it works
Why is configuration complex ?
The access control system
We need to provide:
• Usergroups• views on services• Services• group specific service properties• service properties specific billing composits• pricing models• vendors• . . .
![Page 9: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/9.jpg)
21.04.23
How it works
How we deal with the complexity ?
The access control system
config
resources
Bielefeld Essen Koeln Hagen
Views.rcProperties.rcUsergroups.rcVendors.rcSystems.rc...
Usergroup.Student.name = "Student Uni-Bielefeld"Usergroup.Student.viewlist = Central, Local
Configuration files may bedistributed ...
The Whole Worldis a matter ofConfiguration
![Page 10: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/10.jpg)
21.04.23
How it works
Distributed configuration
The access control system
AMan
Essen
Config
AMan
Bielefeld
Config
AMan
Koeln
Config
AMan
Bonn
Config
CON
Advantages:
• local administration possible• no replication necessary
![Page 11: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/11.jpg)
21.04.23
How it worksThe access control system
And beyond the limits ...
• Easy integration of external services• Complex pricing models• Sophisticated template mechanism for html-resources• Multiple languages supported • English and German resource files provided in distribution• new languages may be added on the fly ...• Multi language support everywhere:
• Administratior logfiles• User login• Admin management tool• User administration• Error messages
![Page 12: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/12.jpg)
21.04.23
Cologne
BielefeldEssen Dortmund
Münster
Central Library access System
• Find user in local database• Get user environment• Start controlled user session
• Deny access for unknown user• allow specific user groups• allow guest access with restricted privileges
Essential tasks :
User-dbUser-dbUser-db
User-db
User-db
How it worksThe user authentification subsystem
![Page 13: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/13.jpg)
21.04.23
How it worksThe user authentification subsystem
Current implementation:
• file based database• no complex (expensive) database needed• one ASCII-File per user• very quick access to the data• user db server for distributed access fully integrated• Tool for mass import of existing user databases• prepared for LDAP (easy migration)
![Page 14: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/14.jpg)
21.04.23
How it worksThe access control system
Problems with the current Web-Technology
The IP-Masquerading problem (Network Adress Translation, NAT)
detecting successfull delivery
of online requests
Delivery of fragmented documents (e.g. html-documents)
partially unencrypted data transfer
![Page 15: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/15.jpg)
21.04.23
• Future plans
Interfaces to Oracle, SAP- R/3, . . . LDAP load distribution Port to linux Apache support stand alone con-http graphical administration tool refined user permission concept standalone search engine (http) graphical presentation of query results . . .
How it worksFuture plans
![Page 16: 03.10.2015 The digital library Hussayn Dabbous The access control system What it does … How it works... Known Problems The User authentification](https://reader036.vdocument.in/reader036/viewer/2022062801/56649e7d5503460f94b7f2c3/html5/thumbnails/16.jpg)
21.04.23
The digital library
Hussayn Dabbous
• The access control system What it does … How it works ... Known Problems
•Future plans Interfaces to Oracle, SAP- R/3 LDAP . . .
•The User authentification subsystem
AXION GmbH Goltsteinstraße 89 50968 KölnTel.: 0221/94 36 98-0, Fax -11