1 / 16

The digital library

The digital library. Access Control. The User authentification subsystem Future plans Interfaces to Oracle, SAP- R/3 LDAP. The access control system What it does … How it works ... Known Problems. Hussayn Dabbous. Some Definitions. Aman (Access Manager):

tiva
Télécharger la présentation

The digital library

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The digital library Access Control • The User authentification subsystem • Future plans • Interfaces to Oracle, SAP- R/3 • LDAP • . . . • The access control system • What it does … • How it works ... • Known Problems Hussayn Dabbous

  2. Some Definitions ... • Aman(Access Manager): • knows, where the local CON is running • can transport order requests to the Billing System • ZUS(Access System): • Handles queries to multiple search DB‘s • Creates the usergroup dependent search-entry-pages • CGI(Plugin Module): • Is the Portal into the Digibib • Distributes incoming requests to the appropriate CON • DBServer(User Database): • Provides the User account • Stores user specific profiles • CON(Access Control System): • handles the access to the digital library • Denies unauthorized accesses • Finds out, which items have to be payed • ... • BILL(Billing System): • Handles all issued orders • Creates bills • Stores/archives Billing data

  3. The access control system What it does … What the System should do : • On/Off-Campus access • IP-Checker for Anonymous Login • User accounting • User groups • Access via Smartcard • Session Control • Secure comunication (SSL) • Order Control

  4. The access control system How it works CGI Where is the Con ? Aman request request order Con(2) Con(1) Order info query User ok ? query DBServer Zus

  5. The access control system How it works WWW-Server CON Access-Manager (AMan) WWW-Server CON ZUS Cologne AMan ZUS Cologne Bielefeld Bill Order Data The proposed Configuration of The Digital Library NRW

  6. WWW The access control system How it works WWW WWW CON WWW AMan AMan ZUS Essen CON HBZ Dortmund AMan WWW ZUS CON AMan Bielefeld Bonn AMan AMan Bill Bill Order Data A more Complex configuration example Order Data Bielefeld HBZ

  7. The access control system How it works And what about the configuration ? Kon.ipAddress = ariadne.hbz-nrw.de Zus.ipAddress = kirke.hbz-nrw.de Aman.ipAddress = $(Kon.ipAddress) Zus.port = 9302 Aman.port = 12345 Aman.encryption.port = 12346 Aman.Kon.ports = 9898,9897 Cgi.addr = https://kirke.hbz-nrw.de:444/$(Cgi.base) Cgi.base = Digibib Kon Access Control System Zus Access System Aman Access Manager Cgi WWW-Server-Plugin Bill Billing System

  8. The access control system How it works Why is configuration complex ? • We need to provide: • Usergroups • views on services • Services • group specific service properties • service properties specific billing composits • pricing models • vendors • . . .

  9. The access control system How it works How we deal with the complexity ? Usergroup.Student.name = "Student Uni-Bielefeld" Usergroup.Student.viewlist = Central, Local config resources Bielefeld Essen Koeln Hagen Views.rc Properties.rc Usergroups.rc Vendors.rc Systems.rc ... The Whole World is a matter of Configuration Configuration files may be distributed ...

  10. The access control system How it works Distributed configuration CON AMan Config Koeln • Advantages: • local administration possible • no replication necessary AMan Config Bielefeld AMan AMan Config Config Essen Bonn

  11. The access control system How it works And beyond the limits ... • Easy integration of external services • Complex pricing models • Sophisticated template mechanism for html-resources • Multiple languages supported • English and German resource files provided in distribution • new languages may be added on the fly ... • Multi language support everywhere: • Administratior logfiles • User login • Admin management tool • User administration • Error messages

  12. User-db User-db User-db The user authentification subsystem How it works User-db Bielefeld Essen Dortmund User-db Cologne Münster Central Library access System Essential tasks : • Find user in local database • Get user environment • Start controlled user session • Deny access for unknown user • allow specific user groups • allow guest access with restricted privileges

  13. The user authentification subsystem How it works • Current implementation: • file based database • no complex (expensive) database needed • one ASCII-File per user • very quick access to the data • user db server for distributed access fully integrated • Tool for mass import of existing user databases • prepared for LDAP (easy migration)

  14. The access control system How it works Problems with the current Web-Technology detecting successfull deliveryof online requests The IP-Masquerading problem (Network Adress Translation, NAT) Delivery of fragmented documents (e.g. html-documents) partially unencrypted data transfer

  15. Future plans How it works • Future plans • Interfaces to Oracle, SAP- R/3, . . . • LDAP • load distribution • Port to linux • Apache support • stand alone con-http • graphical administration tool • refined user permission concept • standalone search engine (http) • graphical presentation of query results • . . .

  16. The digital library Access Control • The User authentification subsystem • The access control system • What it does … • How it works ... • Known Problems • Future plans • Interfaces to Oracle, SAP- R/3 • LDAP • . . . Hdab@axion-gmbh.de AXION GmbH Goltsteinstraße 89 50968 Köln Tel.: 0221/94 36 98-0, Fax -11 Hussayn Dabbous

More Related