The digital library
Download
1 / 16

The digital library - PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on

The digital library. Access Control. The User authentification subsystem Future plans Interfaces to Oracle, SAP- R/3 LDAP. The access control system What it does … How it works ... Known Problems. Hussayn Dabbous. Some Definitions. Aman (Access Manager):

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' The digital library' - tiva


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

The digital library

Access Control

  • The User authentification subsystem

  • Future plans

    • Interfaces to Oracle, SAP- R/3

    • LDAP

    • . . .

  • The access control system

    • What it does …

    • How it works ...

    • Known Problems

Hussayn Dabbous


Some Definitions ...

  • Aman(Access Manager):

  • knows, where the local CON is running

  • can transport order requests to the Billing System

  • ZUS(Access System):

  • Handles queries to multiple search DB‘s

  • Creates the usergroup dependent search-entry-pages

  • CGI(Plugin Module):

  • Is the Portal into the Digibib

  • Distributes incoming requests to the appropriate CON

  • DBServer(User Database):

  • Provides the User account

  • Stores user specific profiles

  • CON(Access Control System):

  • handles the access to the digital library

  • Denies unauthorized accesses

  • Finds out, which items have to be payed

  • ...

  • BILL(Billing System):

  • Handles all issued orders

  • Creates bills

  • Stores/archives Billing data


The access control system

What it does …

What the System should do :

  • On/Off-Campus access

  • IP-Checker for Anonymous Login

  • User accounting

  • User groups

  • Access via Smartcard

  • Session Control

  • Secure comunication (SSL)

  • Order Control


The access control system

How it works

CGI

Where is the Con ?

Aman

request

request

order

Con(2)

Con(1)

Order info

query

User ok ?

query

DBServer

Zus


The access control system

How it works

WWW-Server

CON

Access-Manager (AMan)

WWW-Server

CON

ZUS

Cologne

AMan

ZUS

Cologne

Bielefeld

Bill

Order Data

The proposed

Configuration of

The Digital Library NRW


WWW

The access control system

How it works

WWW

WWW

CON

WWW

AMan

AMan

ZUS

Essen

CON

HBZ

Dortmund

AMan

WWW

ZUS

CON

AMan

Bielefeld

Bonn

AMan

AMan

Bill

Bill

Order Data

A more

Complex

configuration

example

Order Data

Bielefeld

HBZ


The access control system

How it works

And what about the configuration ?

Kon.ipAddress = ariadne.hbz-nrw.de

Zus.ipAddress = kirke.hbz-nrw.de

Aman.ipAddress = $(Kon.ipAddress)

Zus.port = 9302

Aman.port = 12345

Aman.encryption.port = 12346

Aman.Kon.ports = 9898,9897

Cgi.addr = https://kirke.hbz-nrw.de:444/$(Cgi.base)

Cgi.base = Digibib

Kon Access Control System

Zus Access System

Aman Access Manager

Cgi WWW-Server-Plugin

Bill Billing System


The access control system

How it works

Why is configuration complex ?

  • We need to provide:

  • Usergroups

  • views on services

  • Services

  • group specific service properties

  • service properties specific billing composits

  • pricing models

  • vendors

  • . . .


The access control system

How it works

How we deal with the complexity ?

Usergroup.Student.name = "Student Uni-Bielefeld"

Usergroup.Student.viewlist = Central, Local

config

resources

Bielefeld

Essen

Koeln

Hagen

Views.rc

Properties.rc

Usergroups.rc

Vendors.rc

Systems.rc

...

The Whole World

is a matter of

Configuration

Configuration files may be

distributed ...


The access control system

How it works

Distributed configuration

CON

AMan

Config

Koeln

  • Advantages:

  • local administration possible

  • no replication necessary

AMan

Config

Bielefeld

AMan

AMan

Config

Config

Essen

Bonn


The access control system

How it works

And beyond the limits ...

  • Easy integration of external services

  • Complex pricing models

  • Sophisticated template mechanism for html-resources

  • Multiple languages supported

  • English and German resource files provided in distribution

  • new languages may be added on the fly ...

  • Multi language support everywhere:

    • Administratior logfiles

    • User login

    • Admin management tool

    • User administration

    • Error messages


User-db

User-db

User-db

The user authentification subsystem

How it works

User-db

Bielefeld

Essen

Dortmund

User-db

Cologne

Münster

Central Library access System

Essential tasks :

  • Find user in local database

  • Get user environment

  • Start controlled user session

  • Deny access for unknown user

  • allow specific user groups

  • allow guest access with restricted privileges


The user authentification subsystem

How it works

  • Current implementation:

  • file based database

  • no complex (expensive) database needed

  • one ASCII-File per user

  • very quick access to the data

  • user db server for distributed access fully integrated

  • Tool for mass import of existing user databases

  • prepared for LDAP (easy migration)


The access control system

How it works

Problems with the current Web-Technology

detecting successfull

deliveryof online requests

The IP-Masquerading problem (Network Adress Translation, NAT)

Delivery of fragmented documents (e.g. html-documents)

partially unencrypted data transfer


Future plans

How it works

  • Future plans

    • Interfaces to Oracle, SAP- R/3, . . .

    • LDAP

    • load distribution

    • Port to linux

    • Apache support

    • stand alone con-http

    • graphical administration tool

    • refined user permission concept

    • standalone search engine (http)

    • graphical presentation of query results

    • . . .


The digital library

Access Control

  • The User authentification subsystem

  • The access control system

    • What it does …

    • How it works ...

    • Known Problems

  • Future plans

    • Interfaces to Oracle, SAP- R/3

    • LDAP

    • . . .

[email protected]

AXION GmbH

Goltsteinstraße 89

50968 Köln

Tel.: 0221/94 36 98-0, Fax -11

Hussayn Dabbous


ad