The digital library
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

The digital library PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on
  • Presentation posted in: General

The digital library. Access Control. The User authentification subsystem Future plans Interfaces to Oracle, SAP- R/3 LDAP. The access control system What it does … How it works ... Known Problems. Hussayn Dabbous. Some Definitions. Aman (Access Manager):

Download Presentation

The digital library

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The digital library

The digital library

Access Control

  • The User authentification subsystem

  • Future plans

    • Interfaces to Oracle, SAP- R/3

    • LDAP

    • . . .

  • The access control system

    • What it does …

    • How it works ...

    • Known Problems

Hussayn Dabbous


The digital library

Some Definitions ...

  • Aman(Access Manager):

  • knows, where the local CON is running

  • can transport order requests to the Billing System

  • ZUS(Access System):

  • Handles queries to multiple search DB‘s

  • Creates the usergroup dependent search-entry-pages

  • CGI(Plugin Module):

  • Is the Portal into the Digibib

  • Distributes incoming requests to the appropriate CON

  • DBServer(User Database):

  • Provides the User account

  • Stores user specific profiles

  • CON(Access Control System):

  • handles the access to the digital library

  • Denies unauthorized accesses

  • Finds out, which items have to be payed

  • ...

  • BILL(Billing System):

  • Handles all issued orders

  • Creates bills

  • Stores/archives Billing data


The digital library

The access control system

What it does …

What the System should do :

  • On/Off-Campus access

  • IP-Checker for Anonymous Login

  • User accounting

  • User groups

  • Access via Smartcard

  • Session Control

  • Secure comunication (SSL)

  • Order Control


The digital library

The access control system

How it works

CGI

Where is the Con ?

Aman

request

request

order

Con(2)

Con(1)

Order info

query

User ok ?

query

DBServer

Zus


The digital library

The access control system

How it works

WWW-Server

CON

Access-Manager (AMan)

WWW-Server

CON

ZUS

Cologne

AMan

ZUS

Cologne

Bielefeld

Bill

Order Data

The proposed

Configuration of

The Digital Library NRW


The digital library

WWW

The access control system

How it works

WWW

WWW

CON

WWW

AMan

AMan

ZUS

Essen

CON

HBZ

Dortmund

AMan

WWW

ZUS

CON

AMan

Bielefeld

Bonn

AMan

AMan

Bill

Bill

Order Data

A more

Complex

configuration

example

Order Data

Bielefeld

HBZ


The digital library

The access control system

How it works

And what about the configuration ?

Kon.ipAddress = ariadne.hbz-nrw.de

Zus.ipAddress = kirke.hbz-nrw.de

Aman.ipAddress = $(Kon.ipAddress)

Zus.port = 9302

Aman.port = 12345

Aman.encryption.port = 12346

Aman.Kon.ports = 9898,9897

Cgi.addr = https://kirke.hbz-nrw.de:444/$(Cgi.base)

Cgi.base = Digibib

KonAccess Control System

ZusAccess System

AmanAccess Manager

CgiWWW-Server-Plugin

BillBilling System


The digital library

The access control system

How it works

Why is configuration complex ?

  • We need to provide:

  • Usergroups

  • views on services

  • Services

  • group specific service properties

  • service properties specific billing composits

  • pricing models

  • vendors

  • . . .


The digital library

The access control system

How it works

How we deal with the complexity ?

Usergroup.Student.name = "Student Uni-Bielefeld"

Usergroup.Student.viewlist = Central, Local

config

resources

Bielefeld

Essen

Koeln

Hagen

Views.rc

Properties.rc

Usergroups.rc

Vendors.rc

Systems.rc

...

The Whole World

is a matter of

Configuration

Configuration files may be

distributed ...


The digital library

The access control system

How it works

Distributed configuration

CON

AMan

Config

Koeln

  • Advantages:

  • local administration possible

  • no replication necessary

AMan

Config

Bielefeld

AMan

AMan

Config

Config

Essen

Bonn


The digital library

The access control system

How it works

And beyond the limits ...

  • Easy integration of external services

  • Complex pricing models

  • Sophisticated template mechanism for html-resources

  • Multiple languages supported

  • English and German resource files provided in distribution

  • new languages may be added on the fly ...

  • Multi language support everywhere:

    • Administratior logfiles

    • User login

    • Admin management tool

    • User administration

    • Error messages


The digital library

User-db

User-db

User-db

The user authentification subsystem

How it works

User-db

Bielefeld

Essen

Dortmund

User-db

Cologne

Münster

Central Library access System

Essential tasks :

  • Find user in local database

  • Get user environment

  • Start controlled user session

  • Deny access for unknown user

  • allow specific user groups

  • allow guest access with restricted privileges


The digital library

The user authentification subsystem

How it works

  • Current implementation:

  • file based database

  • no complex (expensive) database needed

  • one ASCII-File per user

  • very quick access to the data

  • user db server for distributed access fully integrated

  • Tool for mass import of existing user databases

  • prepared for LDAP (easy migration)


The digital library

The access control system

How it works

Problems with the current Web-Technology

detecting successfull

deliveryof online requests

The IP-Masquerading problem (Network Adress Translation, NAT)

Delivery of fragmented documents (e.g. html-documents)

partially unencrypted data transfer


The digital library

Future plans

How it works

  • Future plans

    • Interfaces to Oracle, SAP- R/3, . . .

    • LDAP

    • load distribution

    • Port to linux

    • Apache support

    • stand alone con-http

    • graphical administration tool

    • refined user permission concept

    • standalone search engine (http)

    • graphical presentation of query results

    • . . .


The digital library

The digital library

Access Control

  • The User authentification subsystem

  • The access control system

    • What it does …

    • How it works ...

    • Known Problems

  • Future plans

    • Interfaces to Oracle, SAP- R/3

    • LDAP

    • . . .

[email protected]

AXION GmbH

Goltsteinstraße 89

50968 Köln

Tel.: 0221/94 36 98-0, Fax -11

Hussayn Dabbous


  • Login