21.04.23

The digital library

Hussayn Dabbous

• The access control system What it does … How it works ... Known Problems

•The User authentification subsystem

•Future plans Interfaces to Oracle, SAP- R/3 LDAP . . .

21.04.23

Some Definitions ...

Aman (Access Manager):• knows, where the local CON is running• can transport order requests to the Billing System

CON (Access Control System):• handles the access to the digital library• Denies unauthorized accesses• Finds out, which items have to be payed • ...

ZUS (Access System):• Handles queries to multiple search DB‘s• Creates the usergroup dependent search-entry-pages

BILL (Billing System):• Handles all issued orders• Creates bills• Stores/archives Billing data

DBServer (User Database):• Provides the User account• Stores user specific profiles

CGI (Plugin Module):• Is the Portal into the Digibib• Distributes incoming requests to the appropriate CON

21.04.23

The access control system What it does …

What the System should do : • On/Off-Campus access• IP-Checker for Anonymous Login• User accounting• User groups• Access via Smartcard• Session Control• Secure comunication (SSL)• Order Control

21.04.23

How it works

Con(1)

CGI

Aman

Where is the Con ?

Con(2)

Zus

Order info

request

request

order

queryquery

The access control system

DBServer

User ok ?

21.04.23

WWW-ServerCON

Access-Manager (AMan)

WWW-Server

CON

AMan

ZUS

ZUS

Bill

How it works

Order Data The proposed Configuration ofThe Digital Library NRW

Cologne Bielefeld

Cologne

The access control system

21.04.23

How it works

BillOrder Data

WWW

WWW

WWW

WWW

BillOrder Data

AManAMan

AMan

AMan

AMan

AMan

A moreComplex configurationexample

ZUS

ZUS

CON

CON

CON

WWW

Essen

Dortmund

Bonn

HBZ

Bielefeld

HBZ Bielefeld

The access control system

21.04.23

How it works

And what about the configuration ?

Kon.ipAddress = ariadne.hbz-nrw.deZus.ipAddress = kirke.hbz-nrw.deAman.ipAddress = $(Kon.ipAddress)

Zus.port = 9302Aman.port = 12345Aman.encryption.port = 12346Aman.Kon.ports = 9898,9897

Cgi.addr = https://kirke.hbz-nrw.de:444/$(Cgi.base)Cgi.base = Digibib

Kon Access Control SystemZus Access SystemAman Access ManagerCgi WWW-Server-PluginBill Billing System

The access control system

21.04.23

How it works

Why is configuration complex ?

The access control system

We need to provide:

• Usergroups• views on services• Services• group specific service properties• service properties specific billing composits• pricing models• vendors• . . .

21.04.23

How it works

How we deal with the complexity ?

The access control system

config

resources

Bielefeld Essen Koeln Hagen

Views.rcProperties.rcUsergroups.rcVendors.rcSystems.rc...

Usergroup.Student.name = "Student Uni-Bielefeld"Usergroup.Student.viewlist = Central, Local

Configuration files may bedistributed ...

The Whole Worldis a matter ofConfiguration

21.04.23

How it works

Distributed configuration

The access control system

AMan

Essen

Config

AMan

Bielefeld

Config

AMan

Koeln

Config

AMan

Bonn

Config

CON

Advantages:

• local administration possible• no replication necessary

21.04.23

How it worksThe access control system

And beyond the limits ...

• Easy integration of external services• Complex pricing models• Sophisticated template mechanism for html-resources• Multiple languages supported • English and German resource files provided in distribution• new languages may be added on the fly ...• Multi language support everywhere:

• Administratior logfiles• User login• Admin management tool• User administration• Error messages

21.04.23

Cologne

BielefeldEssen Dortmund

Münster

Central Library access System

• Find user in local database• Get user environment• Start controlled user session

• Deny access for unknown user• allow specific user groups• allow guest access with restricted privileges

Essential tasks :

User-dbUser-dbUser-db

User-db

User-db

How it worksThe user authentification subsystem

21.04.23

How it worksThe user authentification subsystem

Current implementation:

• file based database• no complex (expensive) database needed• one ASCII-File per user• very quick access to the data• user db server for distributed access fully integrated• Tool for mass import of existing user databases• prepared for LDAP (easy migration)

21.04.23

How it worksThe access control system

Problems with the current Web-Technology

The IP-Masquerading problem (Network Adress Translation, NAT)

detecting successfull delivery

of online requests

Delivery of fragmented documents (e.g. html-documents)

partially unencrypted data transfer

21.04.23

• Future plans

Interfaces to Oracle, SAP- R/3, . . . LDAP load distribution Port to linux Apache support stand alone con-http graphical administration tool refined user permission concept standalone search engine (http) graphical presentation of query results . . .

How it worksFuture plans

21.04.23

The digital library

Hussayn Dabbous

• The access control system What it does … How it works ... Known Problems

•Future plans Interfaces to Oracle, SAP- R/3 LDAP . . .

•The User authentification subsystem

Hdab@axion-gmbh.de

AXION GmbH Goltsteinstraße 89 50968 KölnTel.: 0221/94 36 98-0, Fax -11