Upload
domenic-weaver
View
215
Download
0
Embed Size (px)
Citation preview
1Primary funding is provided by the JISC and ESRC. Based at Manchester Computing, The University of Manchester.
1
A2Z – Akenti Access to zetoc
Ross MacIntyre
A2Z Overview
2
Project Aims
• Implement & Evaluate Akenti in a JISC service environment (zetoc)
• ‘Grid-enable’ the zetoc service & demonstrate accessibility from e-Science project (myGrid)
• Identify associated implementation issues for JISC service providers
A2Z Overview
3
Tasks & Progress
• zetoc demo environment (month1)• Digital certificate authentication (month 2-3)• Akenti installation (month 3-5)• Authorisation policy (month 4-6)• Akenti knowledge transfer (month 5-7)• my-Grid enablement (month 8-10)• Technical evaluation (month 10-12)
A2Z Overview
4
zetoc Search
• Authentication/authorisation – IP/Athens
• Institutional identifier e.g. ‘man’
– eScience Digital Certificate• Dummy institution ‘mid’
• Application links to institution’s settings e.g. library logo
A2Z Overview
5
zetoc Alert
• Authentication/authorisation – Athens
• Personal Username e.g. ‘man-zzaalsrm’• Access Username e.g. ‘man-mimas’
– Application prompts for list name
– eScience Digital Certificate• Environment Variable (SSL_Client_DN)
• Application locates associated alert list(s)
A2Z Overview
10
Stakeholders
• British Library – DATA– BL Reader in Reading Room
(£0)– ‘ac.uk’ (£0)– NHS
• England (£0)• Scotland (>£0)• Wales n/a• N.Ireland n/a
• JISC – MACHINE & SUPPORT– BL (£0)– ‘ac.uk’
• TAU List– HE (£0)– FE (£0)– RC (£500pa)
• CHEST List– Associate (£500pa)– Affiliates (£500pa)
– NHS• England (£4,000pa)• Scotland (£500pa)• Wales (£500pa)• N.Ireland (£500pa)
MIMAS – If licence > £0, has it been paid? (From_To?)
A2Z Overview
11
Root Policy
• Root Policy Issuers DN & CADN• Name of Resource “zetoc”• List of CAs
– Full list of CAs– Where to find their signed certificates
• Use Condition’s Configuration = For each Stakeholder– Who is allowed to issue Use Conditions– Where these Use Conditions are
• Optional Global declaration of locations of attribute certificates
A2Z Overview
12
Use Condition for BL
• Who issued this certificate
• Resource Name = “zetoc”
• Constraints incl. Critical = true
• Logic (group=BL_Reader)||(IP=ac.uk)||
(NHS=England)||(NHS=Scotland & Licence=PAID)
A2Z Overview
13
Logic Evaluation
• Group = BL_Reader -> system IP check• IP=ac.uk -> system IP check• NHS=England -> Akenti requires
certificate signed by NHS_England• NHS=Scotland -> Akenti requires
certificate signed by NHS_Scotland• Licence=PAID -> system check: “yes” in
a file somewhere.