Presentation is loading. Please wait.

Presentation is loading. Please wait.

OPeNDAP Hyrax Back-End Server (BES) Authentication and Authorization Patrick West

Published byGinger Phillips Modified over 9 years ago

Similar presentations

Presentation on theme: "OPeNDAP Hyrax Back-End Server (BES) Authentication and Authorization Patrick West"— Presentation transcript:

1 OPeNDAP Hyrax Back-End Server (BES) Authentication and Authorization Patrick West (pwest@ucar.edu)pwest@ucar.edu

2 OPeNDAP Hyrax Two use cases requiring authentication within the BES:

3 OPeNDAP Hyrax Two use cases requiring authentication within the BES: The Coupling, Energetics and Dynamics of Atmospheric Regions (CEDAR) database is composed of an eclectic collection of data from varied sources encompassing multiple diagnostic techniques, theory, modeling, and coordinated observational campaigns. Web-based utility which allows registered users to access CEDAR data. The user must sign-in on the web site. The user is authenticated on the back-end to make sure they are allowed to access the data. http://cedarweb.hao.ucar.edu

4 OPeNDAP Hyrax CEDARWeb ION Script MySQL

5 OPeNDAP Hyrax BES Apache Module cookie CEDAR TAB/FLAT/INFO & DAP2 Access Initialization/ Termination CEDAR Auth MySQL

6 OPeNDAP Hyrax Two use cases requiring authentication within the BES: Earth System Grid (ESG) integrates supercomputers with large-scale data and analysis servers located at numerous national labs and research centers to create a powerful environment for next generation climate research. ESG will be using the client/server model, where a user logs in to the ESG system. When the user requests data from the BES the client connects to the BES, authentication takes place using SSL handshaking. The BES will authorize the user with the ESG authorization service. http://www.earthsystemgrid.org

7 OPeNDAP Hyrax Secure sockets layer TCP/IP layer Application layer Network layer PPTHTTPIMAPLDAP SSL Runs above TCP/IP and below high-level application protocols, including the transport protocol PPT (Point to Point Transport) used in communication with the BES....

8 OPeNDAP Hyrax Secure Sockets Layer (SSL) provides us with the ability to:

9 OPeNDAP Hyrax Secure Sockets Layer (SSL) provides us with the ability to: 1. SSL server authentication allows a user to confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted CAs.

10 OPeNDAP Hyrax Secure Sockets Layer (SSL) provides us with the ability to: 1. SSL server authentication allows a user to confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted Cas. 2. SSL client authentication allows a server to confirm a user's identity. Using the same techniques as those used for server authentication, SSL- enabled server software can check that a client's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the server's list of trusted CAs.

11 OPeNDAP Hyrax Secure Sockets Layer (SSL) provides us with the ability to: 1. SSL server authentication allows a user to confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted Cas. 2. SSL client authentication allows a server to confirm a user's identity. Using the same techniques as those used for server authentication, SSL- enabled server software can check that a client's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the server's list of trusted Cas. 3. An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus providing a high degree of confidentiality.

12 OPeNDAP Hyrax Secure Sockets Layer (SSL) provides us with the ability to: 1. SSL server authentication allows a user to confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted Cas. 2. SSL client authentication allows a server to confirm a user's identity. Using the same techniques as those used for server authentication, SSL- enabled server software can check that a client's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the server's list of trusted Cas. 3. An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus providing a high degree of confidentiality.

13 OPeNDAP Hyrax

14 Introduction to SSL http://docs.sun.com/source/816-6156-10/contents.htm OPeNDAP PPT, available from OPeNDAP SVN under bes/docs. OPeNDAP Hyrax Notes:

15 OPeNDAP Hyrax

Download ppt "OPeNDAP Hyrax Back-End Server (BES) Authentication and Authorization Patrick West"

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.

SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Internet Security Protocols

Internet Security Protocols
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google