Download presentation
Presentation is loading. Please wait.
Published byJoshua Byrne Modified over 11 years ago
1
ESUP-Portail: a pure WebDAV-based Network attached Storage Pierre Gambarotto Pascal Aubry
2
Plan ESUP-Portail Storage Area for ESUP Portail WebDAV Architecture
3
ESUP-Portail Consortium of french universities Unique access point to a wide range of services Mail, news, information channels, CMS, and private storage area.
4
Protocol for file sharing Usual suspects (NFS, CIFS) dont like firewalls VPN complex with huge population WebDAV : on top of HTTP, standard, simple to use
5
Client Part OS integrated WebDAV filesystem (Windows XP Webfolders, Mac OS X, Linux webdavfs) Web applications, possibily on top of Uportal+CAS Heavyweight interfaces
6
User view of storage area Private place to store users documents Access conditions to grant/deny others access WebDAV aware
7
Server view of storage area Document + set of properties Properties : –Dublin Core (Author, Date, Language …) –Access Control –Others, depending on application, e.g. state of the document (draft, ready to publish) for a CMS Access Control to document AND properties, depending on users authentication and profile
8
WebDAV : HTTP + … : RFC2518 Properties : (name,value) like HTTP headers Collection : set of documents (like file directory) Documents : (file or collection) + set of properties WebDAV protocol requests & responses in XML Extension to HTTP : new type of messages, e.g. PROPFIND, PROPPATCH, MKCOL
9
Example of request PROPFIND /file HTTP/1.1 Host: doc.domain.org Content-type: text/xml; charset="utf8" Depth: 0 Content-Length: xxxx
10
Access Control : Authentication + Authorization Authentication : HTTP
11
Authorization (1/2) Principal : human or computer agent, represented as a webdav resource Group : principal with « group-member-set » property Privilege : property (in XML) associated with a set of WebDAV methods –DAV:read represents the privilege to GET or PROPFIND –DAV:read-acl represents the privilege to PROFIND an ACL
12
Authorization (2/2) Access Control Entity : relation (grant/deny) between a principal and a privilege ACL : set of ACE, property on a dav resource
13
Example PROPPATCH /path/to/resource HTTP/1.1 Host: doc.domain.org Content-Type: text/xml; charset="utf-8" Content-Length: xxxx
14
digital workspace storage component SSOtrust granting (ACP) user database protocol (DAV+ACP) SSO service grouping service classical authentication module security (SSL) physical media filesystem ACLs database Architecture
15
Implementation Version 1, available –Apache server with mod_dav for RFC2518 WebDAV capabilities –Mod_auth_ldap for classical authentication –Mod_cas for SSO authentication –Client : uportal channel, fully fonctionnal with basic webdav actions : get/retrieve files Version 2, 09/2004 –Based on Jakarta slide –Access control –LDAP backend for Users/Groups –Client with full webdav capabilities
16
Conclusion WebDAV : good solution for distant storage Access control Performances like HTTP
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.