Presentation is loading. Please wait.

Presentation is loading. Please wait.

The PAPI System Point of Access to Providers of Information

Similar presentations


Presentation on theme: "The PAPI System Point of Access to Providers of Information"— Presentation transcript:

1 The PAPI System Point of Access to Providers of Information http://www.rediris.es/app/papi/

2 PAPI - 2rodrigo.castro@rediris.es/ diego.lopez@rediris.es Outline zIntroduction zRequirements zApproximations to a solution zConfigurations zArchitecture of the PAPI system zImplementation zFuture lines

3 PAPI - 3rodrigo.castro@rediris.es/ diego.lopez@rediris.es The origin zMeeting between library consortia and content providers zOriginal problem to solve: access control by IP address zRedIRIS committed to provide a solution zOrganizations: ySpanish library consortia yCICA, CSIC, UAM, UOC, UPM, CBUC yContent providers ySILVERPLATTER yGREENDATA yEBSCO ySWETS yARANZADI

4 PAPI - 4rodrigo.castro@rediris.es/ diego.lopez@rediris.es Requirements zAccess control independent from IP origin zUpon successful local authentication, access must be granted during a configurable period of time to the services that the user is authorized to zUser mobility zTransparency to the user zCompatibility with other commonly employed access control systems zCompatibility with Netscape/MSIE/Lynx browsers zPrivacy at the user level, while easing the collection of statistics by providers

5 PAPI - 5rodrigo.castro@rediris.es/ diego.lopez@rediris.es Approximation: Temporary Certificates Web browser Authentication data Web Server S1 Web page Authentication Server Temporary Certificates Certificate S1 Certificate S2 Certificate S3 HTTP request + Certificate S1 Web Server S2 HTTP request + Certificate S2 Web page Advantages:  Temporary access to authorized services  Allows user mobility  Authentication is local to user’s organization  Technology implemented in main web servers Problems:  NOT TRANSPARENT  Password in browser DB  Choice of the right certificate  Inf. providers not adapted to this technology  Does not detect certificate duplication

6 PAPI - 6rodrigo.castro@rediris.es/ diego.lopez@rediris.es Approximation: Partial Solutions zNo transparency -> encrypted cookies Web browser Authentication data Web Server S1 Web page Authentication Server Temporary Encrypt-cookies Encry-cookie S1 Encry-cookie S2 Encry-cookie S3 HTTP request + Encry-cookie S1 Point of Access HTTP request Web page zWeb servers not adapted -> Points of Access Advantages:  Temporary access to authorized services  Allows user mobility  Authentication is local to user’s organizations  Access control is adapted to current web servers of content providers  Transparent to the user Problems:  Domain-name problems when loading cookies  Does not detect cookie copying

7 PAPI - 7rodrigo.castro@rediris.es/ diego.lopez@rediris.es Approximation: Partial Solutions zDomain-name problems when loading cookies -> Cookies served by PoAs Web browser Authentication data Authentication Server Encry-cookie S1 Encry-cookie S2 Encry-cookie S3 Point of Access Point of Access Temporary Signed-URLs Signed-URL Encry-cookie

8 PAPI - 8rodrigo.castro@rediris.es/ diego.lopez@rediris.es Approximation: Partial Solutions Web Browser 1 Encry-cookie S1 Point of Access zCookie copying -> Database of cookies Short expiration time Web Browser 2 Encry-cookie S1 HTTP request + Encry-cookie S1 Web Server S1 HTTP request Web page DB of Enc-cookie Web page + New Enc-cook S1 New Enc-cook S1 HTTP request + Encry-cookie S1 Collision

9 PAPI - 9rodrigo.castro@rediris.es/ diego.lopez@rediris.es Architecture of the PAPI system Web browser Authentication data Authentication Server Encry-cookies Temporary Signed-URLs Web page + New Hcook+Lcook HTTP request + Hcook+Lcook Point of Access Web Server S1 HTTP request Web page Hcook DB  URL: K_priv_AS (user code + server + path + Exp. Time + sign time)  Hcook: K1_PA (user code + server + path + Exp. Time + Random Block)  Lcook: K2_PA (user code + server + path + creation time)

10 PAPI - 10rodrigo.castro@rediris.es/ diego.lopez@rediris.es Configurations Web browser Web Server Authentication Server Point of Access Web Server Point of Access Authentication Server Point of Access Point of Access Authentication Server Authentication Server Point of Access Web Server Point of Access User's OrganizationInformation Provider

11 PAPI - 11rodrigo.castro@rediris.es/ diego.lopez@rediris.es Implementation zStatus: Version 1.0.0 yAvailable at http://www.rediris.es/app/papi/dist.en.html zCrypt functions: yOpenSSL zAuthentication modules yLocal auth, LDAP, POP3 zPoints of Access ymod_perl yApache virtual servers

12 PAPI - 12rodrigo.castro@rediris.es/ diego.lopez@rediris.es Future Lines zEnhancement of statistic collection at PoAs zMore general implementation yServlet(s) zManagement tools (both for AS and PoA) zInteraction with information access software zAlign to similar initiatives yAuthentication objects yAlternative protocols for exchanging them ySPARTA, Shibboleth

13 PAPI - 13rodrigo.castro@rediris.es/ diego.lopez@rediris.es Pilot of the system Information Providers AS: LDAP PoA: LISA DB (ERL) AS: POP PoA: Local DBs AS: POP PoA: Local DBs AS: Local PoA: MEDLINE (ERL)


Download ppt "The PAPI System Point of Access to Providers of Information"

Similar presentations


Ads by Google