140 likes | 151 Views
This project aims to implement and evaluate Akenti, a secure access management system, in the JISC service environment for zetoc. The goal is to enable "grid-enabled" access to the zetoc service and identify implementation issues for JISC service providers.
E N D
A2Z – Akenti Access to zetoc Ross MacIntyre
Project Aims • Implement & Evaluate Akenti in a JISC service environment (zetoc) • ‘Grid-enable’ the zetoc service & demonstrate accessibility from e-Science project (myGrid) • Identify associated implementation issues for JISC service providers A2Z Overview
Tasks & Progress • zetoc demo environment (month1) • Digital certificate authentication (month 2-3) • Akenti installation (month 3-5) • Authorisation policy (month 4-6) • Akenti knowledge transfer (month 5-7) • my-Grid enablement (month 8-10) • Technical evaluation (month 10-12) A2Z Overview
zetoc Search • Authentication/authorisation • IP/Athens • Institutional identifier e.g. ‘man’ • eScience Digital Certificate • Dummy institution ‘mid’ • Application links to institution’s settings e.g. library logo A2Z Overview
zetoc Alert • Authentication/authorisation • Athens • Personal Username e.g. ‘man-zzaalsrm’ • Access Username e.g. ‘man-mimas’ • Application prompts for list name • eScience Digital Certificate • Environment Variable (SSL_Client_DN) • Application locates associated alert list(s) A2Z Overview
British Library – DATA BL Reader in Reading Room (£0) ‘ac.uk’ (£0) NHS England (£0) Scotland (>£0) Wales n/a N.Ireland n/a JISC – MACHINE & SUPPORT BL (£0) ‘ac.uk’ TAU List HE (£0) FE (£0) RC (£500pa) CHEST List Associate (£500pa) Affiliates (£500pa) NHS England (£4,000pa) Scotland (£500pa) Wales (£500pa) N.Ireland (£500pa) Stakeholders MIMAS – If licence > £0, has it been paid? (From_To?) A2Z Overview
Root Policy • Root Policy Issuers DN & CADN • Name of Resource “zetoc” • List of CAs • Full list of CAs • Where to find their signed certificates • Use Condition’s Configuration = For each Stakeholder • Who is allowed to issue Use Conditions • Where these Use Conditions are • Optional Global declaration of locations of attribute certificates A2Z Overview
Use Condition for BL • Who issued this certificate • Resource Name = “zetoc” • Constraints incl. Critical = true • Logic (group=BL_Reader)||(IP=ac.uk)|| (NHS=England)||(NHS=Scotland & Licence=PAID) A2Z Overview
Logic Evaluation • Group = BL_Reader -> system IP check • IP=ac.uk -> system IP check • NHS=England -> Akenti requires certificate signed by NHS_England • NHS=Scotland -> Akenti requires certificate signed by NHS_Scotland • Licence=PAID -> system check: “yes” in a file somewhere. A2Z Overview
End Result • Capability Certificate • System calls • NO DATA A2Z Overview