15
OPeNDAP Hyrax OPeNDAP Hyrax Back-End Server (BES) Authentication and Authorization Patrick West ( [email protected] )
| Date post: | 25-Dec-2015 |
| Category: |
Documents |
| Upload: | ginger-phillips |
| View: | 231 times |
| Download: | 0 times |
OPeNDAP Hyrax
OPeNDAP HyraxBack-End Server (BES)
Authentication and Authorization
Patrick West ([email protected])
OPeNDAP HyraxTwo use cases requiring authentication within the BES:
OPeNDAP HyraxTwo use cases requiring authentication within the BES:
The Coupling, Energetics and Dynamics of Atmospheric Regions (CEDAR) database is composed of an eclectic collection of data from varied sources encompassing multiple diagnostic techniques, theory, modeling, and coordinated observational campaigns.
Web-based utility which allows registered users to access CEDAR data. The user must sign-in on the web site. The user is authenticated on the back-end to make sure they are allowed to access the data.
http://cedarweb.hao.ucar.edu
OPeNDAP Hyrax
CEDARWebION Script
MySQL
OPeNDAP Hyrax
BES Apache Module
cookie
CEDARTAB/FLAT/INFO& DAP2 Access
Initialization/Termination
CEDAR Auth
MySQL
OPeNDAP HyraxTwo use cases requiring authentication within the BES:
Earth System Grid (ESG) integrates supercomputers with large-scale data and analysis servers located at numerous national labs and research centers to create a powerful environment for next generation climate research.
ESG will be using the client/server model, where a user logs in to the ESG system. When the user requests data from the BES the client connects to the BES, authentication takes place using SSL handshaking. The BES will authorize the user with the ESG authorization service.
http://www.earthsystemgrid.org
OPeNDAP Hyrax
Secure sockets layer
TCP/IP layer
Application layer
Network layer
PPTHTTP IMAPLDAP
• SSL Runs above TCP/IP and below high-level application protocols, including the transport protocol PPT (Point to Point Transport) used in communication with the BES.
...
OPeNDAP Hyrax
Secure Sockets Layer (SSL) provides us with the ability to:
OPeNDAP Hyrax
Secure Sockets Layer (SSL) provides us with the ability to:
1. SSL server authentication allows a user to confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted CAs.
OPeNDAP Hyrax
Secure Sockets Layer (SSL) provides us with the ability to:
1. SSL server authentication allows a user to confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted Cas.
2. SSL client authentication allows a server to confirm a user's identity. Using the same techniques as those used for server authentication, SSL-enabled server software can check that a client's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the server's list of trusted CAs.
OPeNDAP Hyrax
Secure Sockets Layer (SSL) provides us with the ability to:
1. SSL server authentication allows a user to confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted Cas.
2. SSL client authentication allows a server to confirm a user's identity. Using the same techniques as those used for server authentication, SSL-enabled server software can check that a client's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the server's list of trusted Cas.
3. An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus providing a high degree of confidentiality.
OPeNDAP Hyrax
Secure Sockets Layer (SSL) provides us with the ability to:
1. SSL server authentication allows a user to confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted Cas.
2. SSL client authentication allows a server to confirm a user's identity. Using the same techniques as those used for server authentication, SSL-enabled server software can check that a client's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the server's list of trusted Cas.
3. An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus providing a high degree of confidentiality.
OPeNDAP Hyrax
• Introduction to SSLhttp://docs.sun.com/source/816-6156-10/contents.htm• OPeNDAP PPT, available from OPeNDAP SVN under
bes/docs.
OPeNDAP Hyrax
Notes:
OPeNDAP Hyrax
