1Primary funding is provided by the JISC and ESRC. Based at Manchester Computing, The University of Manchester.

1

A2Z – Akenti Access to zetoc

Ross MacIntyre

A2Z Overview

2

Project Aims

• Implement & Evaluate Akenti in a JISC service environment (zetoc)

• ‘Grid-enable’ the zetoc service & demonstrate accessibility from e-Science project (myGrid)

• Identify associated implementation issues for JISC service providers

A2Z Overview

3

Tasks & Progress

• zetoc demo environment (month1)• Digital certificate authentication (month 2-3)• Akenti installation (month 3-5)• Authorisation policy (month 4-6)• Akenti knowledge transfer (month 5-7)• my-Grid enablement (month 8-10)• Technical evaluation (month 10-12)

A2Z Overview

4

zetoc Search

• Authentication/authorisation – IP/Athens

• Institutional identifier e.g. ‘man’

– eScience Digital Certificate• Dummy institution ‘mid’

• Application links to institution’s settings e.g. library logo

A2Z Overview

5

zetoc Alert

• Authentication/authorisation – Athens

• Personal Username e.g. ‘man-zzaalsrm’• Access Username e.g. ‘man-mimas’

– Application prompts for list name

– eScience Digital Certificate• Environment Variable (SSL_Client_DN)

• Application locates associated alert list(s)

A2Z Overview

6

A2Z Overview

7

A2Z Overview

8

A2Z Overview

9

A2Z Overview

10

Stakeholders

• British Library – DATA– BL Reader in Reading Room

(£0)– ‘ac.uk’ (£0)– NHS

• England (£0)• Scotland (>£0)• Wales n/a• N.Ireland n/a

• JISC – MACHINE & SUPPORT– BL (£0)– ‘ac.uk’

• TAU List– HE (£0)– FE (£0)– RC (£500pa)

• CHEST List– Associate (£500pa)– Affiliates (£500pa)

– NHS• England (£4,000pa)• Scotland (£500pa)• Wales (£500pa)• N.Ireland (£500pa)

MIMAS – If licence > £0, has it been paid? (From_To?)

A2Z Overview

11

Root Policy

• Root Policy Issuers DN & CADN• Name of Resource “zetoc”• List of CAs

– Full list of CAs– Where to find their signed certificates

• Use Condition’s Configuration = For each Stakeholder– Who is allowed to issue Use Conditions– Where these Use Conditions are

• Optional Global declaration of locations of attribute certificates

A2Z Overview

12

Use Condition for BL

• Who issued this certificate

• Resource Name = “zetoc”

• Constraints incl. Critical = true

• Logic (group=BL_Reader)||(IP=ac.uk)||

(NHS=England)||(NHS=Scotland & Licence=PAID)

A2Z Overview

13

Logic Evaluation

• Group = BL_Reader -> system IP check• IP=ac.uk -> system IP check• NHS=England -> Akenti requires

certificate signed by NHS_England• NHS=Scotland -> Akenti requires

certificate signed by NHS_Scotland• Licence=PAID -> system check: “yes” in

a file somewhere.

A2Z Overview

14

End Result

• Capability Certificate

• System calls

• NO DATA