Authentication Manager
DEVELOPERS
Erik Jorgensen and Jenny Simpson.
DESIGN OVERVIEW
The authentication manager will be a tool for controlling user access privileges to restricted areas and tools for controlling dynamic content on the SCI website and SCI hosted sites. Access to areas on the site will be controlled via Apache .htaccess web authentication protocols.
Apache uses files, called htaccess, to control access to directories on the web. These files may contain directives to authenticate users who are attempting to view any resource in the directory against a specified password file. Alternately, they may contain a name of one or more group files that a user must be authenticated by in order to access the resources. A group file contains a list of members and directive to authenticate via a specified password file. The tools we propose to create will provide a web-based interface and database for managing various levels of access to multiple regions of the site for many users.
Three key terms are important for discussion of the structure of the system:
User: Any person who needs to be granted access to restricted resources on the site.
Resource: A directory on our web site who’s access is controlled via an .htaccess file. This directory may contain restricted web content or tools for controlling dynamic content.
Group: A set of users who are allowed access to a set of resources.
Users may belong to more than one group. Each group contains both a list of users who belong to it and a list of resources it provides access to. A given resource may also be accessible by more than one group.
The authentication manager, written in perl, will keep an XML database of the information about which users belong to which groups, which resources are accessible by which groups, and where the .htaccess and password files for each resource are located. The manager will use this database to coordinate the modifications to the necessary files for managing access. It database will also be used by to display the current status of access controls.
PLATFORM
Linux Apache
DESIGN DETAILS
FILES
auth_manage.pl
auth_profiles.xml
auth_profiles.xsl
htpasswd.users
.htaccess files for protected resources
DEPENDENCIES
OPEN QUESTIONS
Should the database be kept in XML or SQL?
TARGET COMPLETION DATE
Friday, May 3rd 2002