A 2 Z Akenti Access to zetoc Ross

Project Aims • Implement & Evaluate Akenti in a JISC service environment (zetoc) •

Tasks & Progress • • zetoc demo environment (month 1) Digital certificate authentication (month

zetoc Search • Authentication/authorisation – IP/Athens • Institutional identifier e. g. ‘man’ – e.

zetoc Alert • Authentication/authorisation – Athens • Personal Username e. g. ‘man-zzaalsrm’ • Access

Stakeholders • British Library – DATA – BL Reader in Reading Room (£ 0)

Root Policy • Root Policy Issuers DN & CADN • Name of Resource “zetoc”

Use Condition for BL • Who issued this certificate • Resource Name = “zetoc”

Logic Evaluation • Group = BL_Reader -> system IP check • IP=ac. uk ->

End Result • Capability Certificate • System calls • NO DATA A 2 Z

Slides: 14

Download presentation

A 2 Z – Akenti Access to zetoc Ross Mac. Intyre Primary funding is provided by the JISC and ESRC. 11 Based at Manchester Computing, The University of Manchester.

Project Aims • Implement & Evaluate Akenti in a JISC service environment (zetoc) • ‘Grid-enable’ the zetoc service & demonstrate accessibility from e-Science project (my. Grid) • Identify associated implementation issues for JISC service providers A 2 Z Overview 2

Tasks & Progress • • zetoc demo environment (month 1) Digital certificate authentication (month 2 -3) Akenti installation (month 3 -5) Authorisation policy (month 4 -6) Akenti knowledge transfer (month 5 -7) my-Grid enablement (month 8 -10) Technical evaluation (month 10 -12) A 2 Z Overview 3

zetoc Search • Authentication/authorisation – IP/Athens • Institutional identifier e. g. ‘man’ – e. Science Digital Certificate • Dummy institution ‘mid’ • Application links to institution’s settings e. g. library logo A 2 Z Overview 4

zetoc Alert • Authentication/authorisation – Athens • Personal Username e. g. ‘man-zzaalsrm’ • Access Username e. g. ‘man-mimas’ – Application prompts for list name – e. Science Digital Certificate • Environment Variable (SSL_Client_DN) • Application locates associated alert list(s) A 2 Z Overview 5

A 2 Z Overview 6

A 2 Z Overview 7

A 2 Z Overview 8

A 2 Z Overview 9

Stakeholders • British Library – DATA – BL Reader in Reading Room (£ 0) – ‘ac. uk’ (£ 0) – NHS • England (£ 0) • Scotland (>£ 0) • Wales n/a • N. Ireland n/a MIMAS – If licence > £ 0, has it been paid? (From_To? ) • JISC – MACHINE & SUPPORT – BL (£ 0) – ‘ac. uk’ • TAU List – HE (£ 0) – FE (£ 0) – RC (£ 500 pa) • CHEST List – Associate (£ 500 pa) – Affiliates (£ 500 pa) – NHS • England (£ 4, 000 pa) • Scotland (£ 500 pa) • Wales (£ 500 pa) • N. Ireland (£ 500 pa) A 2 Z Overview 10

Root Policy • Root Policy Issuers DN & CADN • Name of Resource “zetoc” • List of CAs – Full list of CAs – Where to find their signed certificates • Use Condition’s Configuration = For each Stakeholder – Who is allowed to issue Use Conditions – Where these Use Conditions are • Optional Global declaration of locations of attribute certificates A 2 Z Overview 11

Use Condition for BL • Who issued this certificate • Resource Name = “zetoc” • Constraints incl. Critical = true • Logic (group=BL_Reader)||(IP=ac. uk)|| (NHS=England)||(NHS=Scotland & Licence=PAID) A 2 Z Overview 12

Logic Evaluation • Group = BL_Reader -> system IP check • IP=ac. uk -> system IP check • NHS=England -> Akenti requires certificate signed by NHS_England • NHS=Scotland -> Akenti requires certificate signed by NHS_Scotland • Licence=PAID -> system check: “yes” in a file somewhere. A 2 Z Overview 13

End Result • Capability Certificate • System calls • NO DATA A 2 Z Overview 14