Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway 1 ELAG Trondheim 2004 Some definitions Authentication - Process of providing the identity of a user. (Who are you?) Authorization - Process of granting or denying access rights for a resource to an authenticated user. (What are you allowed to do?) Credentials - Information that includes identification and proof of identification that is used to gain access to resources. Examples of credentials are user names and passwords, smart cards, and certificates. 2 ELAG Trondheim 2004 Problems in a distributed environment • Lots of credentials • Lots of registration and logon procedures 3 ELAG Trondheim 2004 Distributed Access Control 4 ELAG Trondheim 2004 Single Sign On (SSO) SSO = challenges • Technological issues • proxies • cookies • timeout • Security issues • shared credentials • different security levels • trust 5 ELAG Trondheim 2004 The trend in distributed access control 6 ELAG Trondheim 2004 Some BIBSYS-facts BIBSYS is an integrated library system used by all Norwegian University Libraries, the National Library, all College Libraries, and a number of research libraries The BIBSYS users Primary users: Ca 2.500 librarians End users: Ca 600.000 – patrons (not all active) Ca 4000 – academic users (research document database) 1000+ – users of other different systems 7 ELAG Trondheim 2004 BIBSYS history of access control (the late eighties) A1 = Authentication A2 = Authorization UNIX pw. file Legacy System (cataloguing, search, etc) Access Control: A1 – Unix A2 – User file 8 Users ELAG Trondheim 2004 BIBSYS history of access control (mid. nineties) A1 = Authentication A2 = Authorization Legacy System Web search ISI search UNIX pw. file Users Access Control: A1 – Unix A2 – User file Access Control: A1 – Patron-ID, last name A2 – Patrons IP-list Access Control: A1 – IP-filtering A2 – 9 ELAG Trondheim 2004 BIBSYS history of access control (late nineties) A1 = Authentication A2 = Authorization Legacy System Web search ISI search UNIX pw. file Users Access Control: A1 – Unix A2 – User file Access Control: A1 – Patron-ID, last name A2 – Access Control: A1 – IP-filtering A2 – Some web service Access Control: A1 – Apache password-file Some web service Access Control: A1 – Apache password-file 10 Patrons IP-list Apache pw. file Apache pw. file ELAG Trondheim 2004 BIBSYS in the late nineties BIBSYS 11 ELAG Trondheim 2004 BIBSYS Access Control Project Goal: • Provide interoperability between internal systems • Offer access control to our patrons. • Avoid administration overhead. • Consider cross-organizational access control. 12 ELAG Trondheim 2004 BIBSYS Access Control Project We considered two commercial access control systems, • Candle/Cactus • ISOS/Athens. Conclusion: • Too expensive • BIBSYS is not the right institution to host a crossorganizational access control system for our end users. Decisions: • Develop our own access control for internal use • Wait and see for an cross-organizational solution. 13 ELAG Trondheim 2004 A common role based access control system UNIX pw. file Users Patrons IP-list Only access-relevant information: credentials, roles, IPs Apache pw. file Common role based access control system Apache pw. file 14 ELAG Trondheim 2004 Starting point A1 = Authentication A2 = Authorization Legacy System Web search ISI search UNIX pw. file Users Access Control: A1 – Unix A2 – User file Access Control: A1 – Patron-ID, last name A2 – Access Control: A1 – IP-filtering A2 – Some web service Access Control: A1 – Apache password-file Some web service Access Control: A1 – Apache password-file 15 Patrons IP-list Apache pw. file Apache pw. file ELAG Trondheim 2004 Result (ideal) Service A Common role based access control system Service B Service C Service D Service E 16 ELAG Trondheim 2004 Result (real) • Implemented a new role based access control system • We released new personalized services for patrons and librarians • Low administration costs (machine-generated password by email) • Still some systems use their old access control • The wait and see strategy paid off – result: FEIDE 17 ELAG Trondheim 2004 Status of 2002 BIBSYS 18 ELAG Trondheim 2004 New challenge • Offering our users access through the FEIDE system 19 ELAG Trondheim 2004 FEIDE (Federated Electronic Identity for Education) Goals of the FEIDE project: • Establish a common, secure electronic identity for Norwegian academic users. • Implement the academic sector's system for reliable user data handling, secure identification of internet-service users and assignment of user access-rights. • Common data model for persons • Standardization/development of user management systems • Provide a central login server 20 ELAG Trondheim 2004 Integrating with the FEIDE system (I) One year ago we released a pilot using the FEIDE authentication • Application: Personalized services for patrons and librarians • Technology: Java Servlets, Tomcat server • Objective: technical issues (not performance) • Available for a limited group of users 21 ELAG Trondheim 2004 Integrating with the FEIDE system (II) Efforts to make it work • Received a Java-library, a Servlet Filter and a certificate from FEIDE • Configured Tomcat to use the Servlet Filter • Configured the Servlet Filter 22 ELAG Trondheim 2004 Integrating with the FEIDE system (III) Experiences with the pilot • Easy to implement • No errors throughout the test period • The users were satisfied 23 ELAG Trondheim 2004 Integrating with the FEIDE system (IV) One obstacle: How to map a FEIDE user to a BIBSYS user? Solution: The National Identity Number BIBSYS have to extend the user database to include The National Identity Number 24 ELAG Trondheim 2004 Overview of the logon process FEIDE 5 MORIA 4 User AT AT (LDAP-server) AT (LDAP-server) (LDAP-servers) 6 3 1 2 7 BIBSYS (Tomcat servlet container) Filter 8 25 BIBSYSBIBSYSservices services (servlet) (servlets) 9 BIBSYS users ELAG Trondheim 2004 Future plans • Let the pilot go into production within 3-4 months • Try out the Single Sign On features of FEIDE • Make use of other user attributes than only the National Identity Number. (For authorisation and for updating our own user data) 26 ELAG Trondheim 2004