The Candle Project

1
Proposed Proxy Solution To Publisher Access
2
Cactus Proxy Functionality

• Single sign-on for Cactus users
• Simplified Contractual Arrangements
• Group Authentication
• Detailed Usage Logging
• Undesirable Site Blocking
• Optional Daisychain to Other Services
• Cache Proxies
• Gateways

3
Active User/ Realm Cache
Block File
Cactus DataBase
? Check Cache
? Cache Response
? Check URL
? Not Blocked
? Incoming URL Request
? Check Petition
SQL DataBase Manager
Cactus ePublishers Proxy
I N T E R N E T
? Auth Keys for Controlled URL
Internal University Network
Proxy Logs
? Log Petition
? Requested Object
? Auth Keys to ePublisher
Other ePublishers

• Optional Daisychained
• Services
• Cache Proxies
• Gateways

Blackwells EJN
Cactus Proxy to ePublishers
4
Cactus Proxy Authentication

• HTTP Basic authentication (unchallenged Base64)
  preferred as universal method.
• Can handle forms filtering on an individual
  (expensive) basis.
• HTTP Digest authentication requires so much
  handshaking as to seriously affect performance.
• SSL and certificates are impossible by their very
  nature. And HTTP proxy is required to be
  transparent with both.
• IP address spoofing is implicit.

5
Cactus Proxy Commercial Questions

• Will this scheme facilitate university /
  ePublisher contractual relations?
• Is group authentication at the publisher side
  sufficient or are the publishers going to insist
  on individual authentication?
• What kind of accounting is going to be needed?
• Will a group to realm server side restriction do
  or is each individual object accounted for?
• At what resolution are we going to need the
  authentication realm of object?

6
Cactus

• Access Control System
• Version 2.0

7
WHAT IS CACTUS ?

• Centralised network users and resources
  configuration and administration.
• Terminal-independent dynamic desktop and profile
  configuration at user logon.
• Detailed resource usage monitoring and
  accounting.
• Usage quotas enforcement by session, day, month
  and year.
• Inter-client messaging facilities.
• Remote shutdown request facilities.

8
WHATS NEW IN CACTUS 2.0

• Fully rewritten in C for Win32 platforms.
• Three tier model for optimum load balancing.
• Database independent.
• Fully integrates with Microsoft Zero
  Administration Kit (ZAK) Methodologies, providing
  a one-point centralised management tool.

9
CACTUS 2.0 ARCHITECTURE
MS ZAK PDC
Cactus Administrator
UNIX or NT Server
NT Server
NT Server
NT Server or NT Workstation
Win NT or Win 95/98
Modular logical components. System
configuration may use up to 4 physical machines
to enhance performance
10
CACTUS TOKEN SERVER

• Accepts Cactus Task Manager (client) connections
  to authorise users, send configuration
  information and receive usage statistics
• Multi-threaded TCP/IP server supporting Cactus
  token protocol.
• Three Tier Model.
• Database independent, currently tested against
  Informix and MS SQL Server.
• Runs as an icon on the Windows NT taskbar.

11
CACTUS ADMINISTRATOR

• Allows systems administrators a modular
  centralised handling of users and system
  resources.
• Client/server architecture for database
  interactions.
• Simple, yet powerful user interface.
• Tight integration with MS ZAK methodologies.
• Real-time network resource usage monitoring.
• Built-in messaging and remote shutdown facilities.

12
CACTUS TASK MANAGER I (Client)

• Runs both on NT Workstation and Win95/98.
• Started at user logon, connects to Cactus token
  server to authenticate user and receive
  authorised resources, unit costs and
  configuration information.
• Accounts for resource usage and returns detailed
  statistics to the server
• Enforces usage quota limits, logs the user off if
  any limit is exceeded.

13
CACTUS TASK MANAGER II (Client)

• Supports inter-client messaging and remote
  shutdown facilities.
• Supports a standard Cactus DDE interface to
  receive and process detailed statistical data
  generated by Cactus compliant applications such
  as ZNavigator.
• Runs as an icon on the windows Taskbar.