1.2.6 Security
Hyperwave Information Server enables anybody in an organization to publish
information on the organization's intranet. Naturally, this requires a strong
security model, which protects the work of one user from other users while
allowing for convenient and effective collaboration.
Every
object (document, container, hyperlink, script) stored in the Hyperwave
Information Server has associated access rights. Access rights specify who is
allowed to
- read
- write (modify)
- unlink (delete)
the object in question. The access rights are
reflected in the Rights attribute of an object. For example, having write
permission to a document means one is allowed to modify the document, whereas
having write permission to a collection means one is allowed to insert or
remove members from that collection.
DEFAULTS
In order to keep things simple, reasonable defaults have been specified. By
default (i.e. when no other access rights are specified), everybody is granted
read access, and only the creator of the object has write access. When no
unlink permission is specified, those that have write permission also have
unlink permission. When a new document is inserted into a collection, the
document inherits its access rights from the collection.
RIGHTS WIZARD
The
Rights Wizard allows users to set permissions for individual objects without
having to remember the syntax of the Rights attribute or the valid user and
group names (see Figure 9).
Using this dialog box, you can set user rights as follows:
- Search for users and/or groups by clicking on the button corresponding to
their initial, or search all users (and groups) by clicking on the All
button. The users and groups corresponding to your search input will be listed
in the Users/Groups text box. Usernames are listed with a u
beside them, groupnames with a g.
- Select the user or group names for which you want to set rights, and use
the arrows to move them to (and from) the Users/Groups with Rights
text box.
- Select the name(s) in the Users/Groups with Rights text box
for which you want to set the rights.
- Select the checkboxes next to the Rights you want to attribute to
the username(s): R = read rights, W = write rights, U =
unlink rights.
- Click on the Add or the Set button to set these rights
(Set will overwrite rights that already exist for the selected user(s)),
or Remove if you have made a mistake. The Reset button at the
bottom of the dialog box will clear all settings made.
- When you have set the rights to your satisfaction, click on the OK
button.
Figure 9: Rights Wizard
USER WIZARD
The
User Wizard is reachable through the Open User Wizard button, which
appears in any dialog box where you are required to input user names. Unlike
User and Group Administration dialog boxes, this dialog does not allow you to
make any changes to user and group information, but is simply an easy way to
select user names. See Figure 10.
All available user and group names are listed in the top text box.
- Select the names you wish to include in the action. These names will
appear in the bottom text box.
- Click on the OK button.
Figure 10: User Wizard
Hyperwave
Information Server supports a hierarchical scheme of users and user groups. A
user (represented by an object in the repository) can be a member of one or
more groups (also objects), which in turn can be members of one or more other
groups.
USER/GROUP MANAGEMENT USING A WEB BROWSER
As with all other functions, the administration of users and user groups is
carried out using a Web browser. The system administrator(s) can create new
users and groups, modify existing users and groups, delete them, and assign
users and groups to groups. See the Hyperwave Administrator's Guide for
details.
Figure 11: New User dialog box
Large
organizations will typically have a directory of users already in place, and
will not want to duplicate the users and groups already stored in this
directory into the Hyperwave Information Server repository.
EXTERNAL AUTHENTICATION INTERFACE
Because of this, Hyperwave Information Server supports an External
Authentication Interface: a documented software interface where customers
and partners can connect their existing directory service. When a user logs on,
Hyperwave Information Server asks the external directory service if the user
name and password are correct and what groups the user belongs to, instead of
looking it up in the internal user directory.
The Hyperwave Administrator's Guide explains how to configure Hyperwave
Information Server to work with external directories.
STANDARD INTERFACES
In order to reduce the customization effort, Hyperwave Information Server comes
with three standard interfaces:
- LDAP (Lightweight Directory Access Protocol) compliant directory servers.
- Windows NT user directory
- NIS (Network Information Services; a.k.a. Sun YP)
Hyperwave
Information Server is based on open standards, and uses HTTP for the transfer
of data between the Web browser and the server. Unfortunately, HTTP sends all
information in its header (including user information) in (almost) clear text.
While this may not pose a problem in an intranet environment, where the network
is usually trusted, it is definitely a problem in extranet applications.
SSL
A Hyperwave Information Server is available that uses version 3 of the
Secure Socket Layer (SSL) protocol to encrypt all information sent to
the browser, including documents. Since the software is made outside the U.S.,
it is not subject to U.S. export regulations, and uses full 128-bit symmetric
keys for the encryption (provided the browser allows it)
In principle, it is possible to store documents in encrypted form on the
server, so that nobody can read them, not even the system administrator. In
this case, full text search is of course not possible, and the client needs to
configure a helper application to decode the do
cuments
before displaying them.
|
Benutzer: Gast
Besitzer: hwsystem Zuletzt geändert am:
|
|
|