New Statistical Algorithms for the Analysis of Mass - FU Berlin, FB MI ...
New Statistical Algorithms for the Analysis of Mass - FU Berlin, FB MI ...
New Statistical Algorithms for the Analysis of Mass - FU Berlin, FB MI ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5.3. QAD GRID PLATFORM SERVER 115<br />
Figure 5.3.3: A user’s perspective sequence diagram <strong>of</strong> <strong>the</strong> processes started when<br />
a task is scheduled or a worker started.<br />
au<strong>the</strong>ntication 9 schema where two different methods are used to au<strong>the</strong>nticate.<br />
Using more than one factor is supposed to be a strong au<strong>the</strong>ntication opposed<br />
to a weak au<strong>the</strong>ntication when only one factor (such as a password) is used.<br />
Au<strong>the</strong>ntication in <strong>the</strong> QAD Grid is needed in three situations: (a) when<br />
a server wants to start a worker (this is operating system dependent and<br />
explained in section 5.3.3), (b) when a worker tries to connect to <strong>the</strong> Grid<br />
plat<strong>for</strong>m server, or (c) when a user wants to connect to <strong>the</strong> Grid server. For<br />
a worker to be able to connect to <strong>the</strong> Grid it must first register at <strong>the</strong> Grid<br />
plat<strong>for</strong>m server. This process is described in more details in section 5.4.2.<br />
After a successful registration process<br />
� a database account has been created <strong>for</strong> this worker at <strong>the</strong> database<br />
server,<br />
� <strong>the</strong> account in<strong>for</strong>mation (user id and password) were sent to <strong>the</strong> worker,<br />
� a new RSA public/private key pair <strong>for</strong> this worker was issued and transferred<br />
to <strong>the</strong> worker,<br />
� a new worker certificate was issued and transferred to <strong>the</strong> worker.<br />
Note, that transmission/communication <strong>of</strong> sensitive data is encrypted (see<br />
section 5.3.1).<br />
The au<strong>the</strong>ntication process is as follows:<br />
1. The worker sends its certificate and account in<strong>for</strong>mation to <strong>the</strong> server.<br />
This is done through a database account that has only write access to<br />
<strong>the</strong> connection initiation table in <strong>the</strong> database. The worker <strong>the</strong>n inserts<br />
its certificate into <strong>the</strong> table by calling a stored procedure 10 . Fur<strong>the</strong>r<br />
9 An au<strong>the</strong>ntication factor is a piece <strong>of</strong> in<strong>for</strong>mation.<br />
10 A stored procedure is a subroutine available to applications accessing a relational<br />
database system. Stored procedures are actually stored in <strong>the</strong> database. Typical uses <strong>for</strong>