New Statistical Algorithms for the Analysis of Mass - FU Berlin, FB MI ...
New Statistical Algorithms for the Analysis of Mass - FU Berlin, FB MI ...
New Statistical Algorithms for the Analysis of Mass - FU Berlin, FB MI ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5.3. QAD GRID PLATFORM SERVER 121<br />
password (actually its MD5 hash value) is stored as well, which is used <strong>for</strong><br />
au<strong>the</strong>ntication. In <strong>the</strong> network case au<strong>the</strong>ntication is done by querying<br />
a network au<strong>the</strong>ntication server, e.g. via LDAP or Kerberos protocol.<br />
Group membership: A users can be member <strong>of</strong> one or many groups (e.g.<br />
an institution) which can be used to give many users at once access to<br />
particular objects, such as data or functions. Using this feature it is<br />
also possible to implement some kind <strong>of</strong> hierarchy, e.g. simple user or<br />
administrator groups.<br />
Account details: Fur<strong>the</strong>r (optional) in<strong>for</strong>mation such as real name, institutional<br />
affiliation, e-mail address and so <strong>for</strong>th can also be stored.<br />
Billing details: Since system usage logs are collected automatically (such<br />
as CPU time used <strong>for</strong> computation) <strong>the</strong>se in<strong>for</strong>mation can be used to<br />
implement some kind <strong>of</strong> billing.<br />
To be able to login to <strong>the</strong> QAD Grid a user needs to be registered at <strong>the</strong><br />
plat<strong>for</strong>m server. This is done through a special web-site new users can access.<br />
At this site <strong>the</strong>y enter <strong>the</strong>ir user details which <strong>the</strong>n needs to be reviewed by<br />
an administrator. After successful registration a user can log into <strong>the</strong> webbased<br />
front-end <strong>of</strong> <strong>the</strong> plat<strong>for</strong>m server and use its services, such as start <strong>of</strong><br />
new computations or analyses (see section 5.5) or view results <strong>of</strong> previous<br />
runs. After successful login a fine-grained access control list (ACL) system<br />
(see section 5.3.1) is used to determine (1) what parts <strong>of</strong> <strong>the</strong> system <strong>the</strong> user<br />
can see, what (2) functions he can use and (3) what data and results he is<br />
allowed to see.<br />
(1) Access to web-sites: When a user accesses a web-page <strong>the</strong> web-server<br />
checks during <strong>the</strong> on-load sequence <strong>of</strong> this site whe<strong>the</strong>r <strong>the</strong>re exists an<br />
ACL entry that allows this user to see this site.<br />
(2) Use <strong>of</strong> functions: As in <strong>the</strong> web-site case each time a user requests <strong>the</strong><br />
use <strong>of</strong> a function, e.g. start <strong>of</strong> a computation, <strong>the</strong> web-server first checks<br />
if <strong>the</strong> users has appropriate credentials to use this.<br />
(3) Access to data: There are many scenarios when a user needs to access<br />
data, e.g. visualization <strong>of</strong> results, computations that need data or just<br />
display <strong>of</strong> raw data. Again, <strong>the</strong>re exist ACL entries <strong>for</strong> each dataset<br />
available in <strong>the</strong> system that is checked if data is requested ei<strong>the</strong>r through<br />
<strong>the</strong> web-server or directly from <strong>the</strong> database.<br />
Worker Management<br />
A worker is modeled as a database object with <strong>the</strong> following properties:<br />
Account in<strong>for</strong>mation: This includes a user name and a password and is<br />
mainly used to log into <strong>the</strong> database.<br />
Public key: The public key is used by <strong>the</strong> plat<strong>for</strong>m server to encrypt communication<br />
(initialized by <strong>the</strong> server) with this worker.<br />
Certificate: The worker-specific certificate is issued <strong>the</strong> first time a worker<br />
successfully registers at <strong>the</strong> plat<strong>for</strong>m server. It contains a MD5 digest <strong>of</strong><br />
a combination <strong>of</strong> <strong>the</strong> service id this worker <strong>of</strong>fers and <strong>the</strong> public key <strong>of</strong><br />
this worker. It is used <strong>for</strong> au<strong>the</strong>ntication purposes.