Suche Home Einstellungen Anmelden Hilfe  

prev next Up Title Contents Index

1.2.6 Security


Hyperwave Information Server enables anybody in an organization to publish information on the organization's intranet. Naturally, this requires a strong security model, which protects the work of one user from other users while allowing for convenient and effective collaboration.

1.2.6.1 Fine-Grained Access Control

Every object (document, container, hyperlink, script) stored in the Hyperwave Information Server has associated access rights. Access rights specify who is allowed to the object in question. The access rights are reflected in the Rights attribute of an object. For example, having write permission to a document means one is allowed to modify the document, whereas having write permission to a collection means one is allowed to insert or remove members from that collection.

DEFAULTS

In order to keep things simple, reasonable defaults have been specified. By default (i.e. when no other access rights are specified), everybody is granted read access, and only the creator of the object has write access. When no unlink permission is specified, those that have write permission also have unlink permission. When a new document is inserted into a collection, the document inherits its access rights from the collection.

RIGHTS WIZARD

The Rights Wizard allows users to set permissions for individual objects without having to remember the syntax of the Rights attribute or the valid user and group names (see Figure 9).

Using this dialog box, you can set user rights as follows:

  1. Search for users and/or groups by clicking on the button corresponding to their initial, or search all users (and groups) by clicking on the All button. The users and groups corresponding to your search input will be listed in the Users/Groups text box. Usernames are listed with a u beside them, groupnames with a g.
  2. Select the user or group names for which you want to set rights, and use the arrows to move them to (and from) the Users/Groups with Rights text box.
  3. Select the name(s) in the Users/Groups with Rights text box for which you want to set the rights.
  4. Select the checkboxes next to the Rights you want to attribute to the username(s): R = read rights, W = write rights, U = unlink rights.
  5. Click on the Add or the Set button to set these rights (Set will overwrite rights that already exist for the selected user(s)), or Remove if you have made a mistake. The Reset button at the bottom of the dialog box will clear all settings made.
  6. When you have set the rights to your satisfaction, click on the OK button.
Figure 9: Rights Wizard
USER WIZARD

The User Wizard is reachable through the Open User Wizard button, which appears in any dialog box where you are required to input user names. Unlike User and Group Administration dialog boxes, this dialog does not allow you to make any changes to user and group information, but is simply an easy way to select user names. See Figure 10.

All available user and group names are listed in the top text box.

  1. Select the names you wish to include in the action. These names will appear in the bottom text box.
  2. Click on the OK button.
Figure 10: User Wizard

1.2.6.2 User and Group Management

Hyperwave Information Server supports a hierarchical scheme of users and user groups. A user (represented by an object in the repository) can be a member of one or more groups (also objects), which in turn can be members of one or more other groups.

USER/GROUP MANAGEMENT USING A WEB BROWSER

As with all other functions, the administration of users and user groups is carried out using a Web browser. The system administrator(s) can create new users and groups, modify existing users and groups, delete them, and assign users and groups to groups. See the Hyperwave Administrator's Guide for details.

Figure 11: New User dialog box

1.2.6.3 Directory Services

Large organizations will typically have a directory of users already in place, and will not want to duplicate the users and groups already stored in this directory into the Hyperwave Information Server repository.

EXTERNAL AUTHENTICATION INTERFACE

Because of this, Hyperwave Information Server supports an External Authentication Interface: a documented software interface where customers and partners can connect their existing directory service. When a user logs on, Hyperwave Information Server asks the external directory service if the user name and password are correct and what groups the user belongs to, instead of looking it up in the internal user directory.

The Hyperwave Administrator's Guide explains how to configure Hyperwave Information Server to work with external directories.

STANDARD INTERFACES

In order to reduce the customization effort, Hyperwave Information Server comes with three standard interfaces:

1.2.6.4 Encryption

Hyperwave Information Server is based on open standards, and uses HTTP for the transfer of data between the Web browser and the server. Unfortunately, HTTP sends all information in its header (including user information) in (almost) clear text. While this may not pose a problem in an intranet environment, where the network is usually trusted, it is definitely a problem in extranet applications.

SSL

A Hyperwave Information Server is available that uses version 3 of the Secure Socket Layer (SSL) protocol to encrypt all information sent to the browser, including documents. Since the software is made outside the U.S., it is not subject to U.S. export regulations, and uses full 128-bit symmetric keys for the encryption (provided the browser allows it)

In principle, it is possible to store documents in encrypted form on the server, so that nobody can read them, not even the system administrator. In this case, full text search is of course not possible, and the client needs to configure a helper application to decode the do cuments before displaying them.


prev next Up Title Contents Index

Benutzer: gast • Besitzer: hwsystem • Zuletzt geändert am: