wiki:SecurityTeam/TI12_Security/DataProviderDeployment

Version 6 (modified by pjkersha, 13 years ago) (diff)

--

Data Provider Deployment

This page explores how a Data Provider deploys and configures NDG Security.

Use Case

A Use Case? looks at the steps in this process.

Deployment Diagram

This illustrates a possible configuration for deployment of the required components and services

source:TI12-security/trunk/architecture/uml/SecurityDeploymentModel.gif

Notes

  • Security Web Services must be exposed to the outside world, for example to allow issuing of new certificates for users via the NDG Simple CA web service or negotiation of authorisation of a resource between Session Managers and Attribute Authorities of different NDG sites.
  • Two alternate configurations are presented for access of web services to the external network:
    1. Redirect through port 80 and assigned URI (may be achieved with Apache using a ProxyPass directive
    2. Open dedicated ports for each service in the firewall
  • MyProxy? and database resources are shielded within the firewall

Assumptions

  • Data Provider serves user roles via tables in a user database
  • The Credential Repository is implemented as a database
  • User database and Credential Repository reside on the same server
  • Security Web Services reside on the same host