|
DACS is suite of applications and an Apache module that provides an authentication and role provision capability for the Canadian Forest Service Network (CFSNet). Using industry-standard SSL communication to ensure information remains private and secure, DACS will provide CFSNet with a security protocol that is dependable and maintainable. After a user has authenticated with DACS, they can access any resource they have permission to see in the CFSNet without having to re-authenticate.
DACS is a general-purpose, distributed system that combines Single Sign-On capability and role-based access control for Web services. DACS allows CFSNet administrators from each center to flexibly control access to both Web pages and applications that are provided by CFSNet Web servers. Administrators may control access on a per user basis, or by groups of individuals.
An existing authenticating system may easily integrate with DACS. For example, if users already use an authentication system (such as logging into an e-mail client), DACS can be integrated with this authentication protocol to provide access to those users. The National Forest Information System (NFIS) has developed a Web-based authentication interface, NFIS Access, which leverages the functionality of DACS for authentication.
By specifying rules for Web services, a DACS administrator can grant unrestricted access to Web services to some users, limited kinds of access to other users, and completely deny access to yet another set of users. User passwords, lists of user accounts, and other potentially sensitive information are not maintained by DACS. Each CFSNet center will control access to its own resources.
|
