Hyrax Admin Interface: Difference between revisions

From OPeNDAP Documentation
⧼opendap2-jumptonavigation⧽
Line 47: Line 47:
## User securely authenticates and gets a secure session.
## User securely authenticates and gets a secure session.
# User Authorization Manage
# User Authorization Manage
## [[HAI Use Case: View and set User roles and their mapping to URLs|View/set User roles and their mapping to URLs]] - this is the basis for categorizing authorization.
## [[HAI Use Case: View and set User-roles and their mapping to URLs|View and set User-roles and their mapping to URLs]] - this is the basis for categorizing authorization.
## [[HAI Use Case: View and set user authorization|View and set user authorization]]  
## [[HAI Use Case: View/set user-membership in roles|View/set user-membership in roles]]  
## [[HAI Use Case: Control service access, user authentication and data authorization | Control service access, user authentication and data authorization]]
## <del>[[HAI Use Case: Control service access, user authentication and data authorization | Control service access, user authentication and data authorization]]</del>




Revision as of 17:21, 9 November 2010

This is a place to start discussing peoples desires/needs for a Hyrax Administrators Interface (HAI).


Background

Members of the Hyrax users community are developing robust, highly available data services in operational settings, and have asked for an administrators interface that will allow them to monitor, control, reconfigure, and debug the Hyrax frontend and backend servers from a single console.

Additionally, to support external services integration with the Hyrax data catalog and service, Hyrax needs to provide an administration interface for service configuration and data catalog changes (e.g. adding new data sets to a catalog). Example of an external service integration with Hyrax is an organisation's digital library service for registering and maintaining access to data products. Once the user registers a new data set including data location and data access rights, the user may select an access service and protocol such as Hyrax OPeNDAP or WMS. This external service will connect to a Hyrax service using the Hyrax Administrators Interface to add a new data set to the catalog.

This page is the starting point for organizing the design work for the Hyrax Administrators Interface (HAI).

Definitions

Administrator
The administrator is the human that operates the HAI.
User
The user is a human that uses client software such as Kepler, Matlab OPeNDAP Ocean Toolbox, a web browser, and others to make requests (HTTP, SOAP, etc.) of the Hyrax server.
Operator Console
The 24x7 operator's console to monitor and control the data services as well as the user data requests, and receive service notifications.
Administrator Console
The system administrator's console to monitor, control, reconfigure, and debug the Hyrax frontend and backend servers, and receive service notifications.

Use Cases

Logging and Debugging Features

The administrator uses the HAI to:

  1. Administrator Logs into the Hyrax Admin Interface
  2. Control BES connections
    1. Stop and Start a BES
    2. Examine BES processes/connections
    3. Terminate specific BES processes/connections
  3. Hyrax OLFS and BES logging service
    1. View OLFS and BES logs
    2. Turn on/off OLFS debugging and view/save/stream the output
    3. Turn on/off BES debugging and view/save/stream the output

User Management

User management involves two basic activities: Authentication (Ac) and Authorization (Az). Authentication is the process in which the server identifies a particular user. Authorization is the process that determines what a user can do or see on the server.

  1. User Authentication
    1. User securely authenticates and gets an open session.
    2. User securely authenticates and gets a secure session.
  2. User Authorization Manage
    1. View and set User-roles and their mapping to URLs - this is the basis for categorizing authorization.
    2. View/set user-membership in roles
    3. Control service access, user authentication and data authorization


I think that these features - which are the Authentication and Authorization features (Ac/Az) - should be kept very simple because of the likelihood that the underlying mechanism for providing the credentials is almost certain to change and become a set of mechanisms. Thus we will want something that can be used with a variety of ac/az approaches. Later we can add things like quotas, priorities. I also think that we need to base all of this on roles and URLs. jhrg

Design

Required features

  1. Secure (SSL, grid certificates?) login and sessions.
  2. Data request and transaction log viewing.
  3. control and view debugging information.
  4. control and view service settings.
  5. control and view data catalog settings
  6. control and view service statistics information
  7. control and view service state information

Desired features

  1. control and view user access management
  2. control and view service notification features and thresholds

Deliverables

Period of use

The API features are to be permanent features in the Hyrax data service for use in building administrator and operator console applications to support an operational data service. The operational Hyrax data service is to support various service level access (SLA) requirements and provide timely, reliable data delivery with transaction logging.


Additional Desired Hyrax Admin Interface Features

Retrieved from "https://docs.opendap.org/index.php?title=Hyrax_Admin_Interface&oldid=6012"