GS CERN GS Department CH-1211 Genève 23 Switzerland Corporate Data for CERN Drupal Sites...

GS

CERN GS DepartmentCH-1211 Genève 23

Switzerlandwww.cern.ch/gs-

dep

Corporate Data for CERN Drupal Sites

Introduction to Planned AIS Drupal ModulesENTICE Meeting, 25.05.2011

Jan Janke (GS/AIS)



dep

2

AIS Module Plans

"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)

EDH

OHR/Foundation

Roles

CET/Qualiac

SMT, APT, …

CERN Drupal Sites



dep

3

Official Interface to AIS Data

AIS controlled interface Direct access to corporate CERN data

Public & protected data Data gradually made available upon request




dep

4

Challenge

A CERN Drupal side cannot be trusted Currently full WebDAV access to PHP code for site admins

Secure communication between Drupal and AIS We need to be sure that

A user requesting data really is who he/she claims to be Data can be securely cached


We actively work with IT-OIS Infrastructure Team to find solutions.

Data will only be made available if a reliable identification of the end user is possible!



dep

5

Architecture

Backend server Frontend API Customer modules




dep

Corporate Data

Dat

a Se

rver

AIS

Dat

a AP

I

Organigram Module

Contact Data Module

…



dep

6

Architecture: Backend Server

Processes requests Verifies if requestor is authorised Accesses database and returns data




dep

Corporate Data

Dat

a Se

rver

AIS

Dat

a AP

I

Organigram Module

Contact Data Module

…



dep

7

Architecture: Frontend API

Communicates with AIS Backend Provides API for client modules




dep

Corporate Data

Dat

a Se

rver

AIS

Dat

a AP

I

Organigram Module

Contact Data Module

…



dep

8

Architecture: Customer Modules

Access data via frontend API No direct access to AIS server AIS provides reference implementation




dep

Corporate Data

Dat

a Se

rver

AIS

Dat

a AP

I

Organigram Module

Contact Data Module

…



dep

9

Data Examples

Start with publicly available data Contact details (same data as provided by CERN Phonebook) Organisational structure data (organigram) Roles data

Tell me who is the Group Leader of group XYZ?




dep

10

Security

Support only official IT provided Drupal infrastructure Communication only via AIS Drupal frontend API Reliable identification of end users One time registration required for every site

To obtain a site specific key All requests are validated using a signature (HMAC)




dep

11

Timescale

1. Deal with security concerns (in progress)2. Development start constrained by 13. Build AIS reference implementation module

Comprises Backend server AIS Frontend API module for Drupal Drupal modules to access organigram and contact data




dep

12

Next Goals

Make first version of AIS Drupal modules available Monitor their use React to user specific requests

If AIS offering is accepted Provide access to more data upon request Allow module developers to access frontend API directly

AIS provides the data, the web developer lays it out! Currently no plans to provide specific modules other than the

reference implementation (which will be maintained).




dep

13

Thank you!

Time for questions …


GS CERN GS Department CH-1211 Genève 23 Switzerland Corporate Data for CERN Drupal Sites...

Documents

Transcript of GS CERN GS Department CH-1211 Genève 23 Switzerland Corporate Data for CERN Drupal Sites...