Technical Specification including Description of IdP / SP...

Document name: SP5/ WP52 Page: 0 of 41

Reference: D52.2 Dissemination: PU Version: 0.6 Status: Final

Technical Specification including

Description of IdP / SP and Identity

Token Formats

D52.2

This document is issued within the frame and for the purpose of the FutureID project. This project has received funding from the

European Union’s Seventh Framework Programme (FP7/2007-2013) under Grant Agreement no. 318424.

This document and its content are the property of the FutureID Consortium. All rights relevant to this document are determined by

the applicable laws. Access to this document does not grant any right or license on the document or its contents. This document or

its contents are not to be used or treated in any manner inconsistent with the rights or interests of the FutureID Consortium or the

Partners detriment and are not to be disclosed externally without prior written consent from the FutureID Partners.

Each FutureID Partner may use this document in conformity with the FutureID Consortium Grant Agreement provisions.

Document Identification

Date 18/08/2014

Status Final

Version 0.6

Related SP / WP SP5/ WP52 Document Reference

D52.2

Related Deliverable(s)

D52.1, D52.3. D24.1, D44.3

Dissemination Level PU

Lead Participant ATOS Lead Author Juan Carlos Pérez Baún Charles Bastos Rodriguez

Contributors IFAG, CA, ATOS Reviewers Heiko Roßnagel (FHG) Frank-Michael Kamm (G&D)

No

t to

be d

istr

ibute

d o

uts

ide t

he F

utu

reID

Co

nso

rtiu

m

Shaping the Future of Electronic Identity Technical Specification including Description of IdP / SP and Identity Token Formats



1 Executive Summary

The main objective of this deliverable D52.2 is to specify the interfaces and modules for the

integration of Atos e-Learning Services for Enterprises into FutureID infrastructure.

This document provides the technical specification of AIS and the Atos e-Learning integration

interface as well as the basic AIS architecture description, explaining the components and both

their functions and their connection with FutureID elements. It shows the Atos e-Learning

architecture and the breakdown components. Also it explains how the communications

established between the AIS components and the FutureID elements takes place. It describes

the used technologies and the supported multimedia contents by Atos e-Learning.

In conclusion this deliverable will be the guidance for developing the AIS and the integration

interface of Atos e-Learning Services for enterprises into FutureID.




2 Document Information

2.1 Contributors

Name Partner

Monika Dravik

Pawel Bulat

CA

Detlef Houdeau IFAG

Charles Bastos Rodriguez

Miguel Colomer Pastor

Nuria Ituarte Aranda

Juan Carlos Pérez Baún

ATOS

2.2 History

Version Date Author Changes

0.1 12/03/2014 Juan Carlos Pérez Baún Initial Draft version

0.11 11/04/2014 Juan Carlos Pérez Baún TOC and tasks

0.14 08/05/2014 Nuria Ituarte Aranda

Miguel Colomer Pastor


Charles Bastos

Rodriguez

Included Atos content

0.15 14/05/2014 Juan Carlos Pérez Baún Tittles and ToDo’s

updated after initial

conference call

0.16 06/06/2014 Juan Carlos Pérez Baún

Nuria Ituarte Aranda

Added sections 8.1 and

9

0.20 10/06/2014 Pawel Bulat


Added contribution

from CA on section 7.

0.21 25/06/2014 Monika Dravik

Juan C. Pérez Baún

Added contribution

from CA on section 8.2.

Updates sections 5, 8.1

and 9.1.

0.3 22/07/2014 Detlef Houdeau

Juan C. Pérez Baún

Updates in section 6

from IFAG.

0.31 25/07/2014 Detlef Houdeau Added content section

6.1 and 6.2

0.4 28/07/2014 Miguel Colomer Pastor

Charles Bastos

Rodriguez


Authors’ revision

0.5 18/08/2014 Heiko Roßnagel (FHG)

Frank-Michael Kamm

(G&D)

Updates from reviewers

0.6 12/09/2014 Charles Bastos

Rodriguez

Revised terminology

legacy AIS





2.3 Table of Figures

Figure 1: FutureID architectural components. ....................................................................................... 12 Figure 2: Types of AIS in FutureID infrastructure. ................................................................................. 13 Figure 3: STORK and FutureID interaction. ............................................................................................ 15 Figure 4: Session Manager – Receive function ...................................................................................... 16 Figure 5: Session Manager – Send function ........................................................................................... 17 Figure 6: Flow of attributes for authentication process. ....................................................................... 18 Figure 7: Atos e-Learning Platform 3 layer architecture. ...................................................................... 23 Figure 8: Atos e-Learning Platform full architecture. ............................................................................ 24 Figure 9: Atos e-Learning elements’ interaction. ................................................................................... 25 Figure 10: Components of Atos e-Learning user interface. .................................................................. 25 Figure 11: Authentication process for Atos e-Learning. ....................................................................... 28 Figure 12: Components of Atos e-Learning storage interface. ............................................................ 29 Figure 13: High level overview of the flow of communications. ........................................................... 31 Figure 14: Atos e-Learning integration into FutureID overview. .......................................................... 32 Figure 15: AIS connectors with FC available .......................................................................................... 33 Figure 16: AIS connectors without FC .................................................................................................... 33 Figure 17: Integration Interface between A and AIS. ............................................................................. 34 Figure 18: Apache modular architecture ................................................................................................ 35 Figure 19: Apache layering architecture ................................................................................................. 36 Figure 20: FutureID integration using Apache modules ....................................................................... 37 Figure 21: Connection between the Apache specific AIS implementation components and Atos e-

Learning (A) ........................................................................................................................................ 39

2.4 Table of Tables

Table 1: Attributes of authentication request and response (Broker service) .................................... 18 Table 2: Attributes of authentication request and response ................................................................ 34




2.5 Table of Acronyms

A Service Provider Application

AB Authentication Backend

AF Access Filter

AIS Application Integration Service (a relying party implementation)

AJAX Asynchronous JavaScript And XML

BS Broker Service

BSD Berkeley Software Distribution

CSS Cascading Style Sheets

DB Data Base

DOM Document Object Model

FC FutureID Client

DHTML Dynamic HTML

HTML HyperText Markup Language

HTTP HyperText Transfer Protocol

IdP Identity Provider

LIS Legacy Integration Service

PEPS Pan European Proxy Server

PHP Hypertext Preprocessor

RSS Really Simple Syndication

SAML Security Assertion Markup Language

SCT Simple Credential Transformer




SSL Secure Sockets Layer

SSO Single Sign On

STORK Secure idenTity acrOss boRders linKed

TLS Transport Layer Security

UI User Interface

WYSIWYG What You See Is What You Get

XML eXtensible Markup Language

YUI Yahoo User Interface

2.6 Referenced Documents

[1] - Authentication module for apache,

https://modmellon.googlecode.com/svn/trunk/mod_mellon2/README

[2] - Luis A. Colón and Anthony Trivino, Apache Server Architecture, Computer Architecture,

Spring 2008

[3] – DSO support, Apache HTTP Server Version 2.2, http://httpd.apache.org/docs/2.2/dso.html

[4] - The Apache Software Foundation, http://www.apache.org

[5] - Architecture, http://docs.moodle.org/dev/Moodle_architecture

[6] – ADOdb Database Abstraction Library for PHP, http://adodb.sourceforge.net/

[7] – General Core APIs, http://docs.moodle.org/dev/Core_APIs

[8] - Büchner, Alex. "Chapter 3 - The Moodle System". Moodle Administration: An Administrator's

Guide to Configuring, Securing, Customizing, and Extending Moodle. Packt Publishing. © 2008.

[9] – Codec, http://en.wikipedia.org/wiki/Codec

[10] - FutureID_D21.04_WP21_v1.1_Reference_Architecture, https://dms-

prext.fraunhofer.de/livelink/livelink.exe?func=ll&objaction=overview&objid=3841750

[11] - FutureID Deliverable D41.2 “Interface and module specification and documentation” WP41

Identity Broker, https://dms-


https://modmellon.googlecode.com/svn/trunk/mod_mellon2/README

http://httpd.apache.org/docs/2.2/dso.html

http://www.apache.org/

http://docs.moodle.org/dev/Moodle_architecture

http://adodb.sourceforge.net/

http://docs.moodle.org/dev/Core_APIs

http://en.wikipedia.org/wiki/Codec

https://dms-prext.fraunhofer.de/livelink/livelink.exe?func=ll&objaction=overview&objid=3841750







[12] – FutureID_D44.3_WP44_Technical_Specification_for_AIS, https://dms-

prext.fraunhofer.de/livelink/livelink.exe/overview/4353210

[13] - FutureID_D52 01_WP52_Requirements for FutureID components in Business Scenarios,


[14] – Multimedia plugins filter, http://docs.moodle.org/27/en/Multimedia_plugins_filter

[15] - XMLDB Documentation, http://docs.moodle.org/dev/XMLDB_Documentation

[16] – JavaScript YUI Moodle, http://docs.moodle.org/dev/YUI#The_Basics

[17] – OpenSSL Criptography and SSL/TLS Toolkit. http://www.openssl.org/source/license.html

[18] – OpenSAML. https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoLicense

[19] – PHP, http://www.php.net/

[20] – Resources, http://docs.moodle.org/27/en/Resources

[21] – TinyMCE HTML Editor, http://www.tinymce.com/

[22] - Apache Tomcat, http://tomcat.apache.org/

[23] – URL resource, http://docs.moodle.org/27/en/URL

[24] - Usage of web servers for websites, W3Techs – Web Technology Surveys,

http://w3techs.com/technologies/overview/web_server/all

[25] – Yahoo User Interface library, http://yuilibrary.com/

[26] – FutureID_D41.3_WP4_Implementation of the Identity Broker in Dispatcher Mode,


[27] – EC Review Period 1 Outline WP52, https://dms-


[28] – FutureID_D21.5_WP21_Analysis of relevant Business and Use Case, https://dms-


https://dms-prext.fraunhofer.de/livelink/livelink.exe/overview/4353210

https://dms-prext.fraunhofer.de/livelink/livelink.exe/overview/4353210


http://docs.moodle.org/27/en/Multimedia_plugins_filter

http://docs.moodle.org/dev/XMLDB_Documentation

http://docs.moodle.org/dev/YUI#The_Basics

http://www.openssl.org/source/license.html

https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoLicense

http://www.php.net/

http://docs.moodle.org/27/en/Resources

http://www.tinymce.com/

http://tomcat.apache.org/

http://docs.moodle.org/27/en/URL

http://w3techs.com/technologies/overview/web_server/all

http://yuilibrary.com/









3 Table of Contents

1 Executive Summary 1

2 Document Information 2 2.1 Contributors ................................................................................................................... 2 2.2 History ........................................................................................................................... 2 2.3 Table of Figures ............................................................................................................. 3 2.4 Table of Tables .............................................................................................................. 3 2.5 Table of Acronyms ......................................................................................................... 4 2.6 Referenced Documents ................................................................................................. 5

3 Table of Contents 7

4 Project Description 9

5 Introduction 10 5.1 Scope .......................................................................................................................... 10

6 FutureID architecture 12 6.1 FutureID architecture overview .................................................................................... 12 6.2 FutureID and STORK connection ................................................................................ 14 6.2.1 Authentication Backend (STORK Backend) ................................................................. 15

6.2.2 Attributes in the Authentication process ....................................................................... 17

7 Atos e-Learning technologies 19 7.1 Type of contents .......................................................................................................... 19 7.1.1 Images ........................................................................................................................ 19

7.1.2 Audio ........................................................................................................................... 19

7.1.3 Linking to a sound file online elsewhere ...................................................................... 19

7.1.4 Embedding a sound file in its own player ..................................................................... 20

7.1.5 Video ........................................................................................................................... 20

7.1.6 Linking to an external online video............................................................................... 20

7.1.7 Uploading a video for students to download ................................................................ 20

7.1.8 Embedding a video in its own player ........................................................................... 20

7.1.9 Embedding audio and video ........................................................................................ 20

7.1.10 Available players ......................................................................................................... 20

7.1.11 Legacy media players.................................................................................................. 21

7.2 Technologies ............................................................................................................... 21




7.2.1 JavaScript ................................................................................................................... 21

7.2.2 YUI-library ................................................................................................................... 21

7.2.3 TinyMCE HTML Editor ................................................................................................. 22

7.2.4 PHP ............................................................................................................................. 22

8 Atos e-Learning Platform Architecture 23 8.1 Components ................................................................................................................ 25 8.1.1 Atos e-Learning User Interface .................................................................................... 25

8.1.2 Atos e-Learning Core .................................................................................................. 25

8.1.3 Authentication plugins ................................................................................................. 27

8.1.4 Storing data Interface .................................................................................................. 29

8.2 Communications and flows .......................................................................................... 30

9 Integration of Atos e-Learning into FutureID 32 9.1 Integration interface ..................................................................................................... 32 9.2 Integration using Apache server modules .................................................................... 34 9.2.1 Apache architecture - Modules .................................................................................... 35

9.2.2 Integration Atos e-Learning services for enterprises – FutureID .................................. 36

9.2.3 Description of the components .................................................................................... 37

9.2.4 Messages flow............................................................................................................. 38

9.2.5 Apache server configuration ........................................................................................ 39

10 Conclusion 41




4 Project Description

The FutureID project builds a comprehensive, flexible, privacy-aware and ubiquitously usable

identity management infrastructure for Europe, which integrates existing eID technology and

trust infrastructures, emerging federated identity management services and modern credential

technologies to provide a user-centric system for the trustworthy and accountable management

of identity claims.

The FutureID infrastructure will provide great benefits to all stakeholders involved in the eID

value chain. Users will benefit from the availability of a ubiquitously usable open source eID

client that is capable of running on arbitrary desktop PCs, tablets and modern smart phones.

FutureID will allow application and service providers to easily integrate their existing services

with the FutureID infrastructure, providing them with the benefits from the strong security offered

by eIDs without requiring them to make substantial investments.

This will enable service providers to offer this technology to users as an alternative to

username/password based systems, providing them with a choice for a more trustworthy, usable

and innovative technology. For existing and emerging trust service providers and card issuers

FutureID will provide an integrative framework, which eases using their authentication and

signature related products across Europe and beyond.

To demonstrate the applicability of the developed technologies and the feasibility of the overall

approach FutureID will develop two pilot applications and is open for additional application

services who want to use the innovative FutureID technology

Future ID is a three-year duration project funded by the European Commission Seventh

Framework Programme (FP7/2007-2013) under grant agreement no. 318424




5 Introduction

This task defines and implements the proof-of-concept of a hosted Service for the FutureID

framework. This includes a relying party application (e.g. eGovernment applications or private-

sector applications) as well as a set of identity providers. A technical landscape and mock up

service in the Atos e-learning Services for Enterprises is set up, and demonstrates how to set up

and consume FutureID identity services.

5.1 Scope

The goal of this document is to provide the technical specification of AIS and the Atos e-

Learning integration interface. This deliverable will be the basis for document 52.3 whose aim is

to implement this component. Therefore this document will be the guidance for developing the

Apche specific AIS implementaton and the integration interface of Atos e-Learning Services for

enterprises into FutureID.

The starting points are the requirements identified in [13] and the general architecture shown in

document [10]. The pilot applications have been also taken into account.

Two types of AIS can exist as [10] shows, the first type of AIS (FutureID AIS) will be

implemented by the project. Inside the FutureID AIS two specific implementations will be

developed, a JBoss specific one and an Apache specific AIS implementation. The present

document uniquely considers Apache specific AIS implementation, which consists of software

components based on Apache server and implemented by FutureID. The Apache specific AIS

implementation satisfies the Atos e-Learning requirements and the market needs, since many

Service Providers are using Apache as an application server. JBoss specific AIS

implementation will be described in [12]. Developing both JBoss and Apache AIS, would cover

most of the application server market.

An outline of the included sections is described next:

Section 6 – FutureID Architecture-Context and AIS integration: this section contains the basic

AIS architecture description, explaining the components and both their functions and their

connection with FutureID elements. An overview about the connection between STORK, the

identity provider, and the FutureID infrastructure, and a list of attributes needed for the

authentication process is also included.

Section 7 – Atos e-Learning technologies: establishes the type of multimedia contents and

technologies that Atos e-Learning will use.

Section 8 – Atos e-Learning platform architecture: this section describes the Atos e-Learning

architecture, explaining each component. Also it includes how and where the communication

established between the AIS components and the FutureID elements takes place.




Section 9 – Integration of Atos e-Learning into FutureID: this section will explain how Atos e-

Learning will be integrated into FutureID through Apache specific AIS implementation. It will

describe the services that will perform AIS component. It contains detailed description of every

AIS module including the functionality and operational environment of all of them. It will describe

at a high level the modular Apache architecture, focusing on modules that are involved in the

integration process.




6 FutureID architecture

6.1 FutureID architecture overview

Figure 1 displays the overview of all relevant architectural components of the FutureID platform.

A detailed up-to-date description is available in [10] and [12].

Figure 1: FutureID architectural components.

The key building blocks of the FutureID architecture are

- User platform, with the elements

- ABC – Engine

- Broker Service

- FutureID Client

- User Agent

- Service Provider, with the elements

- Access Filter

- Simple Credential Transformer

FutureIDBroker

TS

SCT

User Platform

FC UA

Service Provider

AAA

BS

TS

FSFSLIS

ABCV

UAS

BS

CV

AF

AIS

SCT

FutureIDBroker

BS

STORK (PEPS)

IdP (WS-*)

IdP (SAML)

IdP (OAuth)FutureID

Broker

Existing Simple Credential Transformers

Additional Complex Credential Transformers

ABCE

TS

Trusted Third Parties

Contractual RelationshipTrust Relationship / Registered Account

TS

TSA

BS

TS




- (Service Provider) Application(s)

- Trust Services

- Broker Service

- Application Integration Service

- FutureID Broker, with the elements

- Universal Authentication Service

- Trust Service

- Broker Service

- Legacy Integration Service

- Trusted Third Parties, with the elements

- Identity Provider

- STORK Pan European Proxy Service

- FutureID Broker

In this view the FutureID Broker and the (various) Service Provider maintain a contractual

relationship. In the case of the ATOS e-Learning use case it would be only the e-Learning

service provider.

The relaying party implementation, based on the application integration service can be realized

in two directions, as shown in Figure 2:

Legacy Service Provider and;

FutureID Service Provider.

For additional information about the AIS components and its functionalities, see D44.3 [12].

Figure 2: Types of AIS in FutureID infrastructure.




The relevant stakeholders are the Service Provider, the User, and optionally, a user-chosen,

external FutureID Broker.

The Service Provider uses a FutureID AIS as an authentication front-end for its application(s).

The AIS breaks down into several components. In particular, the access filter AF is mandatory

and specifically developed in the FutureID project. Further, the AIS comprise one to several

simple credential transformers SCTs. These are either FutureID developments or suitable third

party components. The AF and all SCTs use the same session library SL. Optionally, SCTs can

use the FutureID trust service TS to determine whether presented credentials are trustworthy.

The user platform always provides a plain vanilla web browser called User Agent UA that is

capable of executing JavaScript. Optionally, the user runs the FutureID client FC. The FC

always contains a solver and executor component S&E. In the case where the FC is absent, the

user chooses a trusted external FutureID Broker who provides the S&E component that acts in

the interest of the user.

The AIS covers two major roles in the FutureID architecture: a) intercepting unknown users and

requesting the FutureID infrastructure to authenticate them and b) receiving and validating

credentials in order to set up authenticated sessions for users.

In more detail, in the former role, the UA requests a resource provided by the application A. The

request is intercepted by AF. If the user is already known, the request is passed to A.

Otherwise, AF issues a FutureID Authentication Request (FAR) through the UA to the S&E. The

AF uses the SL to determine whether a user is already known.

In the latter role, the S&E presents a user or session credential to the SCT suitable for this

credential. The SCT verifies the credential and, on success, sets a user session by calling

according services of the SL. In the verification process, the SCT can call TS services to

determine whether the presented credential originates from an issuer who is trustworthy

according to the SP’s trust policy. Once an authenticated session is established, the SCT

redirects the user to the originally requested resource of A. A more detailed description is also

available in [12].

The ATOS e-learning platform is embedded between the user platform and the service provider

and uses the hypertext transfer protocol (HTTP).

6.2 FutureID and STORK connection

The STORK (Secure idenTity acrOss boRders linKed) project was developed with the mission to

establish an interoperability platform for existing electronic identifications in Europe. The STORK

platform allows European citizens to establish e-relations with foreign governments using their

national credentials.




STORK provides a SAML-based interface. The authentication backend for STORK must convert

the data received by the generic authenticate call coming from the Broker Core to the

appropriate data structure that can be consumed by STORK. The data structure is called

STORKAuthnRequest.

The bridge between the STORK authentication backend and the Broker Service is displayed in

chapter 6.2.1. The following figure represents the integration of the STORK server infrastructure

and FutureID:

Figure 3: STORK and FutureID interaction.

6.2.1 Authentication Backend (STORK Backend)

The Broker Service (BS) will be involved in the connection with STORK through the STORK

Authentication Backend (AB) component, as depicted in Figure 3. In order to initiate the

authenticate request to STORK a service called Authenticate Session Proxy has been

developed.

This service acts as an intermediary between the broker core and the STORK AB. It thereby

frees the backend to keep state due to the Authenticate interface it has to implement. Instead it

can request the initiating Authenticate message via a REST interface in this service. Instead of

getting a new Authenticate request after the authentication made by STORK finished, the

service must actively send a message containing the AuthenticateResponse message to this

service (see section 6.3 in Deliverable 41.3 [26]).




The following figure presents the Receive function information flow.

Figure 4: Session Manager – Receive function

The next figure presents the Send function information flow.




Figure 5: Session Manager – Send function

As shown on the previous figures, the service defines two functions send () and receive ().The receive function returns an Authenticate message for a given session id. The send function takes an AuthenticateResponse and provides it to the broker. In the send call

the Sessionidentifier (optional in the schema) element must be set in order to match the session.

6.2.2 Attributes in the Authentication process

The attributes sent by the user to AIS are both the mandatory attributes and the optional

attributes selected by the user (see step 3 of section 6.1 of [13])

The AIS will send the following attributes (Table 1) to BS in the FutureID authentication request

(see section 7.1 and 8.2 of [11]). Then this FAR reaches the BS through the user.

Attribute Mandatory Optional

AcademicTitle X

FirstName X

LastName X

Street X

StreetNumber X

City X

State X




Country X

ZipCode X

Nationality X

DateOfBirth X

IDType X

IDIssuer X

IssuingState X

IDValidUntil X

eIdentifier X

Age X

AgeVerification X

Table 1: Attributes of authentication request and response (Broker service)

The BS will connect with STORK and the information contained in the attributes received on the

response from STORK is mapped to the BS response. Finally the AIS will receive an assertion

from the BS. The flow can be seen in Figure 6.

Figure 6: Flow of attributes for authentication process.




7 Atos e-Learning technologies

Atos e-Learning Services for Enterprises (e-Learning Marketplace Platform) has been chosen as

a valid test case to demonstrate the viability of FutureID components in business scenarios,

specifically with regards to Internet of Services [27].

The focus of the Atos e-Learning platform is on offering to enterprise customers a reliable e-

Learning enterprise solution, which will lower the training costs for the organizations, provide a

faster delivery and a more effective learning for e-Learning users (organization employees and

outside organization clients) [28].

Both organization employees and clients subscribed to the e-Learning courses will have access

to the e-Learning services through Future-ID.

7.1 Type of contents

Atos e-Learning supports many types of multimedia contents as audio, video and images.

Students can easily download resource files to a local computer or watch the multimedia

contests online in the browser. Teachers can add files or links to the contents hosted on another

server. The sections below describe exactly the technical aspects of multimedia content

supported by the "Atos e-learning" system.

7.1.1 Images

Atos e-Learning allows teachers and students to upload and display images from a variety of

sources. Course pages can be enhanced with images in each section. Assignments can include

images for extra clarification. The system accepts .jpg, .png, .svg and .gif formats.

7.1.2 Audio

Teachers and students could add sound files to the courses. Atos e-Learning will accept the

following audio file formats:

.mp3

.aac

.wma (Windows Media Audio)

.ra (Real Media)

7.1.3 Linking to a sound file online elsewhere

You can simply link to the relevant page by choosing Add a resource>URL [23] and pasting in

the relevant link given you by the site.




7.1.4 Embedding a sound file in its own player

The system includes a built-in mp3 player. If the relevant Multimedia plugins filter [14] is enabled

by the administrator and within the course, sound files embedded into the text editor will play

inline.

There is the possibility to embed sound file in any editable text area.

7.1.5 Video

One of the most powerful content is video which allows students e.g. to learn how to improve

their language skills by watching native speakers interact.

7.1.6 Linking to an external online video

You can simply link to the relevant page by choosing Add a resource>URL [23] and pasting in

the relevant link.

7.1.7 Uploading a video for students to download

Users can add video files to resources in a simple way, whence the other students can

download them to their own computers.

7.1.8 Embedding a video in its own player

Atos e-Learning has built-in video player called Flowplayer. If the multimedia plugins filter

[14] is enabled by the administrator, videos embedded into the text editor will play inline

in Flowplayer;

Anywhere that TinyMCE text editor is available; it is possible to embed a video;

MP4 files are not supported by the Flowplayer

7.1.9 Embedding audio and video

Audio and video may be embedded in a course in the following ways:

As a file resource [20];

As a URL resource [20];

In a lesson popup;

In any text area using text editor.

The media file link is then replaced with an appropriate multimedia player which can play the

resource.

7.1.10 Available players




YouTube (displays videos hosted on youtube)

Vimeo (displays videos hosted on vimeo)

.mp3 - MPEG Audio Stream, Layer III

.flv - Flash video

.f4v - Flash video

.swf - Macromedia Flash animation File (Adobe, Inc.) 1

.ogg - HTML 5 audio

.acc - HTML 5 audio

.mp3 - HTML 5 audio

.webm - HTML 5 video

.m4v - HTML 5 video

.ogv - HTML 5 video

7.1.11 Legacy media players

The following legacy media player formats are also available but not recommended for general

usage:

.mov - QuickTime player (requires QuickTime player or codec [9])

.mp4 - QuickTime player (requires QuickTime player or codec)

.m4a - QuickTime player (requires QuickTime player or codec)

.mpg - MPEG animation - QuickTime player (requires QuickTime player or codec)

.wmv - Windows media player (Microsoft)-not guaranteed to work in browsers other than

IE and non-Windows systems

.avi - Windows media player - not guaranteed to work in browsers other than IE and non-

Windows systems

7.2 Technologies

7.2.1 JavaScript

The official JavaScript (JS) library for Atos e-Learning is the Yahoo User Interface

(YUI) framework [16]. Although lesser known, it is an extremely capable, powerful, fast, and well-

documented library. System also includes a number of its own YUI modules to extend the core

YUI library and uses the TinyMCE HTML editor.

7.2.2 YUI-library

1 Only used in trusted texts as it has potential security issues




The Yahoo User Interface Library (YUI) is a free, open source JavaScript library created in 2005

an available under BSD license. YUI library is written in JavaScript and CSS including a set of

tools for event management and DOM manipulation, AJAX and DHTML techniques are also

widely used [25]. It has been regularly improved including enhancements such as jQuery. It

means make faster and easier the development process, which allows building richly interactive

web applications. Therefore Atos e-Learning services for enterprises leverages these features to

provide a worthy interface.

The environments that YUI Library targets include the most widely used browsers such as

Internet Explorer, Chrome, Firefox or Safari and even Android as operating system.

7.2.3 TinyMCE HTML Editor

TinyMCE is a platform independent web based Javascript HTML WYSIWYG editor control

released as Open Source under LGPL [21].

TinyMCE has the ability to convert HTML Text Area fields or other HTML elements to editor

instances.

7.2.4 PHP

PHP is a widely-used open source general-purpose scripting language that is especially suited

for web development and can be embedded into HTML [19]. It is the language in which Atos e-

Learning is developed. It is integrated with your web server. The web server detects php pages

(by their extension) and sends them to PHP for execution. PHP must be installed and configured

properly for Atos e-Learning to work effectively (or at all).




8 Atos e-Learning Platform Architecture

Atos e-Learning Platform follows a typical three-tier model architecture as Figure 7 depicts. In

which the user interface (UI), business logic included in PHP libraries and data storage and data

access through DB libraries and File libraries, are developed and maintained as independent

modules [5].

Figure 7: Atos e-Learning Platform 3 layer architecture.

It means that the Atos e-Learning platform is built as a modular system; it contains an

application core surrounded by several plugins to provide specific functionality, as Figure 8

shows.

http://en.wikipedia.org/wiki/User_interface

http://en.wikipedia.org/wiki/Business_logic_layer

http://en.wikipedia.org/wiki/Computer_data_storage

http://en.wikipedia.org/wiki/Data_access

http://en.wikipedia.org/wiki/Data_access

http://en.wikipedia.org/wiki/Modular_programming




Figure 8: Atos e-Learning Platform full architecture.

Atos e-Learning is designed to be highly extensible and customizable without modifying the core

libraries. When customization or extension of Atos e-Learning is required adding new plugins or

modifying already existing ones should be enough in order to upgrade Atos e-Learning platform.

In addition Atos e-Learning includes configuration files that facilitate the customization process.

In some cases removing standard plugins can be needed.

The interaction of these elements in Atos e-Learning architecture is explained next and depicted

in Figure 9 [8]:

1. A user makes the request through the web browser;

2. The web server receives the request and makes the PHP call to the appropriate module;

3. The PHP module calls the database;

4. Then, the PHP module returns a response based in the retrieved data;

5. Finally the web browser receives the information to be displayed to the user.




Figure 9: Atos e-Learning elements’ interaction.

8.1 Components

8.1.1 Atos e-Learning User Interface

Atos e-Learning user interface (UI) is designed and standardised with the aim to make it user-

friendly, improve the usability and create a highly interactive web application.

With these objectives the YUI library (see section 7.2.2) is included in the UI core. YUI includes

a few of core CSS resources.

View logic is kept apart from the business logic thanks to the existence of two layers. The visual

aspect of both Atos e-Learning platform and courses is controlled by the external layer created

by a specific kind of plugins called Theme. This kind of plugins changes the look and feel of both

courses and the site. Then a set of PHP classes retrieves the data and generates the HTML

code displayed to the user Figure 10.

Figure 10: Components of Atos e-Learning user interface.

8.1.2 Atos e-Learning Core

The Atos e-Learning Core contains all the key components that the plugins require to work with.

The basic infrastructure that Atos e-Learning provides includes [13]:

Courses and activities;

Course enrolment;




Users;

User functionality;

Additional capacities;

Logs and statistics;

8.1.2.1 Core APIs

The core libraries [7] provide the tools to carry out the features described above. There is a

group of general libraries used by almost all plugins:

Access API: determines what the log in user is allowed to do. Is an extendible library with

new capabilities;

Data manipulation API: in charge of read and write to DB in both consistent and secure

way;

File API: controls the storage of files (see section 8.1.4.2);

Form API: establish and manage user data through web forms;

Logging API: manages how to include information in log files and how to create reports;

Navigation API: modifies the navigation tree;

Page API: manages how the page elements will be displayed to the user adding

JavaScript;

Output API: provides the HTML for the page;

String API: manages the language text strings to be shown to the user;

Upgrade API: is in charge of how to installs and upgrades itself;

Moodlelib API; central library containing services for general purposes and general

constants.

Next group contains a selection of widely used libraries:

Admin settings API: provides the configuration options for each plugin;

Availability API: grants access to activities and courses;

Backup API/Restore API; they manage how to transform course data into XML for

backup objectives, and how to turn it back the other way, respectively.

Calendar API: manages events in the calendar;

Enrolment API: handles course students;

Media API: embeds multimedia items such as audio, video, and Flash;

Task API: allows task in the background. Either on a regular basis or once off.

There are a group of core APIs that supports the Activity modules which are the most important

type of plugin in the Atos e-Learning application:

Activity completion API: communicate to the system the completion of activities;

Advanced grading API: used for grading of assignments;

Groups API: manage groups and their activity;

http://docs.moodle.org/dev/Restore_API




Gradebook API: manages the gradebook and provides an interface for detailed grading

information;

Plagiarism API: checks files in order to avoid plagiarism through external services;

Question API: manages questions from a question bank.

8.1.2.2 Plugins

All APIs described in the previous section 8.1.2.1 are the basis to implement the different

plugins. Plugins are modules that provide specific functionality. There are about 20 different

kinds of plugins. Next the more relevant ones are explained.

Activity modules plugins: provide the principal activities in course, such as forums,

assignments, quizzes and so on;

Admin tools plugins: plugins created to be used for site administration.

Blocks plugins: add usuful tools and information to course pages;

Course formats plugins: determine and change the layout of course resources. Allows to

organise the content of the course;

Filters plugins: process and modifying texts. Changes formats, changes words, include

links to media resource into the site for showing the media, and so on;

Gradebook plugins: allow view and edit grades in different types of reports. Also export

and import grades data to external sites and from outside sources in distinct formats;

Messaging plugins: allow user to send and redirect messages to external places in

different formats (email, SMS, etc);

Plagiarism plugins: define and connect with external Plagiarism Prevention services;

Question plugins: import/export question definitions from/to the question bank, manage

different type of questions and monitor the user interaction with questions;

Quiz plugins: control the access of quizzes and show the report results in different

manner;

Repositories plugins: allows users to search and retrieve contents into a course from

external repositories;

Themes: set the look and feel of the course or site through the use of HTML and CSS.

Users plugins:

o Authentication plugins: allow connection to external sources of authentication,

see section 8.1.3;

o Enrolment: manage and customize how the people could enrol a course;

8.1.3 Authentication plugins

When a user tries to log in the authentication plugins control the process. Authentication plugins

allows connecting to external authentication systems such as STORK, Facebook or LinkedIn

among others. Atos e-Learning will use the FutureID platform for authentication purposes and

STORK as external identity provider. Authentication plugins are placed in the auth folder.




Figure 11: Authentication process for Atos e-Learning.

Figure 11 shows the process when the user clicks on the Login link and is explained next:

1. The default login page (/login/index.php) is displayed, or, if the Alternate Login URL

on the “Manage authentication” page has been set, that URL will be displayed:

a) The session parameters are checked;

b) The authentication FutureID plugin (auth_futureID) is loaded or redirect to an

alternative login URL.

2. If the user was already logged in and the session is valid the system grants access to the

requested resource;

3. If the session is not valid or absent, the user will be redirected to an alternative login

URL;

4. This URL is intercepted by the AF, an AIS component. The AF asks the user to choose

an authentication provider;

5. The user selects the authentication provider, FutureID in this case;

6. AF triggers the FutureID Authentication Request (FAR);

7. The FutureID Broker addresses the FAR to the right identity provider;

8. The external Identity Provider (STORK) will ask the user credentials;

9. The user provides his/her credentials to STORK;

10. STORK provides the credential assertion to the FutureID Broker;




11. The AIS receives the credential assertion and sets the session and attributes variables

through the SCT, another AIS component;

12. The handler code of the alternative login page runs:

a) Determines whether the authentication was successful by checking the session

and user attributes, if not, sends the user back to the login page with an error

message;

b) Redirects the user based on his/her original page request.

8.1.4 Storing data Interface

The data related to Atos e-Learning courses, users, roles, grades and so on is mainly stored in

database. There is other information that is stored in specific directories or files (Figure 12).

Figure 12: Components of Atos e-Learning storage interface.

8.1.4.1 Database

The whole Atos e-Learning database is the sum of tables belonging to each plugin and the core

tables. The total number of tables included in the database could reach about 300, depending on

the number of courses and the information needed.

Atos e-Learning platform uses a MySQL database where the data are stored and uses

phpMyAdmin open source software to manage it over the web.

The database structure is defined in install.xml files inside the DB folder in each plugin. The

install.xml files contain comments that should explain the purpose of each table and column.

In order to create, modify, delete tables and retrieve data from the database Atos e-Learning

Platform have tools and API’s for defining and modifying tables as well as methods for getting

data in and out of the database [15]:

http://docs.moodle.org/dev/DDL_functions

http://docs.moodle.org/dev/Data_manipulation_API

http://docs.moodle.org/dev/Data_manipulation_API




XMLDB is a powerful database abstraction layer, which allows work on MySQL or others

database such as Oracle or SQL Server. Contains the database definition in a XML

format (install.xml file). In this way creation, modification and deletion of database objects

is possible through DDL Library;

DDL Library: Data Definition Language Library that allows handle database objects, it

means create, modify, remove tables and fields and establish indexes and constraints.

SQL statements: All the statements needed to include, modify, select and delete

information from the database. These actions are carried out by the DML library;

DML Library: Data Manipulation Language Library contains all the methods in carge of

handling the records of the DB;

ADOdb Library: is a database abstraction library for PHP that receives requests from

both DDL and DML libraries and perform the required actions, returning the results to the

requesting library. This library supports a huge number of DB such as MySQL, Oracle,

DB2, Microsoft SQL Server,SQLite, Sybase among others. It means that a change in the

DB doesn’t mean multiple changes in the application code [6].

8.1.4.2 File API

The rest of the information is stored in a so-called Atos e-Learning Data Directory. All of those

data related to uploaded resources such as files, pictures, presentations or videos are stored in

that secured data directory which cannot be accessed by the public.

In order to get access to these files a link is stored in the database. Files are stored according

the SHA-1 hash value of their content.

The File API provides Atos e-Learning application, in connection to various plugins, several

capacities such as manage the storage of files and how to provide those files to the user.

8.2 Communications and flows

The AIS is aimed to be an integration component that enables service providers to be easily

plugged into the FutureID infrastructure. It verifies if the user is authenticated and if not it

redirects him to perform authentication. After authentication is performed it passes user

attributes to the service provider.

The AIS might be an independent component however it is recommended to run the AIS on the

same server as the service provider application. This approach minimizes the opportunity to

intercept the communication between the filter and the application. Messages are sent directly to

the receiver (the application) without additional intermediaries, preventing them from being read

or modified from external sources. This makes the integration process much more secure

causing less vulnerability.

Following this way of thinking the AIS will work as a filter that catches requests sent to the

application and perform some additional logic. In the current case the service provider is the

http://docs.moodle.org/dev/XMLDB_Documentation




application and the AIS is the Access Filter that intercepts requests send by the User Agent to

the Application and redirect the user to perform authentication.

The high level overview of the flow of communications is depicted on the picture below.

Figure 13: High level overview of the flow of communications.

The Figure 13 presents following steps:

1. The request to the Application is caught by the Access Filter. If there is no security

context for this User Agent or there is an old one, a new one has to be created.

2. The user is redirected to the Solver within the FutureID client or to the remote solver in a

case when there is no FutureID client. The Access Filter creates a FutureID Authenticate

Request (FAR) that contains information about required user attributes, application

service, authorized authentication methods, and preferred intermediary servers.

3-6 The Solver creates authentication plans and the user is redirected via the Broker to

appropriate Identity Provider to perform authentication and fetch required attributes.

7-8 After the authentication process is completed the Broker converts user attributes to appropriate data structures.

9. The user is redirected to the Application. 8. The Access Filter catches the request and validates the authentication permissions. After

successful verification the access to the application is granted and values of required

attributes are passed to the application.




9 Integration of Atos e-Learning into FutureID

Figure 14 depicts an overall view of Atos e-Learning Platform integration into FutureID

infrastructure.

Figure 14: Atos e-Learning integration into FutureID overview.

As defined in section 10.2 in [13], the FutureID AIS component is in charge of controlling

communication between the Atos e-Learning platform and the FutureID infrastructure. Atos e-

Learning Platform can be integrated with FutureID implementing an Apache specific AIS

implementation. The Apache specific AIS implementation is developed by a Web Application

server (Apache) module, based on auth_mellon and adapted to FutureID requirements. It will

contain the AF and SCT components. More detailed information about FutureID AIS

components can be found in deliverable [12].

Atos e-Learning platform will connect with the AIS, the connector between the application and

the Broker Service, through an Integration Interface. This integration component should be

developed in PHP as Atos e-Learning is.

9.1 Integration interface

The FutureID AIS is used by the Service Provider as an authentication front-end for its

application(s) A, as stated in section 6.1.1 from [12].

The building components of this FutureID AIS will be the AF, the SCT and both use the same SL

embedded in the application server.

The next two figures (Figure 15 and Figure 16) show the AIS components and the connections

with the other FutureID infrastructure components. On one hand Figure 15 depicts the




connections when the FC is present and Figure 16 depicts the situation when the FC element is

absent. In section 6.1.1 from [12] detailed information is already given. With the aim of FC

detection a JavaScript component is developed, an example of this component can be found in

Appendix from [12].

Figure 15: AIS connectors with FC available

Figure 16: AIS connectors without FC

The application has an interface to access session data as can be seen in Figure 17. This is the

mechanism used by the application to access identity attributes.




Figure 17: Integration Interface between A and AIS.

The attributes sent by the user to AIS are both the mandatory attributes and the optional

attributes selected by the user as Table 2 shows (for more details see section 6 from [13] and

section 7 from [11]).

Generic Attribute

AcademicTitle

FirstName

LastName

Street

StreetNumber

City

State

Country

ZipCode

Nationality

DateOfBirth

IDType

IDIssuer

IssuingState

IDValidUntil

eIdentifier

Age

AgeVerification

Table 2: Attributes of authentication request and response

Once the AIS receives an assertion from the BS, the attributes needed and the identifier are set

in a server variable as a session data. This information will be retrieved by the php interface

before granting access to the requested resource by the user.

9.2 Integration using Apache server modules

Currently, Apache is used by 60.5% of the websites as shown in the study made by W3Techs

[24] , thereby, a good number of Applications are using Apache. As a result, Apache specific AIS




implementation has a structure based on Apache modules and thus integrates a good number of

these Application Services such as Atos e-Learning services for enterprises.

9.2.1 Apache architecture - Modules

The open source Apache HTTP Server [4], commonly referred to as Apache, is a web server

application that supports a variety of features. Most of these features are implemented as

compiled modules which extend the core functionality, Figure 18.

Figure 18: Apache modular architecture

Apache supports many scripting languages such as PHP, Perl, Tcl, Python and supports J2EE

(using Tomcat [22]). It can be executed in several operating systems such as Unix, FreeBSD,

Linux, Solaris, Novell NetWare, OS X, Microsoft Windows. Apache allows Virtual hosting, that is,

with one Apache installation many different websites can be served many different websites.

Apache is easy to configure. The configuration is based on configuration files (httpd.conf,

access.conf, .htaccess, .htpasswd.

Apache architecture is based on modules; Figure 19 below shows the schema of Apache

layered architecture. The Apache modular structure is the following:

Basic module: Core. This module provides the basic functionality such as request allocating or connection management;

The Apache modules.

They are the added extensions to the server which handle a lot of the other types of processing the server must achieve such as doing user Authentication. The modules can be separate out in two groups:




o Multi-processing modules These modules accept requests that arrive through the ports and direct the requests to the responsible submodules. The modules are: mpm_common, perchild, prefork;

o Additional modules - mod_access: acces control - mod_alias: URLs redirection - mod_rewrite – URLs rewritting (converts dynamic pages such as php into

static html web pages) - mod_auth_ldap – User authentication using LDAP server - mod_perl – Dynamic pages in Perl - mod_php – Dynamic pages in PHP - mod_python – Dynamic pages in Python - mod_ruby – Dynamic pages in Ruby - mod_ssl – Secure communications via TLS

The specific modules that are going to be included are defined in the server configuration

(httpd.conf file) using directive LoadModule.

The apache server architecture was designed to be highly customizable for programmers to

modify it for their needs. The configuration files permits to customize Apache using the needed

modules of the apache server. New modules can be created using Apache API modules.

Modules can be recognized from configuration files and will be called when the commands are

found through the proper procedure [2].

Figure 19: Apache layering architecture

9.2.2 Integration Atos e-Learning services for enterprises – FutureID

Based on the Apache modules architecture, the integration of applications such as Atos e-

Learning services for enterprises with FutureID can be performed. For this end, it has been used




the mod_auth_futureID which belongs to the AIS component. It will be created to provide the

authentication using SAML, and FutureID Authentication Request (FAR) protocol.

The Figure 20 shows the architecture integration for FutureID using Apache mod_auth_futureID.

Figure 20: FutureID integration using Apache modules

9.2.3 Description of the components

The components of the architecture integration depicted in Figure 20 are the following:

Apache mod_auth_futureID is the authentication module for apache (additional module)

that will be developed for the integration. This component will authenticate the user

against a SAML 2.0 IdP, and will grant access to directories depending on attributes

received from the IdP [1]. It communicates with the identity provider, which is FutureID.

This component would contain the conceptual modules of AIS called:

o Simple Credential Transformer (SCT). SCT is a SAML assertion consumer;

o Authentication Filter (AF). AF is an access filter.




The mod_auth_futureID module will generate environment variables with the session

information needed by Atos e-Learning application (and only accessible by Atos e-

Learning application).

The mod_auth_futureID functionalities are the following (according to [12]):

1. Access filter. It intercepts the request made by the UA to an Application from a SP.

This functionality is performed by AF component within AIS.

2. Creation of FutureID requests. This functionality is performed by AF component

within AIS and its goal is to prepare the authentication requests (FAR) for sending

them to the Solver (within S&E)

3. Response validation. This functionality is performed by SCT component within AIS

4. User Session creation. This functionality is performed by SCT component within

AIS

Five services will be created within the mod_auth_futureID to address these

functionalities.

Apache subprocess environment: this component will process the specific request for the

applications (e.g. Atos e-Learning services for enterprises). These sub processes can be

performed with PHP.

OpenSAML library. This library (3rd party library) is a set of open source C++ & Java

libraries meant to support developers working with the Security Assertion Markup

Language (SAML). It will be used by mod_auth_futureID to send SAML requests and

receive SAML assertions. OpenSAML is licensed under the Apache License [18].

Open SSL library (3rd party library). Libssl (Secure Sockets Layer toolkit) package is part

of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for

secure communication over the Internet. The OpenSSL toolkit is licensed under an

Apache-style licence, it stays under a dual license, i.e. both the conditions of the

OpenSSL License and the original SSLeay license apply to the toolkit [17].

CoT Mgmt: Circle of Trust management this component will define the circle of trust,

which in this case is FutureID.

Session Mgmt: Session management. This component will establish the session and will

be managed internally.

Backend Abstraction: it indicates the backends that will support the functionality, in this

case is a file system. The configuration files will contain variables which will store the

configuration.

The mentioned libraries OpenSSL and OpenSAML must be installed to carry out the

development of mod_auth_futureID.

9.2.4 Messages flow

1. The user request access to Atos e-Learning services for Enterprises and contacts with

apache mod_auth_futureID;

http://www.apache.org/licenses/LICENSE-2.0.html

http://www.openssl.org/source/license.html




2. The AF intercepts the request (acting as an access filter) and checks if the session

exists, in this case the session doesn’t exist, so the user must authenticate, and the AF

generates the SAML authentication request that is sent to FutureID BS. FutureID acts as

Identity Provider. FutureID in turn, ask for the user authentication to STORK;

3. The SAML assertion is received by SCT, the assertion contains the attributes. SCT

creates the session;

4. The user is authorized;

5. The attributes are delivered to Atos e-Learning services for enterprises via mod_php and

the user now can access to Atos e-Learning services for enterprises;

6. Once the user is authenticated, every time he wishes to access to any service of Atos e-

Learning Services for Enterprises, the AF will detect that the session exists and will give

access to the user.

Figure 21 depicts the connexion between the components belonging to AIS and the Atos e-

Learning application.

The AF and SCT components included in the mod_auth_futureID element will use a common

Session Library (SL) that will cover the session management ([10] and [12]).

The mod_php component will be in charge of providing the attributes, coming from the SCT, to

the Atos e-Learning application.

Figure 21: Connection between the Apache specific AIS implementation components and Atos e-Learning (A)

9.2.5 Apache server configuration

In addition to perform the development of mod_auth_futureID and install the needed libraries

OpenSSL (libssl) and OpenSAML, the Apache Server Configuration must be accomplished.

Once the mod_auth_futureID has been developed, it must be loaded using Apache Server

configuration.




The created module will be compiled as DSO (Dynamic Shared Object) and added using the

Apache Extension Tool (apxs) [3].

The configuration steps that should be carried out are the following:

1. Build and install a distributed Apache module mod_auth_futureID.c, into its own

DSO mod_auth_futureID.so:

$ ./configure --prefix=/path/to/install --enable-auth_futureID=shared

$ make install

2. Build and install a third-party Apache module, mod_auth_futureID.c into its own

mod_auth_futureID.so:

$ ./configure --add-

module=module_type:/path/to/3rdparty/mod_auth_futureID.c \

--enable- auth_futureID =shared

$ make install

3. Configure Apache for later installation of shared modules:

$ ./configure --enable-so

$ make install

4. Build and install a third-party Apache module, mod_auth_futureID.c, into its own DSO

mod_auth_futureID.so outside of the Apache source tree using apxs:

$ cd /path/to/3rdparty

$ apxs -c mod_auth_futureID.c

$ apxs -i -a -n foo mod_auth_futureID.la

To activate the module in Apache it will be used the LoadModule directive in httpd.conf in

conf/ directory under the server root.

LoadModule auth_futureID_module mod_auth_futureID.so

This directive loads the Apache module mod_auth_futureID.so adding this module to

Apache’s internal list of known modules. Auth_futureID_module is the name of the external

variable of type “module” in the module’s source code.

The file httpd.conf is processed once on the server’s start-up and on restarting.

http://httpd.apache.org/docs/2.2/programs/apxs.html

http://httpd.apache.org/docs/2.2/mod/mod_so.html#loadmodule




10 Conclusion

The main objective of this deliverable D52.2 is to establish the technical specifications of Apache

specific AIS implementation and the Atos e-Learning integration interface with FutureID

infrastructure.

It has been mentioned that two types of AIS can exist as D21.4 shows, the first type of AIS

(FutureID AIS) will be implemented by the project. Inside the FutureID AIS two specific

implementations will be developed, Apache specific AIS implementation and JBoss specific AIS

implementation. This document establishes the technical specifications for Apache specific AIS

implementation. JBoss specific AIS implementation specifications have been described in D44.3

[12].

In order to avoid redundant information related to the AIS components section 6 is focused on

how the Service Provider (Atos e-Learning) and the Identity Provider (STORK) interact with the

FutureID infrastructure through the Apache specific AIS implementation. Also, mandatory and

optional attributes needed by the SP and provided by the IdP during the authentication process,

are established in this section.

Section 7 describes the types of content that Atos e-Learning Platform uses and the

technologies involved.

How the components of Atos e-Learning platform interact with the components of Apache

specific AIS implementation during the authentication process is described in section 8.

Finally section 9 shows a detailed description of the integration components and establishes the

flow of messages between the different components.

Therefore both sections 8 and 9 provide enough information to be taken into account when the

development of Apache specific AIS implementation and the integration of Atos e-Learning into

FutureID infrastructure take place. In this way Deliverable 52.2 eases the developing of the

Apache specific AIS implementation components and how to interact with the services providers

and the identity providers.

Technical Specification including Description of IdP / SP...

Documents

Transcript of Technical Specification including Description of IdP / SP...