GS
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
Corporate Data for CERN Drupal Sites
Introduction to Planned AIS Drupal ModulesENTICE Meeting, 25.05.2011
Jan Janke (GS/AIS)
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
2
AIS Module Plans
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
EDH
OHR/Foundation
Roles
CET/Qualiac
SMT, APT, …
CERN Drupal Sites
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
3
Official Interface to AIS Data
AIS controlled interface Direct access to corporate CERN data
Public & protected data Data gradually made available upon request
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
4
Challenge
A CERN Drupal side cannot be trusted Currently full WebDAV access to PHP code for site admins
Secure communication between Drupal and AIS We need to be sure that
A user requesting data really is who he/she claims to be Data can be securely cached
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
We actively work with IT-OIS Infrastructure Team to find solutions.
Data will only be made available if a reliable identification of the end user is possible!
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
5
Architecture
Backend server Frontend API Customer modules
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
Corporate Data
Dat
a Se
rver
AIS
Dat
a AP
I
Organigram Module
Contact Data Module
…
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
6
Architecture: Backend Server
Processes requests Verifies if requestor is authorised Accesses database and returns data
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
Corporate Data
Dat
a Se
rver
AIS
Dat
a AP
I
Organigram Module
Contact Data Module
…
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
7
Architecture: Frontend API
Communicates with AIS Backend Provides API for client modules
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
Corporate Data
Dat
a Se
rver
AIS
Dat
a AP
I
Organigram Module
Contact Data Module
…
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
8
Architecture: Customer Modules
Access data via frontend API No direct access to AIS server AIS provides reference implementation
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
Corporate Data
Dat
a Se
rver
AIS
Dat
a AP
I
Organigram Module
Contact Data Module
…
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
9
Data Examples
Start with publicly available data Contact details (same data as provided by CERN Phonebook) Organisational structure data (organigram) Roles data
Tell me who is the Group Leader of group XYZ?
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
10
Security
Support only official IT provided Drupal infrastructure Communication only via AIS Drupal frontend API Reliable identification of end users One time registration required for every site
To obtain a site specific key All requests are validated using a signature (HMAC)
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
11
Timescale
1. Deal with security concerns (in progress)2. Development start constrained by 13. Build AIS reference implementation module
Comprises Backend server AIS Frontend API module for Drupal Drupal modules to access organigram and contact data
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
CERN GS DepartmentCH-1211 Genève 23
Switzerlandwww.cern.ch/gs-
dep
12
Next Goals
Make first version of AIS Drupal modules available Monitor their use React to user specific requests
If AIS offering is accepted Provide access to more data upon request Allow module developers to access frontend API directly
AIS provides the data, the web developer lays it out! Currently no plans to provide specific modules other than the
reference implementation (which will be maintained).
"Corporate Data for CERN Drupal Sites" by Jan Janke (GS-AIS-GDI)
Top Related