<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<title>OpenACS 4 Security Requirements</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.45">
<link rel="home" href="index.html" title="OpenACS Documentation">
<link rel="up" href="kernel-doc.html" title="Chapter 7. Kernel Documentation">
<link rel="previous" href="apm-design.html" title="OpenACS 4 Package Manager Design">
<link rel="next" href="security-design.html" title="OpenACS 4 Security Design">
<link rel="stylesheet" href="openacs.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<a href="http://openacs.org"><img src="images/alex.jpg" border="0"></a><table width="100%" summary="Navigation header" border="0"><tr>
<td width="20%" align="left">
<a accesskey="p" href="apm-design.html">Prev</a>�</td>
<th width="60%" align="center">Chapter 7. Kernel Documentation</th>
<td width="20%" align="right">�<a accesskey="n" href="security-design.html">Next</a>
</td>
</tr></table>
<hr>
</div>
<div class="sect1">
<div class="titlepage"><div><h2 class="title" style="clear: both">
<a name="security-requirements"></a>OpenACS 4 Security Requirements</h2></div></div>
<div class="authorblurb"><p>
by <a href="mailto:richardl@arsdigita.com" target="_top">Richard Li</a> 
</p></div>
<div class="sect2">
<div class="titlepage"><div><h3 class="title">
<a name="security-requirements-intro"></a>Introduction</h3></div></div>
<p>
This document lists the requirements for the security system for the OpenACS. 
</p>
</div>
<div class="sect2">
<div class="titlepage"><div><h3 class="title">
<a name="security-requirements-vision"></a>Vision Statement</h3></div></div>
<p>
Virtually all web sites support personalized content based on user identity.
The level of personalization may be as simple as displaying the name of the
user on certain pages or can be as sophisticated as dynamically recommending
sections of site that the user may be interested in based on prior browsing
history. In any case, the user's identity must be validated and made
available to the rest of the system. In addition, sites such as ecommerce
vendors require that the user identity be securely validated. 
</p>
</div>
<div class="sect2">
<div class="titlepage"><div><h3 class="title">
<a name="security-requirements-system-overview"></a>Security System Overview</h3></div></div>
<p>
The security system consists of a number of subsystems. 
</p>
<p><span class="strong"><i>Signed Cookies</i></span></p>
<p>
Cookies play a key role in storing user information. However, since they are
stored in plaintext on a user's system, the validity of cookies is an
important issue in trusting cookie information. Thus, we want to be able to
validate a cookie, but we also want to validate the cookie without a database
hit. 
</p>
<div class="itemizedlist"><ul>
<li><p>
<span class="strong"><i>10.0 Guaranteed Tamper Detection</i></span> Any tampering of cookie
data should be easily detectable by the web server.</p></li>
<li><p>
<span class="strong"><i>10.1 Performance and Scalability</i></span> Validation and
verification of the cookie should be easily scalable and should not require a
database query on every hit.</p></li>
</ul></div>
<p><span class="strong"><i>Session Properties</i></span></p>
<p>
Applications should be able to store session-level properties in a database
table. 
</p>
<div class="itemizedlist"><ul>
<li><p>
<span class="strong"><i>11.0 Storage API</i></span> Session-level data should be accessible
via an API.</p></li>
<li><p>
<span class="strong"><i>11.1 Purge Mechanism</i></span> An efficient pruning mechanism
should be used to prevent old session level properties from filling up the
table.</p></li>
</ul></div>
<p><span class="strong"><i>Login</i></span></p>
<p>
The security system should support the concept of persistent user logins.
This persistence takes several forms. 
</p>
<div class="itemizedlist"><ul>
<li><p>
<span class="strong"><i>12.0 Permanent Login</i></span> Users should be able to maintain a
permanent user login so that they never need to type their password.</p></li>
<li><p>
<span class="strong"><i>12.1 Session Login</i></span> The security system should support
the concept of a session, with authentication tokens that become invalid
after a certain period of time.</p></li>
<li><p>
<span class="strong"><i>12.2 Session Definition</i></span> A session is a sequence of
clicks by one user from one browser in which no two clicks are separated by
more than some constant (the session timeout).</p></li>
<li><p>
<span class="strong"><i>12.3 Stateless</i></span> The security system should not require
state that is stored in the server. Required state may reside only in the
user request (including cookies), and in the database. A single user should
be able to log in to the system even if the user is sent to a different
AOLserver for each step of the login process (e.g., by a load balancer).</p></li>
<li><p>
<span class="strong"><i>12.4 Secure</i></span> The security system should not store
passwords in clear text in the database.</p></li>
</ul></div>
<div class="itemizedlist"><ul><li><p>
<span class="strong"><i>13.0 SSL Hardware</i></span> The system must work when the SSL
processing occurs outside of the web server (in specialized hardware, in a
firewall, etc.).</p></li></ul></div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="apm-design.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td>
<td width="40%" align="right">�<a accesskey="n" href="security-design.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left">OpenACS 4 Package Manager Design�</td>
<td width="20%" align="center"><a accesskey="u" href="kernel-doc.html">Up</a></td>
<td width="40%" align="right">�OpenACS 4 Security Design</td>
</tr>
</table>
<hr>
<address><a href="mailto:rmello@cc.usu.edu">
			rmello@cc.usu.edu
		  </a></address>
<address><a href="mailto:vinod@kurup.com">
			vinod@kurup.com
		  </a></address>
</div>
</body>
</html>