| Paper |
Title |
Page |
| MOPA02 |
LHC@FNAL – A New Remote Operations Center at Fermilab
|
23 |
| |
- W. F. Badgett, K. B. Biery, E. G. Gottschalk, S. R. Gysin, M. O. Kaletka, M. J. Lamm, K. M. Maeshima, P. M. McBride, E. S. McCrory, J. F. Patrick, A. J. Slaughter, A. L. Stone, A. V. Tollestrup, E. R. Harms
Fermilab, Batavia, Illinois
- Hadley, Nicholas J. Hadley, S. K. Kunori
UMD, College Park, Maryland
- M. Lamont
CERN, Geneva
|
|
| |
Commissioning the LHC accelerator and experiments will be a vital part of the worldwide high-energy physics program beginning in 2007. A remote operations center, LHC@FNAL, has been built at Fermilab to make it easier for accelerator scientists and experimentalists working in North America to help commission and participate in operations of the LHC and experiments. We report on the evolution of this center from concept through construction and early use. We also present details of its controls system, management, and expected future use.
|
|
|
Slides
|
|
| TPPA04 |
Role-Based Access Control for the Accelerator Control System at CERN
|
90 |
| |
- P. Charrue, P. Gajewski, V. Kain, K. Kostro, G. Kruk, S. T. Page, M. P. Peryt
CERN, Geneva
- A. D. Petrov, S. R. Gysin
Fermilab, Batavia, Illinois
|
|
| |
Given the significant dangers of LHC operations, access control to the accelerator controls system is required. This paper describes the requirements, design, and implementation of Role-Based Access Control (RBAC) for the LHC and injectors controls systems. It is an overview of the two main components of RBAC: authentication and authorization, and the tools needed to manage access control data. We begin by stating the main requirements of RBAC and then describe the architecture and its implementation. RBAC is developed by LAFS a collaboration between CERN and Fermilab.
|
|
| TPPA12 |
User Authentication for Role-Based Access Control
|
111 |
| |
- S. R. Gysin, C. L. Schumann, A. D. Petrov
Fermilab, Batavia, Illinois
|
|
| |
User authentication is part of the Role-Based Access Control (RBAC) project for accelerator controls at CERN. It was designed by a collaboration between CERN and Fermilab. Its function is to create, distribute, and manage digital credentials for the users. We had to consider many constraints dictated by existing security policies, complexity of the control system, and diversity of the used software. This paper describes the general design and implementations of the authentication mechanism in Java and C++. We also give an overview of its major features, such as Single Sign-On, credential renewal, and Role Picker.
|
|
| WPPB08 |
Role-Based Authorization in Equipment Access at CERN
|
415 |
| |
- P. Gajewski, K. Kostro
CERN, Geneva
- S. R. Gysin
Fermilab, Batavia, Illinois
|
|
| |
Given the significant dangers of LHC operations, Role-Based Access Control (RBAC) is designed to protect from accidental and unauthorized access to the LHC and injector equipment. Role-Based Authorization is part of this approach. It has been implemented in the Controls Middleware (CMW) infrastructure so that access to equipment can be restricted according to Access Rules defined jointly by the equipment and operation groups. This paper describes the authorization mechanism, the definition and management of Access Rules and the implementation of this mechanism within the CMW.
|
|