| |
User authentication is part of the Role-Based Access Control (RBAC) project for accelerator controls at CERN. It was designed by a collaboration between CERN and Fermilab. Its function is to create, distribute, and manage digital credentials for the users. We had to consider many constraints dictated by existing security policies, complexity of the control system, and diversity of the used software. This paper describes the general design and implementations of the authentication mechanism in Java and C++. We also give an overview of its major features, such as Single Sign-On, credential renewal, and Role Picker.
|
|