Access & Identity Management
Eduserv Background Image Go to main textinnovative technology services
Home
Athens
Chest
Web Solutions
Foundation
You are in :    Eduserv > Athens > Content providers > Athens overview
Log on to

In this section

Athens overview

How does it work?

Accounts within the system are managed in a hierarchical structure. Each site (university, college, hospital etc) nominates a 'domain administrator' who will manage user accounts for everyone at their site (either through the Athens web site, or by uploading account information in the form of encrypted text files over email). The domain administrator can also create 'sub-administrators' to devolve some of the responsibility to others. Each site is given access to a list of 'resources' (protected services provided by service providers), and the administrators give user accounts access to these resources.

How does a user log in?

When the user tries to view a page on the DSP site that requires a login, the DSP sends the user to the Athens Authentication Point (AAP). The AAP is managed by Athens, and provides a central login form for the user to enter their Athens credentials. However, the DSP still has full control over the look of this form, and is free to add their own customised look and branding, so that it integrates with their own site. The user enters their username and password at the AAP, and are sent back to the DSP. The DSP then decides if the user has the correct permissions to access their site, using the Athens Agent Software to communicate with the central Athens servers, and (if desired) their own local methods.

Architecture

The Athens Access Management System comprises several major components, the majority of these are operated by Athens (division of Eduserv), whilst an Agent must be operated by each participating DSP. The components maintained by Athens include the servers which process (i) user authentication requests and (ii) collection of statistics for the usage of DSP resources. These components are shown in Figure 1. All authorised Agents connect to these servers via the network to request an authentication or to log usage. Communication across the network is performed using TCP/IP and the data transferred is encrypted. Athens also maintain and run the Authentication Point, although the DSP has full control over how this is presented to the user, and can add their own customised branding and text, so that it integrates into their own site. The AAP uses high availability, load-balancing technology to ensure the highest possible levels of availability.

Figure 1

What technology does Athens offer?

The Authentication Point is a fully managed, highly available service. There are multiple APs situated around the country, and load-balancing technology is used to make sure that users are distributed between the APs in an efficient manner. If one AP is unavailable, then the other APs automatically detect this and users are only directed to those that are available.

The Athens Agent software is available in two main forms - the web server plugin and as a programing API. The programming API allows the DSP to closely integrate the authentication process into the their service, providing the flexibility needed to allow them to authenticate using Athens in a legacy environment. The web server plugins provide all of the functionality needed to supply Athens authentication to most services with no programming knowledge required.


 
About us | Contact us | Site map
© Copyright Eduserv - All rights reserved | Terms and Conditions | Privacy policy