1 Introduction
In the presented thesis, we perform research
in the areas of resource access management in the Internet, distributed
architectures for laboratory-based e learning and didactics for e-learning
laboratories. We propose a novel architecture for resource access management;
two novel distributed e-learning architectures and a didactical framework.
The Internet has opened new possibilities in
many areas of our daily life. Among others, educational institutions are
involved in these changes. Educational institutions own learning resources,
which they have made available in a traditional way but now, also have to be
made available on the Internet. When we use the term traditional learning
throughout this document, we refer to course resources as for example lectures
or hands-on trainings held in universities. Hence, the Internet has opened new
ways for providing these resources to the student community. The word resource
in this context is a generic term, which stands for any kind of courses,
lectures, seminars, or trainings.
During this process, a new term has been
established: electronic-learning or in brief, e-learning. E-learning is the
generic term for imparting any kind of learning resources by the Internet and a
new form of distance learning. We use the term e-learning resources throughout
this document for all resources users can access with web browsers.
There are two entities interacting in
e-learning scenarios: The first entity consists of resource providers and
tutors in elementary, secondary and high schools, colleges, and universities as
well as in commercial educational institutes. The second entity consists of the
students, which belong to the mentioned educational institutes. Some students
use the resources as a part of their compulsory curriculum; others desire
further education in the process of life long learning, some to achieve a
higher grade or to improve their knowledge. Other students are handicapped
persons who cannot easily travel around and persons from developing countries
with a poor educational infrastructure.
For e-learning users the underlying infrastructure,
such as course platforms, reservation systems, authentication systems,
databases and more, grouped together in e-learning architectures, should remain
almost invisible. Users only get into contact with web interfaces for using
these systems. Well-designed e-learning resources offer user-friendly access
management to all elements of the architecture. These e-learning resources
should provide the necessary access credentials in a user-friendly way. For resource
operators, well working interactions between the elements of an e-learning
architecture are of fundamental nature. The diversity of the theoretically
available protocols and applications in the Internet, usable for an e-learning
architecture, raises questions related to the desired interoperability and
user-friendliness, which scientists must further investigate.
The production and maintenance of e-learning
resources is expensive and it is thus necessary to restrict access to a limited
set of subscribed students. In addition to restricting access to the resources,
there is also a demand for adding supplementary features. Many traditional
resource providers who start activities in e-learning first try to make their existing
study materials available on the Internet in a one to one transformation
process, instead of applying a didactical framework designed for e-learning
resources. They put the content of existing books or scripts on web pages without
minimal enhancements or adaptations. This procedure does not use the didactical
possibilities of e-learning and the potential for improving the teaching
quality. However, it is possible to achieve good results with the application
of a didactical framework, which specifies the course structure and the
didactical methods.
Chapter 1.2 introduces into the basics of e-learning architectures
and resource access management, necessary for the understanding of the
investigated problems and approaches. Chapter 1.3 introduces into the basics of didactics in e-learning
courses, considered necessary for the later discussion and understanding of the
investigated problems and approaches. Chapter 1.4 presents the encountered problems together with our
contributions performed in this thesis. Chapter 1.5 gives a brief outline of the thesis.
When considering a traditional learning resource, for example a
textbook, we discover that there are many elements necessary before a student
starts learning with the book. An author has to write the text, a printer to
make the book, a bookshop to sell the book and a tutor to recommend the book
for a lecture. Similar actors, such as the author and an illustrator but also
much more technical elements are necessary for the production of an e-learning
resource, which consists of a minimal technical infrastructure. We can split up
this infrastructure into three parts:
Systems for resource
providing
Resource providers host their resources on web servers,
connected to the Internet. Depending on the resource, the web servers feature different
types of services, such as for providing dynamic Hypertext Markup Language
(HTML) pages [Bv45 and BC95]. The World Wide Web Consortium (W3C) HTML specification
defines the representation format for pages with textual information and
Systems for data transport
In e-learning, the Internet is typically the part of the
infrastructure, which transports the resource data between resources and
students and between the elements of a resource. In the strict sense, each
computer or device connected to the Internet makes part of it, also the
equipment for resource providing and studying. In this context, we refer to the
wires, routers [Pr00] and devices between the resource servers and the students,
which transport the data. Routers are devices in packet switched networks [Gp80]
such as the Internet, which forward data packets to the next hop towards its
destination. Internet Service Providers (ISP) supply this part of the
infrastructure. Internet service providers are organizations, which sell data
transport capacity and Internet services to their customers.
Systems for students and
tutors
Students and tutors who use e-learning resources for their
study purposes and teaching must have access to a computer with Internet
connectivity. Depending on the services offered by the resource provider, the
computer must be equipped with applications that allow benefiting from these
services. Students have to make sure that their Internet access has enough data
transport capacity to be able to use the offered services.
Architectures for Internet-based resources describe the design
and the functionalities of the future implementations. Consequently, an
e-learning architecture is an architecture, which describes the design and the
functionalities of all the necessary elements for the operation of an e-learning
resource. In other words, e-learning architectures define the data exchange
between users, comprising students, tutors and administrators and the elements
responsible for the operation of the course system, comprising content servers
and course management system.
Figure
1‑1 shows frequently used elements of e-learning
architectures whereas Table
1‑1 discusses them. Required elements are clients, which
connect via the Internet to the resource elements. Clients contact servers in
the technical meaning and utilize services in the technical and commercial
meaning. Such clients can be users such as students, tutors, and
administrators. The resource management system is another required element in
the case of resources with controlled user access. It manages the user accounts
for students, tutors and the resource access issues as well as the resource
content servers, which provide web pages, audio streams, video streams, and
communication services to the students.
One resource content server is at least required in any
e-learning architecture and further resource content servers are optional. More
than one resource content server is useful for load balancing, for example by
geographically distributing the servers around the globe or for forming an
e-learning grid, enabling a variety of resource providers to operate their
respective servers at their home locations. A single resource provider, which
joins such an e-learning grid contributes the own learning content to the
community and gets access to the content of the grid partners. This restricts the
maintenance and update processes to the own resources. An optional element in
an e-learning architecture is a resource reservation system. A resource
reservation system is only necessary if certain resources do not exist in
sufficient quantities for all the resource students who would like to access
the respective resource at the same time.
|
Element |
Function |
Presence |
|
Resource |
User accounts are stored on resource management systems.
Resource management systems control user access to connected content servers
and reservation systems. The resource management system performs accounting
for the user interactions with the single elements of the architecture. Some resources use applications with a limited user access
capacity. In such cases, the resource management system must contain a
reservation system. Students have to pre-register (book) their sessions with
the reservation system. |
Required, |
|
Students, tutors, administrators |
Tutors and students access the resource management system and
other elements that make part of the resource. |
Required |
|
Resource |
Learning content is stored on resource content servers. At
least one resource content server is required in an e-learning architecture.
The server can be a part of the resource management system, and then it is a
course platform. Distributed resource content servers can provide their
content via a resource management system and form one distributed resource. |
One |
Table 1‑1: E-learning architecture elements.
Figure 1‑1: E-learning architecture elements.
An administrator or tutor
registers the students with the resource management system. The resource
management system registers those students automatically with the optional
resource reservation system and with the resource content servers. Each element
of the architecture interacts with the other corresponding elements. Clients,
in the meaning of the client/server principle [Cb96 and SRC84] connect to the
resource management system, to the resource content servers and to the
reservation system. The resource management system interacts with the resource
content servers and with the reservation system. Resource content servers, which
provide limited software or hardware resources, interact with the reservation system.
Students can access resources, which provide limited hardware and software
resources only upon anterior reservation.
After the introduction of
the general aspects of e-learning architectures, we introduce centralized and
distributed content providing architectures, respectively. Many Internet services,
used to provide information to users, are physically located on servers in one
central location. This is a historical consequence: at the beginning of the computer
era, there was one server room per organization and it was not possible to
operate servers at other locations. These are centralized architectures. Architectures,
integrating servers distributed over multiple locations are distributed
architectures. Such distributed architectures, for example in the case of an
e-learning architecture, make use of distributed content providing servers, of
the resource management system to integrate resource content from the different
servers and provide it under one identity to the students. However, the resource
management system has to manage the student access for all resource content
partners. The resource management system can integrate distributed student registration
and access procedures for the connected resource partners, for example performed
with their respective administrations. In the distributed architecture, the
resource management system and one resource content server are in location X
with a second content server in place Y, a third in place Z, whereas in the
centralized architecture all servers are in place X. The students, tutors, and
administrators can be everywhere where they have Internet connectivity.
Didactics is the science of guided education comprising several areas, ranging from general principles and frameworks of educating to special methods for different learning tasks [Gh96]. The didactical framework decides on how successful students finish the course. Most tutors are well educated for teaching in traditional classrooms but not for teaching with e-learning resources. The new teaching environment internationalizes the audience, which bears reasons for conflicts in cultural and social belongings.
There are many details in the design of a resource that can lead to a complete misunderstanding by the students [Ss99], for example, colors can have differing meanings from culture to culture. The design of a resource must also respect the fact that different individuals use different ways for studying [PKR00 and PKRO98]. Additionally, one should consider learning differences caused by religious, ethnic, cultural and gender diversity of students, which influence the process of collaborative activity within groups [CGLO02]. Thus, authors have to design their resources for their future audience.
An advantage in e-learning is the possibility to include instantly available optional and supplementary study material or to add pointers to such material. By these means, students who do not fit the minimal knowledge requirements for the respective resource can work through the resource all the same.
Learning without face-to-face contact is not new to humanity.
Only the trend has changed towards non-face-to-face learning due to new
learning technologies such as found in e-learning. Learning without
face-to-face contact started with distance learning where study material consists
of books, audio and video tapes, as well as radio and television broadcasts. At
the beginning of the personal computer’s era in the 80s, study material
was distributed on floppy disks. Floppy disks and compact disks are only helpful
for persons who have access to a computer. Compact disks are powerful media for
the transport of study material, unlike floppy disks with their limited storage
capacity. Both types of disks permit resource designers to integrate a
previously scripted interactivity into the resource content. Scripted
interactivity means that the designer foresees several possible ways through a
course, for example presenting different texts after a yes/no question. Such static
study material looks always identical, whereas dynamic material is prepared and
presented upon students previous interactions. One negative aspect of the
above-mentioned methods is lack of direct interactivity between students and tutors.
Students read, listen or watch the study material but cannot influence the
course of the activity. In some resources, students can send back exercise
solutions or essays by mail or sometimes get support by telephone.
The possibility for significantly improving interactivity
started when personal computers became widespread. Students could access
additional information provided on compact disks, where it was possible to
include video and audio sequences, image galleries, and abundant secondary
literature. However, only e-learning was a real revolution to distance
learning. With the establishment of the Internet, students could connect
directly to resources; work on real interactive and dynamic resource content as
well as getting into contact with other e-learning students.
E-learning resource designers must implement didactical
workarounds to get closer to the social environment of a traditional classroom.
A traditional classroom is the typical classroom found in schools. It is a
place where much more happens than just learning. Social contacts between
students as well as between students and teachers are established. Many
activities take place in breaks or other meetings initiated in the classroom. In
a classroom, individuals do not only study, moreover they learn how to act in a
social group. A virtual classroom is the name for a classroom found in
e-learning resources. Not all existing e-learning resources are at the same
time virtual classrooms. Virtual class rooms are e-learning resources enriched
with features, which try to offer the same communication and learning methods
found in traditional class rooms but adapted to e-learning. Additionally,
resource designers try to include new technical and didactical methods offered
by the Internet only. In virtual classrooms, social interactions found in
regular classrooms merely take place because most interactions happen between
students and resource servers. Usually, students visiting e-learning resources
sit alone in front of a computer screen.
E-learning resources are still not as comfortable for studying
as traditional courses. In e-learning resources, it is generally not possible
to use text markers or to take notes and write them directly into the text. New
methods have to substitute these traditional ones. In traditional learning, it
is possible to do the homework almost everywhere, even taking a script and read
through while sitting in a hot bath. The course material can be stored, together
with all the personal notes and the exams. The day it is needed again, maybe
ten years later; it is instantly and fully available. Traditional studying has
many advantages and one of the most important is that we are used to it.
Nevertheless, there exist not only disadvantages in e-learning. Studying online
is getting increasingly popular because it offers advantages to traditional
learning. E-learning tutors for example, can address a larger audience at the
same time without loss of teaching quality. Particularly universities face the
problem of overcrowded lecture rooms and a resulting loss of teaching quality
as interactions between tutors and students get rather impossible. Significantly,
in such cases, e-learning resources offer advantages for students and tutors:
- It is possible to
study independently from time and place with the only precondition that
Internet access is available.
- E-learning resources
are normally open around the clock, 365 days a year.
- E-learning resources
are able to offer interactive study material where students can apply and
increase their skills.
- Students get pointers
to supplementary lecture and are able to access it at once.
- It is easy to
integrate useful didactical methods, such as glossaries and discussion
boards.
When studying in an online resource for the first time,
students normally face a completely unusual way of studying [RPHG01]. Many
times, students must learn how to use the Internet and the basic services such
as the World Wide Web (WWW) or electronic mail. Students have to learn how to access
a resource and how to navigate through the study material. They have to
understand how to use the Internet for additional study material search and
collection. Email and its features, Internet relay chat, instant messaging,
discussion boards, white boards, all these methods have to be understood for studying
in e-learning resources. They have to acquire social behavior in virtual communities
such as in discussion boards or in chat rooms. Students who already own experiences
using the Internet have advantages compared to others. Nevertheless, e-learning
resource providers cannot expect that the students already know how to use the
course material and should always explain the study methods in use. Resource
providers should also link to related study topics, especially to the basics of
the study topic and to resources, which provide supplementary information. A
problem for educators is that younger students are used to quickly changing and
superficial presentations such as found in video games or broadcasts in
television channels [Mm98]. Even if these students are able to read a text up
to the last line, they have problems with memorizing and understanding the
message. Unfortunately, e-learning allows these abstract-minded students to do
the same and to distract themselves much more by quickly clicking through the
study material or surfing to other sites. E-learning resources should integrate
learning control mechanisms, for example in form of understanding questions and
essay tasks, distributed through the study material.
Tutors and resource designers have to understand the differences
between traditional and e-learning. They have to replace their traditional
methods by the respective counterparts for e-learning and integrate new ones,
which are only available in e-learning. In particular, they have to consider the
shift from face-to-face contact to machine directed contacts. In most cases,
resource designers are not identical with tutors. The reason for this
separation lies in the complexity of designing and implementing multifaceted
e-learning resources. This work division can be potentially difficult as resource
designers must perfectly understand the study matter and perfectly understand
didactics. Consequently, a designer can only be a person, who is didactically
educated and has a deep knowledge of the study topic. Alternatively, a
didactical framework can enable topic professionals to implement e-learning
resources in a qualitatively high standard.
Concluding the didactical introduction, one should always
remember that human beings are creatures of rituals, ritualized behavior, and
habits [SK90]. When we keep in mind these facts, it is not surprising to see
that many students and tutors do not like their first contact with the new learning
methods in the virtual classrooms.
The introduced basics of e-learning
architectures represent the environment in which we investigated the problems
regarding interconnecting of geographically distributed resource providers with
a geographically distributed architecture for hands-on trainings oriented
computer networks laboratories. The prerequisite of the geographically distributed
laboratories excludes the use of existing architectures for centralized
resource provisioning. The integration of laboratories with limited hands-on
training equipment requires the integration of a reservation system into the
course management system. Users have to access the elements of such a
distributed architecture and the expensive e-learning resources protected with
a resource management system. Such a user access system should address the possibility
of providing facultative user access and resource management to web-based resources.
This system should also ease the integration of the resources in higher-level
user access management systems. We investigated the authentication and
authorization as well as interconnection related questions posed by these
problems and developed three different novel architectures, a novel
architecture for resource access management and two novel distributed
e-learning architectures; as such architectures did not exist at the beginning
of this thesis. The prototypical implementation of the e-learning computer
networks laboratory raised teaching related questions, which we addressed with
a novel didactical framework for hands-on training oriented e-learning resources.
This thesis is going to address the
following problem areas:
- How is it possible to
enhance web-based e-learning resources with user and resource management
functionalities as well as on demand communication and accounting
features?
- How is it possible to
connect resources to higher-level user management systems in an easy
procedure?
- How is it possible to
interconnect geographically distributed e-learning resources, such as
computer networks laboratories with limited hands-on training equipment,
for forming a common e-learning resource?
- How can didactically
unskilled e-learning computer networks laboratories designers implement a
didactically structured state-of-the-art course and achieve a better
teaching quality than in traditional laboratories?
In this thesis, we present an architecture,
which solves the issues raised when connecting web-based resources to
higher-level user management systems, such as authentication and authorization
infrastructures. The architecture allows connecting of all types of resources
with no system changes to higher-level user management systems. The architecture
proposes a resource management portal and we call it resource management portal
architecture. This architecture also introduces a concept, by which it is
possible to protect and enhance resources with user and resource management
functionalities, which base on a resource adapter concept. A special emphasis
of the investigation lies on the adaptor concept, by which this broker can
receive user information from higher-level user management systems and release
information to resources. The user management concept also shows how to collect
supplementary user information and how to manage automatically the resource
access based on the collected user information. We further present a concept
for user and resource accounting as well as a plug-in concept for adding communication
tools to the resource management portal. We used a prototypical implementation
of the architecture to prove the approaches and for scalability tests.
We present a distributed architecture for
interconnecting all elements, necessary in an e-learning resource with
geographically distributed laboratories, which we call multifunctional
e-learning architecture. We also discuss the combination of this distributed
architecture with the resource management portal architecture and the resulting
shift of authentication tasks to higher-level user management systems. We call
this combined architecture extended multifunctional e-learning architecture. We
propose a concept for forming a grid with distributed e-learning laboratories,
allowing the exchange of user authentication and authorization information. One
element of this grid represents a resource management system with an integrated
laboratory reservation system. A second element of this grid represents a
laboratory portal server, comprising security functionalities for protecting
the laboratory from Internet threads and a concept for safe forwarding laboratory
users to the chosen laboratory devices as well as methods for resetting laboratory
devices. In the case of the extended architecture, the third element of this
grid is the resource management portal, which integrates the grid with the
higher-level user management system. We discuss how to use the resource management
portal for user registration in the resource management system and the course
platform by means of the adaptor concept. We implemented a prototypical
hands-on training e-learning laboratory with a lab bed consisting of two
commercial routers and three Linux hosts to prove the laboratory portal
server’s concept. We used the prototypical implementation of the architecture
with an attached course platform and several geographically distributed laboratories
to prove its functionality and tested it with students.
In this thesis we also presents a didactical
framework, comprising of well-known didactical teaching methods but grouped
together in a novel way for educating students in hands-on trainings oriented
e-learning resources. This framework contains a proposed course structure for
e-learning laboratories with a focus on hands-on trainings. We investigated the
learning styles of students in a traditional computer networks laboratory by
observing the students at work and with the analysis of feedback forms. Based
upon that information we present a didactical framework for the electronic
version of the laboratory. We could investigate the effects of the framework in
a field test with real students in the prototypical implementation of the
course. The analyzed user feedback reports an improved association of the newly
acquired with existing knowledge and a higher sustainability of the learning
material.
This document comprises five main Chapters. Chapter 2 presents and evaluates related technologies for their
use in our own architectural solutions. We focus on authentication
infrastructures, authentication and authorization infrastructures and on
related technologies for a secured data transport.
Chapter 3 discusses the investigated issues and the subsequent
design of the resource management portal architecture and its prototypical
implementation, which can be operated autonomously and additionally act as a
broker between higher-level user management systems and resources. We also
investigate scalability with performance stress measurements performed with the
portal’s prototypical implementation. We further show how to connect
resources and user management systems to the resource management portal in a
time and cost effective way as well as the advantages the resource management
portal provides for the participating organizations, resource providers, and users.
Chapter 4 discusses investigated and addressed issues of the
first distributed e-learning architecture we have designed and the prototypical
implementation of the architecture. We called the architecture multifunctional
e-learning architecture. It enables students to access geographically
distributed hands-on trainings-oriented e-learning resources. This architecture
resembles a computational grid as various distributed resources are aggregated
together, forming the e-learning resource. We tested the concept of the architecture
with the prototypical implementation of a first hands-on training laboratory by
means of the learning module IP Security.
Chapter 5 discusses the motivation and the addressed issues,
which led to the combination of the multifunctional e-learning architecture
with the resource management portal architecture, called extended multifunctional
e-learning architecture. This distributed architecture was prototypically
implemented and evaluated.
Chapter 6 discusses the didactical aspects of e-learning and
the developed framework for improving the quality of e-learning. The Chapter
starts with an analysis of the exemplar traditional computer networks laboratory
of our institution and presents the prototypical implementation and evaluations
of the framework with the e-learning version of the computer networks
laboratory.
In Chapter 7 we conclude the work in a global way.
2 Related Work:
Discussion and Evaluation
This Chapter discusses and evaluates the related work and
technologies with their potential alternatives, applied in the resource
management portal architecture and both, the multifunctional e-learning
architecture and its extended version. We discuss the applied technologies in
the presented architectures in more detail and extent than related but not selected
ones. An evaluation follows each technology discussion and each discussed group
of technologies ends with a comparison of the evaluations and recommendations
about the use in our architectures.
Chapter 2.1 not only introduces basic terms in resource access
but also shows the motivation for the application of such technologies in
e-learning resources.
Chapter 2.2 discusses authentication infrastructures. These
infrastructures serve to protect resources from undesired user access. Each
type of technology provides different advantages for the resource users and the
resource owners.
Chapter 2.3 is devoted to the discussion of secure data transport
in the Internet, which is necessary for the exchange of confidential user data
at the e-learning resource access and during a resource visit.
Chapter 2.4 discusses different authentication and authorization
infrastructures. We discuss and evaluate these technologies, especially related
to their implementation problematic, their user data protection and their
current development and deployment state.
Chapter 2.5 is an evaluation summary of the related technologies
and recommends the technologies to be used in our architectures.
Chapter 2.6 discusses computer networks laboratories.
The first section of the introduction discusses basic terms
used when talking about resource access control systems. We subsequently
discuss the relation between resource access and protection of resources,
especially in the case of e-learning resources. A conclusion of this discussion
is that those methods already used at the beginning of the Internet do not
always scale with large resource user communities or security demands
encountered nowadays. In the subsequent section, we introduce the asymmetric
encryption principle, encountered in many security technologies of
today’s Internet. The introduction ends with a comparison and evaluation
of these asymmetric technologies related to our own architectures.
We start the discussion about resource access issues with the
introduction of terms related to the access of resources on the Internet:
Authentication
Authentication is the process of determining
whether someone is really the person he or she claims to be.
Authorization
Authorization is the process of giving someone
permission to do something.
Accounting
Accounting is the process, which measures the
resources a user consumes during his or her session. Accounting performs
authorization control, billing, trend analysis, and capacity planning
activities.
Single
sign-on (SSO)
Single sign-on [Cj02] is the term used for
mechanisms permitting a user to authenticate with his or her user credentials
only once in order to access multiple resources.
User
Credentials
User credentials consist of information used by a
user to authenticate with a resource.
All the time when a resource should provide their content to
authorized persons only and when confidential data transfers the Internet, it
is necessary to intercept access control systems, as well as to encrypt the
transferred data. E-learning resources, whose providers do not intend to
provide the content free of charge, have to protect access with an access
control system. In this way, unauthorized persons cannot access these resources.
Because of this circumstance, most e-learning architectures comprise systems,
which protect the resources from undesired user access. The main reasons for
this restricted access pattern for e-learning resources lie in the
expensiveness of the learning content production, the high technical operation
costs, the technical and didactical maintenance expenses along with the update
processes, and particularly in the cost intensive user support.
Access to e-learning resources should be as user-friendly as
possible. The user friendliest access procedure of course is achieved by a
welcome message, informing about who is authorized to access the resource and
no further access control system. However, without technical means to enforce
access control, subscribers and non-subscribers access those unprotected
resources, declaring to be open only for their subscribers.
Many possibilities exist to protect Internet resources from
unauthorized access. The correct selection of an access control mechanism
depends on the desired security level. Historically seen, access control
systems, which do not scale for large user communities or fine-grained access
control, protected resources first. By issuing a user name and a password to
the users for example, the administration of a large user community causes a
lot of work for the registration procedure and the user help desk, especially
for forgotten user names and passwords. Because of this reason, for example
libraries used and still use another access control system, based on IP numbers
[Dc88]. However, all these access control systems have severe drawbacks as
listed below:
- With IP-based access
control, the administration of the resulting IP number access lists is
time consuming and hardly manageable for a high number of users.
- With IP-based access
control, there exists no administrative control to see, which user
accessed the resource as the logs list IP numbers and not user names. Even
IP numbers associated to single users could not help as some users may
share IP numbers.
- With IP-based access
control, it is hardly impossible to evaluate statistically the user
behavior and to implement payment systems due to the same reasons.
- With IP-based access
control, users traveling around and connecting from foreign places have
always to ask for an entry of their actual IP number or host name in the
access lists.
- Many users connect via
gateways with the Network Address Translation (NAT) protocol. Those users
use internal IP numbers and appear all with the IP number used by the NAT
device. In this way, many hosts can have the same IP on the Internet.
- Many users having an
IP number retrieve this number from a Dynamic Host Configuration Protocol
(DHCP) server. This DHCP server issues IP numbers from a predefined IP
range. In this way, users have no guarantee to receive always the same IP
number.
Other access control systems help to overcome the
above-mentioned drawbacks. They result to be more flexible, user friendly and
administrable. The name for access control systems, which only authenticate
users, is authentication infrastructures. The name for systems, which additionally
authorize the authenticated users, is Authentication and Authorization
Infrastructures (AAI). The term authentication and authorization infrastructure
is not an expression for one special type of authentication and authorization
infrastructure. It is a generic term for all infrastructures including user
authentication and authorization.
It is necessary to differentiate (i.e. authorize) users’
access rights in a resource and not only to give or not give access (i.e.
authenticate) a user. In e-learning resources for example, students can in no
way have access to areas reserved for tutors. The term authentication and
authorization infrastructure does not define where authentication and authorization
take place. It is possible that the authorization process is combined with the
authentication process or not. It is also possible that both processes are
independent from each other. Some authentication and authorization
infrastructures provide the possibility to split up authorization by giving
users the possibility to decide how much personal information they want to
release to a selected resource and by giving resources the possibility to decide
if the users have provided enough information to access the resource.
We can broadly distinguish two major groups of resources in
relation to access credentials. In one group, the resource provider only issues
user credentials for the own resource. A commercial e-learning course provider,
an Internet bookshop, an Internet bank or an Internet music store, working
independently from other enterprises for example, maintain each an own user
database. Advantages for the resource owners are that nobody else knows their
customers and that those customers are fully transparent in their behavior in
the resource.
In the other group, a group of resource providers issues user
credentials for the group of their resources. Universities with many e-learning
resources, multinational enterprises with many internal and external resources
or universities from one country, which want to open their resources for all
students of this country, for example prefer to issue one set of user
credential per user and maintaining each user only in one database.
Because of the historical development of the Internet and of
the resources, most users access resources with credentials only valid for the
respective resource. This results in long lists of user credentials that users
have to worry. The better way for everyone is thus, when resource providers
issue user credentials valid for a set of resources. All involved parties
benefit from such solutions, for example applied to e-learning resources:
- Only one
administration desk exists for student accounts, which are valid in many
resources. The administration issues user credentials only once per user.
- Resource providers do
not have to care about user registration, administration and the user
credential issuing processes, but only about subscribe or unsubscribe
registered users to their resources.
- Users benefit from
user credentials that work with various resources.
The major conclusions here are that resource providers and
resource users greatly benefit if not each resource but groups of resources issue
user credentials. Moreover, user privacy is easier to maintain, if users can
decide about the released information towards a resource. A consequence of
these conclusions is the intention to realize architectures, which form
computational grids, where users can access distributed resources and maintain
user privacy. In such grids, users may originate from different organizations
and places as well as access resources belonging to different organizations.
Grids can provide seamless resource provisioning from many distributed
resources to users. Such grids must comprise authentication, authorization,
resource discovery and access mechanisms. In that way, for example a university
can provide e-learning content located on different hosts to their students.
The later presented distributed architectures for computer networks laboratories
with geographically distributed laboratories are examples of such computational
grids.
Famous representatives of computational grids solve ambitious
computational jobs such as calculations of scientific or technical nature [FK98].
In many of these famous grids, most computers offering computational power to
the grid belong to individuals who let their computers share not self-used
computational power and contribute to the common goal of the respective grid.
Grid resource users such as universities profit from the resources offered free
of charge. Some grids resemble computer clusters with up to several thousand
members and can compete with super computers. There exist many different computational
grids [Sj03]. One of the most famous grids is seti@home, the grid used to
search for extraterrestrial intelligence [ABDG97]. The Eurogrid is a grid
infrastructure developed by another organization, which builds the base for several
grids such as the Bio Grid, the Meteo Grid, or the Café Grid [ES01]. The
mentioned grids process computational tasks in a distributed environment. The
tasks consist of parts of bigger tasks. In our distributed architectures, a
user interacts directly with one node of the e-learning grid and performs his
or her tasks there. The tasks in our grid consist of hands-on trainings performed
on the grid partners.
In some grids, participating users have to install client
software on their computers. In other grids, no client software installation is
necessary. The requirement for clients to install special software to be able
to participate in a grid brings the burden of maintaining this software for the
clients’ operating systems. Our architectures do not require clients to
install own software and the prototypical implementations can be accessed with
web browsers.
In grids, which solve computational tasks, servers distribute
units of the entire computation tasks to the clients and collect the results.
Under the many existing grids are grids that compute sensitive data and consequently
have to use data encryption technologies for the data transfer in the Internet.
For such types of grids, the Grid Security Infrastructure [BEFK00], which is a
component of the Globus Toolkit [FK97b], is the de-facto security standard. In
those grids, users delegate to the server the right to act for the user for
initiating and monitoring this user’s operation on grid resources. To overcome
these job delegation problems in the grid security infrastructure with standard
web security protocols, a group proposed a solution based on web proxies. In
our distributed architectures, sensitive data consists of the users’
actions on the distributed laboratories and of the user data transferred with
the course platform. We do not forward sensitive data from one grid node,
consisting of a laboratory, to another and thus apply encryption mechanisms
such as secure sockets layer or secure shell.
Common to resource access control systems and data encryption
technologies is the need for encryption keys. There exist symmetric keys, where
identical keys serve for data encryption and decryption and asymmetric keys,
where different keys serve to encrypt and decrypt data. In symmetric data
encryption, both parties have to know the key. The key has to reach both
parties in a safe way. This is not always possible and especially not over the
Internet. This problem can be resolved by using asymmetric data encryption. In
this technology, one of the keys is publicly available, for example on the Internet
and used to encrypt data for the publisher. Only the publisher can then encrypt
the respective data with the second key. A negative aspect of asymmetric
encryption is the higher computational demand for encryption and decryption of
data and thus there exist systems, where an asymmetric key serves to encrypt the
symmetric key, which serves to encrypt the payload.
We start the discussion of
authentication issues with the presentation of public key infrastructures.
Public key infrastructures build a key element in encrypted data transport and
in most authentication systems. Subsequently we discuss a state-of-the-art resource
access infrastructure, which only performs user authentication and not
authorization.
2.2.1 Public Key Infrastructures
Whenever we electronically exchange data, for example over the
Internet, the equipment transforms the data in a well-defined number of
ciphers. Such a well-defined number of ciphers can represent any kind of data
and also electronic user credentials and electronic keys. It is possible to
compute values from these well-defined cipher blocks itself. By means of these
values, it is possible to verify if the cipher blocks changed on their way on
their way or not. These cipher blocks and the way they are generated have well
defined terms in the area of cryptography [Kb93]. We define these terms below:
Public Key
A public key is a value, for effectively encrypt messages and
verify digital signatures issued by the corresponding private key. The public
key may be publicly available, as it does not contain secret information. All
secret information is stored within the corresponding private key.
Private Key
A private key is a value - known only to the owner - used to
decrypt messages encrypted by the corresponding public key, issue digital
signatures, which may be verified, by the corresponding public key, and compute
the corresponding public key. The private key must not be publicly available
and be kept private.
Together, a private and a public key form a key pair. It is
only possible to decrypted messages, encrypted with the public key, with the
corresponding private key.
Certificate Authority (CA)
The Certificate Authority is an authority in a network that
issues, verifies, revokes, and manages security credentials and public keys for
message encryption and signature verification.
Registration Authority (RA)
A Registration Authority is an authority, which verifies the
certificate issuing procedure of the certificate authority by a policy.
Registration authorities are the gatekeepers to the certificate authorities.
The registration authority policy may be very strict and demand a personal show
up of a user or very lenient up to issuing certificates to whom applies without
verifying the identities.
Digital Certificate
A digital certificate consists of the public key and the
identity of an entity, rendered unforgeable by digitally signing the entire
information with the private key of the issuing certificate authority.
Certificate Revocation List
(CRL)
A certificate revocation list is a collection of revoked
digital certificates. Revoked certificates are no longer valid. Users query the
list is to verify if the digital certificate in question is still valid.
Public Key Infrastructures
(PKI)
A public key infrastructure is a system of digital certificates
and certificate authorities that verify and authenticate the validity of each
involved party.
Cross Certification
Cross certification means that certificate authority 1 signs
the public key of certificate authority 2 with its private key and vice versa.
In other words, certificate authority 1 certifies the root certificates of
certificate authority 2 and vice versa.
The technical challenge is to achieve at least the same
reliability level in the Internet as we in our daily life. A feasible way to
achieve high security standards is the use of public key infrastructures [HFPS99].
The name public key infrastructure is used because certificate authorities
issue digital certificates by signing public keys. Most of today’s issued
certificates base on the X.509 Standard [X.509]. Public key infrastructures
have become the de facto standard for establishing reliability over electronic
networks.
The next Chapters present the major types of certificate
authorities in use in today’s Internet, beginning with the single
certificate authority model, the hierarchical certificate authority model, the
cross certification authority model and ending with applications with trust
lists.
The single certificate authority model is the most idealistic
of the presented models. It is idealistic because it is impossible to have only
one certificate authority worldwide, due to scalability and political reasons.
In this model, each person gets a private key from the single existing
certificate authority, in a secure out-of-band manner, for example in a personal
hand-over of the private key. The same authority also signs the corresponding
public key and stores this certificate in a certificate directory. The same
authority also maintains a list with revoked certificates. Figure 2‑1 depicts a prototype of such a public key infrastructure.
It consists of a certificate authority, a registration authority, one or more
directories with the certificates and a certificate management system,
containing a certificate revocation list.
Figure 2‑1: Single certificate authority.
Figure
2‑1 also depicts the steps necessary when user A wants to
certify his or her private key with a certificate authority and how user B
obtains the respective public key for the encryption of a message to user A:
1) User A applies for a public
key certificate by the registration authority.
2) User A complies with the
registration authority’s policy and the registration authority allows the
certificate authority to issue the certificate.
3) The certificate authority
signs user A’s public key and issues the certificate to user A as well as
stores a copy in the certificate directory which is publicly accessible.
4) User B wants to send a
secret message to user A and needs to encrypt the message with user A’s
public key. User B gets the public key from the certificate directory.
5) User B queries the
certificate revocation list.
6) Only user A’s private
key can decrypt such a message encrypted by user A’s public key.
A major problem with public key certificates is that nobody
knows at first glance if they are still valid, revoked, or falsified. As in the
single certificate authority model only one certificate authority exists, the
process of verifying the actual state of a public key is relatively simple
because only one certificate revocation list has to be maintained and queried
by the users. Figure
2‑2 shows how user D may verify user C’s
certificate issued by certificate authority X:
1) User D queries the
certificate directory and the certificate revocation list of certificate
authority X to inquire if the certificate is still valid or revoked.
2) User D requests user
C’s certificate authority X’s public key which is publicly
accessible.
3) User D is now able verify
the signature on user C’s public key certificate and learns if user
C’s public key was issued by the certification authority X or not.
Figure 2‑2: Certificate lookup with one certificate authority.
Hierarchical Certificate Authorities
In the hierarchical certificate authorities’ model, one
root certificate authority signs the public keys of its sub certificate
authorities and not public keys from each user as in the single certificate
authority model. Each sub certificate authority can have one or more sub
certificate authorities. In that way, it is possible to generate tree like
structures with many sub certificate authorities. All certificate authorities
could also sign user certificates but normally only the leaves of the tree do
that. Figure
2‑3 shows the hierarchical model with one root
certificate authority and two sub certificate authorities. The private key of
the root certificate authority signs the public key certificates of certificate
authority 1 and 2. User A’s and user B’s public key certificates
are signed by their respective certificate authority. Everybody may validate
these users’ public key certificates with the public key of the root
certificate authority.
