Security, Authentication and Permissioning

For added security the Slingshot Web Distribution System (WDS) can encrypt all its traffic using the industry standard SSL (Secure Socket Layer) protocol. Enabling this is as simple as toggling a single switch in a configutration file and providing a digital certificate for the WDS to use. If desired, the WDS can insist on client side certificates being present in order to complete the SSL handshake procedure.

The Slingshot server can use 3 different types of user authentication to give the greatest flexibility when integrating its authentication with existing user databases.

  • Basic authentication - A user supplies a username and password and the WDS makes a HTTP or LDAP request to an authenticating server to gain authorisation for the user.
  • Authorisation Id - A user logs into an existing system and that system generates an authentication token or session id. This token is supplied by the user each time they connect to the WDS. The WDS can then check whether the token is valid against the authenticating server and authorise the user accordingly.
  • Certificate authentication - A user provides an digital certificate to authenticate themselves with the WDS. The user validation occurs in the SSL layer and information in the certificate can be used to get permissioning data for that user.

Permissioning can be set out for an individual user or group of users. Users or groups can be permissioned for read or write access for specific objects (records or pages) or groups of objects. Permissions can be prescribed on the basis of PE codes (fields within the requested objects), regular expression matches or simply by object name individually.

In addition to permissioning that allows or bars access to specific data, users can have permissions assigned governing aspects of their connections to the WDS. For example, how many times a user is allowed to log in concurrently, the maximum amount of bandwidth they are allowed to use, whether updates sent to them are merged or queued, if they have queued updates then the maximum size of that user's queue.