ACS 4 Security Requirements
by Richard Li
ACS Documentation :
ACS Kernel Documentation :
Security Documentation :
Requirements
I. Introduction
This document lists the requirements for the security system for the
ACS.
II. Vision Statement
Virtually all web sites support personalized content based on user
identity. The level of personalization may be as simple as displaying
the name of the user on certain pages or can be as sophisticated as
dynamically recommending sections of site that the user may be
interested in based on prior browsing history. In any case, the user's
identity must be validated and made available to the rest of the
system. In addition, sites such as ecommerce vendors require that the
user identity be securely validated.
III. Security System Overview
The security system consists of a number of subsystems.
Signed Cookies
Cookies play a key role in storing user information. However, since
they are stored in plaintext on a user's system, the validity of
cookies is an important issue in trusting cookie information. Thus, we
want to be able to validate a cookie, but we also want to validate the
cookie without a database hit.
- 10.0 Guaranteed Tamper Detection Any tampering of
cookie data should be easily detectable by the web server.
- 10.1 Performance and Scalability Validation and
verification of the cookie should be easily scalable and should not
require a database query on every hit.
Session Properties
Applications should be able to store session-level properties in a
database table.
- 11.0 Storage API Session-level data should be
accessible via an API.
- 11.1 Purge Mechanism An efficient pruning
mechanism should be used to prevent old session level properties
from filling up the table.
Login
The security system should support the concept of persistent user
logins. This persistence takes several forms.
- 12.0 Permanent Login Users should be able to
maintain a permanent user login so that they never need to type
their password.
- 12.1 Session Login The security system should
support the concept of a session, with authentication tokens
that become invalid after a certain period of time.
- 12.2 Session Definition A session is a
sequence of clicks by one user from one browser in which no
two clicks are separated by more than some constant (the session
timeout).
- 12.3 Stateless The security system should not
require state that is stored in the server. Required state may
reside only in the user request (including cookies), and in the
database. A single user should be able to log in to the system
even if the user is sent to a different AOLserver for each step
of the login process (e.g., by a load balancer).
- 12.4 Secure The security system should not store
passwords in clear text in the database.
- 13.0 SSL Hardware
The system must work when the SSL processing occurs outside of
the web server (in specialized hardware, in a firewall, etc.).
acs-docs@arsdigita.com
Last modified: requirements.html,v 1.1 2001/01/21 01:39:49 bquinn Exp