Given that a unified security model for Archer is no longer a stated goal, the following security features will be incorporated into DIMSIM modules.

Minimum Requirements

Global

1. Ensure that data stream from source plug-ins are protected from unauthorized access

2. Provide basic user authentication methods

Local (IMB)

1. Integrate user authentication for source plug-ins with CrystalClear? (Ver 1.4) administration database

2. Automate user plug-in start and end process.

Solution

Global - EndPoint Validation

To secure source plugin, Dimsim director must deny subscription request from unauthorized clients. To this end, Dimsim will maintain a list of authorized tuples and will validate each subscription request against this set. This set must be configurable both at startup time (config files) and dynamically.

Local - manage Multi-User data store

1. To allow user authentication and automated start/stop of plugins, create a local data store to manage user parameters.

2. This store must be populated at start time and updated whenever user details change.

3. Create multi-user wrapper plug-ins for source instruments which then performs create/start/stop operations on individual plug-ins.

4. To uniquely identify individual user plug-in, append user-name to plugin ID. (i.e., each new plug-in created by the multi-user wrapper will have id wrapper-id + userID)

Implementation

Global Interfaces

Interface IEndPointSecurity will provide the following methods to maintain endpoint tuples and authenticate consumers.

    package au.edu.archer.dimsim.security;

    public interface IEndPointSecurity  {

        Properties add(String consumerID, String consumerEndPointURL, String pluginId);

        public boolean isValidConsumer(String consumerID, String consumerEndPointURL, String pluginId);

        Properties add(Set tuple);

        public boolean isValidConsumer(Set tuple);

        public void remove(String pluginId); //remove all access to plugin

        public void remove(String consumerID, String consumerEndPointURL, String pluginId); //remove access granted to the tuple

        public <Set<Set<String>>> getConsumerEndPoints(String pluginId); //get all tuples that have current access to given plugin

    }

Dimsim Director will extend handleIncomingParcel(Parcel parcel,ResponseBodyType responseBody) to trap Subscribe request. The request is then validated using isValidConsumer methods above. Refer to source code at http://www.hpc.jcu.edu.au/projects/DIMSIM/browser/DIMSIM/trunk/buffer/src/main/java/org/instrumentmiddleware/cima/core/impl/DimsimCIMADirector.java

Multi-User Store Interface

Interface IMultiUserStore provides the following methods to extract user parameters from the local site where source plugin is located. At IMB, the local user information is available in the AdminDB database managed by CrystalClear? software. (Note: Extraction of user info is possible only for CrystalClear? Ver 1.4)

    package au.edu.archer.dimsim.plugins;
    public interface IMultiUserStore {

        public boolean validate(String userId, Object credential) ;

        public Set getUsers();

        public Map getUserParams(String userId);

    }

To enable propagation of updates to user data, multi-user wrappers must implement Interface IMultiUserStoreListener given below.

    package au.edu.archer.dimsim.plugins;
    public interface IMultiUserStoreListener {
        public void userStoreChanged(IMultiUserStore store);
    }

It is useful to have Multi-user wrapper support CIMA command Operation to validate user credentials. An example is given below. For more information on multi-user wrapper plugin refer to implementation source code at http://www.hpc.jcu.edu.au/projects/DIMSIM/browser/DIMSIM/trunk/plugins/src/main/java/au/edu/archer/dimsim/plugins/RigakuSCPMultiUserPlugin.java