 |
 |
A few observations... At Essex, most of our restricted access documents are stored on NT web servers running Internet Information Server (IIS). Initial experiments with the NTLM authentication access control supported with IIS proved successful, the only downside being that it only worked with Internet Explorer 3 or above. We have, therefore, recently bought a SSL server security certificate from BT Trustwise (www.trustwise.com) for our main IIS server. This will allow users of most web browsers to gain access to restricted access resources, and will also allow the encryption of information sent over the Internet (essential if we are to introduce things like web based email systems). SSL will also allow us to do something about the increasing number of requests along the lines of "can you make these web pages only accessible to 3rd year physics students." As well as this, we do of course have campus-only sections (using the usual IP address restrictions). There are also a few department-only sections, but this can only be done if the machines are all on the same subnet mask/IP address range. A few users often request that their pages be password protected. Typically this is used to stop unauthorised access to collaborative work being carried out with other institutions (e.g. drafts of papers and other work in progress). The method used for this is Unix .htaccess files with .htpasswd files and Basic Authentication. This means that there is no need to set up new user accounts for these users, and several users can share the same username/password. Incidentally, the forthcoming Windows NT Explorer column in Ariadne Issue 21 (published in September 1999 - www.ariadne.ac.uk) will cover Internet Information Server 4 - and will have a special mention of how to set up a site using SSL security. ___________________________________ Brett Burridge (Systems Programmer) Room 5.512, Computing Service, University of Essex, UK. E.mail: [log in to unmask] Phone: +44(0)1206 873628 > -----Original Message----- > From: Brian Kelly [mailto:[log in to unmask]] > Sent: 22 June 1999 16:14 > To: [log in to unmask] > Subject: Intranets and Extranets > > > How many institutions currently have Intranets? How is authentication > handled? By IP addresses, by htaccess files, or something more > sophisticated? Do many places provide differing levels of access to > different groups (students and staff) or to individuals? How > much of an > administrative burden is this? Are institutions building solutions on > standard web server software, or buying in off-the-shelf solutions? > > How many sites are making use of Extranets - i.e. restricted access to > resources, but to people outside the organisation? > > Would a talk or discussion group on this topic be of interest to > participants at the Institutional Web Management workshop? > > Thanks > > Brian > -------------------------------------------------------------- > -------------- > Brian Kelly, UK Web Focus > UKOLN, University of Bath, BATH, England, BA2 7AY > Email: [log in to unmask] URL: http://www.ukoln.ac.uk/ > Homepage: http://www.ukoln.ac.uk/ukoln/staff/b.kelly.html > Phone: 01225 323943 FAX: 01225 826838 > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%