ROADS Software
Information Gateways
ROADS News
ROADS Liaison
InterOperability
Template Registry
Cataloguing Guidelines
What is ROADS
ROADS Guidebooks
Mailing Lists
Papers and Reports
Related Initiatives

ROADS

Incorporating ATHENS into ROADS

DRAFT

What is ATHENS?

The ATHENS system enables controlled access to subscription services. ATHENS is currently used by over 190 UK Higher Education establishments to provide access to over 40 major databases and commercial software mirrors. Data Service Providers (DSPs) include NISS, BIDS, EDINA, MIDAS and AHDS. Many of these services are offered to the education community on the basis of CHEST agreements.

The ATHENS system provides two major types of service: resource access management and user authentication. It allows a "single sign-on" to enable access to multiple resources. It also enables the distributed management of user accounts by domain administrators. It is capable of supporting large numbers of users and resources.

Software, in the form of ATHENS Agents, is available so that DSPs can integrate support for ATHENS into their services. ATHENS authentication can be integrated into services offered via the Web, telnet or other client/server technologies.

For further information see: <URL:http://www.athens.ac.uk/info>

Potential Usefulness in ROADS

For users:
  • Only need to logon once and therefore remember only one password
  • Login page lists all the available resources (may be useful for several ROADS databases)
  • Authorisation rights are managed by a domain administrator
  • Personal preferences can be stored in user profiles
For ROADS administrators:
  • Minimises the maintenance of user accounts
  • Joining an established and widely used authentication service
  • Provides a consistent access management system to multiple ROADS services

ATHENS Agents

Operationally, in order to use ATHENS, the DSP must integrate the ATHENS Agent technology into the DSP server. The method of integration varies according to the type of server. Agent guides are available for the following types of service:
ATHENS Apache Agent for Solaris
This is a version of Apache that includes the ATHENS module and allows users to authenticate against an ATHENS server instead of using the standard Apache ACL authentication method.
ATHENS API Library for Solaris
This C Library can be incorporated into programs, allowing ATHENS authentication to be carried out in applications other than Apache. For example, this library has been used to create an ATHENS enabled version of 'login', which allows you to log into a Solaris machine using an ATHENS username.
ATHENS Script Library for Solaris
This C Library enables you to bootstrap ATHENS to scripting languages such as Perl.
Dynamic and static versions of these libraries are available.
ATHENS Perl Module
A Perl module providing the script library functions (Solaris only).
The following will also soon be available:
  • ATHENS Apache agent for AIX
  • ATHENS C Library agent for AIX
  • ATHENS Apache agent for NT
  • ATHENS C Library agent for NT
  • ATHENS IIS agent for NT

Some additional information about ATHENS Agents is available from <URL:http://www.athens.ac.uk/info/agent_intro.html>.

Architecture of ROADS

Figure 1 shows a simplified view of the architecture of ROADS. ROADS consists of a toolkit of Perl scripts for setting up and maintaining subject-based gateways and on-line catalogues. The software provides a Web-based search facility using the WHOIS++ protocol. It is also possible to distribute searches across multiple WHOIS++ servers using the Common Indexing Protocol (CIP) and centroids.

For further information about ROADS see <URL:http://www.ilrt.bris.ac.uk/roads/>.

Figure 1
Figure 1: Architecture of ROADS

Should the ATHENS Agent be incorporated at the ROADS CGI interface or at the ROADS WHOIS++ server? Performing authentication at the CGI interface is reasonable and adequate for individual ROADS-based services, however if cross-searching of several servers is to be performed, it is likely that the front-end to a service will be by-passed, requiring that authentication be performed at the WHOIS++ server.

Architecture of ATHENS

ATHENS provides access to multiple resources through a single password sign-on. It supports distributed management of user accounts through domain administrators. Authentication may be performed ate several different levels, see section 4 above.

As shown in Figure 2, the ATHENS system consists of several components, the majority of which are operated by NISS, whilst an Agent must be run by each participating DSP. The components maintained by NISS include the two ATHENS servers which process:

  • user authentication requests
  • collection of statistics for the usage of DSP resources
All authorised ATHENS Agents connect to the two servers via the network to request an authentication or to log usage of a resource. Communication across the network is performed using TCP/IP and the data transferred is encrypted by using a password which is specific to both the ATHENS server and each ATHENS agent. Note that this is a proprietary method of encryption - SSL is not used to secure the Agent to server communication path.

Figure 2
Figure 2: Architecture of ATHENS

Licencing and Pricing

The contract for the provision of the ATHENS service for UK HE is current out to tender. This makes the medium/long term position on pricing of the ATHENS software somewhat unclear. Clearly JISC have an influence on the pricing policy adopted by whoever operates the ATHENS service.

At the time of writing, use of ATHENS within UK HE costs £2000 which entitles a DSP to use the software and receive some support. NISS appear to be favourable to integration of ATHENS software with ROADS and may consider treating all UK HE ROADS-based services as a single unit (for support and pricing purposes). I guess this is of interest to the RDNC. The licence agreement aimed at UK HE DSPs is available from <URL:http://www.athens.ac.uk/dsp>.

The cost for commercial use of the ATHENS software is negotiable, though NISS are currently developing their internal guidelines for how that cost is decided. (Note: the commercial version of the ATHENS software is known as Isos. NISS are prevented from selling ATHENS commercially, it is sold thru another company). NISS appear not to have considered non-UK HE, non-commercial use of ATHENS - but seem likely to be open to favourable negotiation on this - assuming there is perceived benefit to the UK HE community.

Page maintained by: Manjula Patel and Andy Powell
Last modified: 18-Feb-1999

ROADS Software Information Gateways ROADS News ROADS Liaison InterOperability Template Registry Cataloguing Guidelines What is ROADS ROADS Guidebooks Mailing Lists Papers and Reports Related Initiatives