Previous Index Next

ISCS version 0.1.1

Define Accessors and Access Groups

Figure 1 shows a typical Access Groups screen.

Figure 1

You can start building on either the left or right sides. Access Groups can be created in the left panel. Accessors can be created directly in the left panel by right clicking on an Access Group and adding an Accessor directly to the Access Group or Accessors can be made in the right panel and dragged onto Access Groups.

IP Accessors are very straightforward but X.509 Accessors can be a little confusing. The X.509 Accessor screen does not issue certificates or define the DN's of the Accessors. Accessors must be issued certificates from a Certificate Authority (CA). When we define an X.509 Accessor, we are saying that an Accessor with a cert with fields set as specified in the Accessor definition, is such an Accessor. In other words, let's consider a user with a certificate with DN = C=US, O=OSDC, OU=Engineering, CN=john.sullivan. If I define an Accessor as simply O = OSDC, John Sullivan is considered such an Accessor. If I define another Accessor as O=OSDC,OU=Engineering, John Sullivan is also considered such an Accessor. On the other hand, if I define a third Accessor as C=FR,O=OSDC,OU=Engineering,CN=john.sullivan, John Sullivan does not qualify as such an Accessor.

Figure 2

Previous Index Next