Authentication & Authorization

By: Richard Glaser, University of Utah - Revised: 2007-09-28 richard

Introduction

University Network ID (uNID).
The University of Utah iTunes U site includes publicly & restricted content. To access the restricted content you must have & use your University Network ID (uNID). A University Network ID (uNID) is a piece of information that uniquely identifies you to on the University of Utah network for various computing services. Your uNID is created by substituting a lower case "u" for the first zero in your University (student, employee) ID. A University Network ID is also known as a uNID, NID, username, login name or User ID. All students, faculty, and staff at the University of Utah receive a uNID.

See this page for more details about the University Network ID (uNID).

Authentication
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic.

We use Kerberos for the authentication process.

Authorization
Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth).

We use LDAP for the authorization process.

Authentication & Authorization Process

The following process is used to authenticate and authorize access to iTunes U

Step 1 - User enter uNID & Password on iTunes U Web Gateway
Authentication & Authorization Process - Step 1

Step 2 - uNID & Password are Securely Passed to Campus Middleware Server
Authentication & Authorization Process - Step 2

Step 3 - Kerberos Validates uNID & Password
Authentication & Authorization Process - Step 3

Step 4 - Lookup User Role Information in Campus LDAP Server
Authentication & Authorization Process - Step 4

Step 5 - Campus Server Requests New Session with iTunes U
Authentication & Authorization Process - Step 5

Step 6 - iTunes U Replies with URL
Authentication & Authorization Process - Step 6

Step 7 - Campus Middleware Server Forwards URL to Users Browser
Authentication & Authorization Process - Step 7

Step 8 - User’s browser launches iTunes application to handle request
Authentication & Authorization Process - Step 8

Step 9 - iTunes application requests resource from iTunes U
Authentication & Authorization Process - Step 9

Step 10 - Resource displays in iTunes application
Authentication & Authorization Process - Step 10