The MELVYL on the Web Application (Melweb) currently uses IP Address filtering and password based authentication to restrict access to UC-only content. To achieve IP Address filtering, a set of IP tables called the Milten Tables is maintained on an IBM mainframe. The Milten Tables are accessed by the Melweb UNIX host and are replicated on non-UC publisher's web sites. These IP tables are consulted every time a web browser connects to the Melweb or Publisher's web server, and query access as well as access to fulltext content are restricted based on the browser's originating address. If a user requires unrestricted access to UC-only resources when connecting from a non-UC IP address, s/he must apply for a Melvyl database password, which is issued by their campus library and can be used to enable such access. This password is unique to Melweb and is not part of a larger single/few sign-on system.

The Melweb system provides a service to its users called profiling. A user can optionally create one or more profiles, each of which allow him/her to save lists, search history, and maintain interface preferences between sessions. To create or activate an existing profile, the user is prompted to enter a username and password of their choosing. The only restriction made upon the user is that the profile username must be unique across all profiles, and an internal check is done to assure of this. If the user has acquired a Melvyl database password from their campus library for off-campus access, s/he must enter this password when creating a new profile, and must activate this profile when using Melweb from a non-UC IP address. The password can be used for multiple profiles, enabling each of them for unrestricted off-campus access. It is important to understand the distinction between a user defined password and a library issued Melvyl database password before moving on to the following discussion.

A. Functional Description

The integration of X.509 certificate based access control with Melweb is meant to augment the legacy authentication methods in the short term and eventually replace them, as UC personal certificates become ubiquitous. The pilot implementation will allow Melweb users to employ personal certificates to gain all the functionality and access to restricted resources currently available via Melvyl database passwords.

As discussed above, a user can create a personal profile on the Melweb system. However, there is a manual process of enabling one's profile every time a new Melweb session is initiated. By allowing a user to easily associate their certificate with an existing or newly created Melweb profile, it will be possible to enable a profile automatically whenever a new session is initiated. The information in the user's profile will be expanded to include campus affiliation and in the future may include other demographic data obtained via the University Directory (Demographics Database). Inclusion of the user's campus affiliation within the profile will give the Melweb System enough information to allow access to UC-only resources, even if the user subsequently accesses the system without a certificate, but does enable their profile through the normal manual process. This back-door access is seen as a necessity, since the portability and replication of certificates is still an open question. Also, allowing such access will reduce the overhead to the campus libraries, as they will not be required to issue additional Melvyl database passwords to users who are often in environments where their personal certificates are unavailable.

Much effort will be made to add the ability to use certificates to access Melweb in such a way that the "Look and Feel" of the system will remain consistent with the pre-certificate model. For the pilot implementation, the home page for the Melweb system will continue to be an http or non-secure URL for all users. It was deemed important to do this in an effort to limit confusion for unsophisticated users, a large number of which are not UC affiliated and do not qualify for UC personal certificates.

The current "Sign In to Melvyl System" page within Melweb will be augmented to allow a user to click a button labeled "Sign In With My Certificate", which will simultaneously enable access to UC-only resources and activate their default profile if they have a valid UC personal certificate. At the same time, the user's campus affiliation will be determined from the certificate, and campus based access control will be implemented as needed. If the user does not have a personal certificate or if the certificate is invalid, the browser will present them with a dialog that informs them of this. In the preceding scenario, they will then still have the option of clicking the "Submit" button, which will activate their profile via the existing and familiar process. In addition, the sign-in form will be designed to allow users to easily associate an existing profile with their newly acquired certificate, as well as optionally create and use a new profile. Melweb does not currently require a user to set up a profile to use the system, and following this model it will be possible to use a personal certificate for simple access control without associating or creating a profile.

Placing the personal certificate entry point on the "Sign In" page also allows more leeway to add pointers to and actual information on how to obtain certificates and use them successfully. This will be critical during the infancy of personal certificate use within the UC system.

The non-certificate "Sign In" page can be viewed at the following URL:

The certificate enabled "Sign In" page is not currently available, but will be located at the following URL in the near future:

Access to documents on Publishers' web sites will initially be restricted based on IP address filtering, since it is not reasonable at this time to expect Publishers to accept certificates. It is worth noting that this restriction also exists when using a Melvyl database password. Also, FERPA and other privacy considerations have not been adequately examined with respect to allowing non-UC entities access to personal information including the NETID, CAMPUSID, etc. which will be included in the payload of personal certificates and in the University Directory. The current plan is to use proxy technology in combination with certificate based access control to facilitate access to these types of resources.

Any questions or comments about this document should be directed to Sal Gurnani (Sal.Gurnani@ucop.edu).