SMS scnews item created by Paul Szabo at Wed 4 Jul 2007 1325
Type: Info
Modified: Wed 25 Jul 2007 0727; Tue 4 Apr 2017 1229; Thu 27 Jul 2017 0830; Wed 13 Dec 2017 0933
Distribution: World

Unikey/WASM login and /loc/ objects

Changed, new: access as /priv/, giving access to all staff and to
students enrolled in a specific UoS Unit-of-Study.


Many web pages are accessible to anyone in the world. Sometimes it makes
sense to restrict access, and some of our webpages are only accessible
"internally" or via Unikey (WASM) login when accessed from "outside"
(and some are not accessible to undergrads even when inside).

Lecturers may make web material available to students, in a way that
would not be accessible to the world (e.g. when you are concerned with
intellectual rights).

There are four (or five?) levels of access you can specify for a web

/staff/ - restricted to Maths staff and/or postgrads honours etc, but
   not accessible to undergrads (similar to who can access tutsols).

/priv/ - restricted to Maths staff/postgrads/honours and undergrads in
   some UoS: if the URL also contains an UoS (e.g. contains /MATH1001/)
   then allows access also to students enrolled in that UoS, otherwise
   restricts access to all staff and no students, same as /staff/.
   Students enrolled in an "advanced" course can also access "normal"
   webpages e.g.:
     MATH2970 students can access MATH2070
     OLET1625 students can access OLEO1624
   (but not the other way around).

/loc/ - restricted to Maths people, whether staff or undergrads:
   accessible to Maths staff/postgrad/honours/etc, and/or to Maths
   undergrad students currently doing some (any) Maths course or
   subject. (This is the "traditional" way of restricting access.)

/uni/ - restricted to University people with Unikey, allowing access
   to all Uni staff and students, whether related to Maths or not.
   You may want to use this to avoid issues of newly enrolled students
   not having access for a day or two while their enrolments details
   trickle down to us from SydneyStudent, or for past students doing
   supplementary exams out-of-semester. Beware however that this
   provides less protection than /loc/ does.

The fifth level is the "open to the world" of all other pages.

To do this (example for /loc/): place the web page within a directory
named "loc", so the path (or URL) becomes something/loc/something; the
"loc" directory, short for "local", may appear anywhere within the path.
Then any web access will require an identified, logged-in, Maths user:
automatically provided for "internal" access, and to use WASM login when
fetched from outside.
For /staff/, /priv/ or /uni/, use a directory named so.
Note that WASM may let the user in, without a further Unikey and
password prompt, when already logged in to any other WASM service e.g.
to myUni or LMS/Blackboard.

See also,
noting that this applies to all web objects, not just personal pages.

(I understood some people used WebCT solely for the "security" it
provided: you can have the same effect with "loc" and WASM.)


Note for developers/owners of /ub/ CGI scripts: I now pass an HTTP
header of the form "SMS-User: psz" to /loc/ things within /ub; the
script will see this as the environment variable HTTP_SMS_USER:
 - SMS-User is added to /loc/ or /staff/ things only, not other scripts
   (e.g. not to /uni/ things)
 - the script should verify that it is talking to siv (refuse otherwise;
   though the webserver on rome is configured to only accept connections
   from siv)


If you are registered you may mark the scnews item as read.
School members may try to .