-
Notifications
You must be signed in to change notification settings - Fork 1
Registration
Written by SEARCH-LAB. Online at: https://project.sintef.no/eRoom/ikt/Aniketos/0_83d1c
- User registers at https://svrs.shields-project.eu/ANIKETOS/
- By default, the user has an access level of 0 (community). You can check this by logging in and choosing 'My Profile' -> 'Memberships'
- There is (currently incomplete) functionality that allows a user to buy commercial access through the purchase of an upgrade code. The back-end functionality is actually mostly done, but it needs to be attached to a payment system to work; I think we should have some more discussion about the Aniketos payment / commercialization model before we start the final implementation.
- It is also possible for an administrator to manually upgrade user access level through 'Management' -> 'Users'.
- Currently commercial membership is permanent (unless manually downgraded by an admin), but there are some hooks in the SVRS code that could allow controlled expiration such as 'expires after X operations' or 'expires after Y time'. Again, this is something we would probably need to discuss first.
- To make sure this doesn't break testing, the aniketos/aniketos test account has level 1 (commercial) access for now, and so has full access to the TRM and CSSTM. We'll change this after all implementation work is finished.
This username/password combination is used in every request made to the SVRS through the machine interface as well (it is in the Authorization header, sent through HTTPS), and each operation checks if the user has access to perform it. In the Threat Repository Module, the setCredentials() function is used to set the credentials to use when communicating with the SVRS.
The user has to use the same username/password combination when requesting a security test from Flinder. Flinder then asks the SVRS if the username/password identifies a user that has commercial access (this is done through internal calls that are not accessible from outside the VPN), and only proceeds with the test when access is confirmed. Similarly, in the CSSTM, the setCSSTMCredentials() function is used to set the user's credentials to use when invoking Flinder.