NAME¶

dacs_admin - DACS administration service

SYNOPSIS¶

dacs_admin [ dacsoptions[1]]

DESCRIPTION¶

This program is part of the DACS suite.

The dacs_admin web service is a tool for administering various DACS resources at a jurisdiction. Providing both a browser-based interface and a simple, REST-oriented[2] HTTP interface that can be used by middleware, scripts, and web browsers, dacs_admin allows inspection (and sometimes modification) of a jurisdiction's access control rules, configuration directives, group definitions, DACS user accounts, revocation list, version information, authorization cache, DACS log files, user tracking records, and more. An administrator can manage a different jurisdiction simply by aiming a browser or other HTTP client at that jurisdiction's dacs_admin web service.

Probably the best way to understand the tool is to simply use it interactively to browse through a jurisdiction's resources.

Security

This web service provides a way to view and change security-related DACS configuration, DACS passwords, and so on. The default access control rule denies all access to the web service - you must add a custom rule to enable access. All functionality should be restricted to an ADMIN_IDENTITY[3].

Notes

•Some features of this program may require JavaScript to be enabled in the browser.

•dacs_admin will eventually unify and replace several existing different DACS administrative web services. It may also include federation-wide functions, such as the capability of adding a new jurisdiction.

Web Service Arguments¶

The following web service argument is always recognized:

FORMAT

By default, output is emitted in HTML. Several varieties of XML output can be selected, however, using the FORMAT argument (please refer to dacs(1)[4]).

Resources and Methods¶

The interface provided by dacs_admin allows various DACS resources to be examined and modified using standard HTTP methods (see RFC 2616[5]). Not all DACS resources may be accessible using dacs_admin and not all methods may be valid for some resources.

In keeping with the REST architectural style, every persistent resource is identified by a URI ( RFC 2396[6] and RFC 3986[7]). Invoking the GET method on https://www.example.com/cgi-bin/dacs/dacs_admin, for example, will (assuming appropriate configuration and permission) return a list of root-level resources managed by dacs_admin.

Invoking the GET method on a resource either returns a listing (by default, formatted as an HTML list or table) or an unadorned value (by default, formatted as an HTML encoded string). For instance, this URL might return a list of configuration directives and their current values:

https://www.example.com/cgi-bin/dacs/dacs_admin/conf/current

while this URL might return the current value of a particular configuration directive:

https://www.example.com/cgi-bin/dacs/dacs_admin/conf/current/AUTH_SUCCESS

The functionality of dacs_admin is described in terms of resources and methods supported on those resources. Depending on the particular service request, the result consists of an HTTP status code (usually " 200 OK", " 201 Created", "400 Bad Request", or " 404 Not Found"), and possibly an HTML or XML document (selectable). The XML document is described by dacs_admin.dtd[8].

Arguments are passed in the query part of a URI. Unrecognized and context-inappropriate arguments are silently ignored.