ICALEPCS 2009
TUP015
A Framework for Authentication and Authorization in Plug-in-Based Control System Software
H.R.Rickens, J.Hatje, M.R.Clausen, M.R.Clausen* (DESY)
Preventing unauthorized use is a concern for many software systems, including control system software. The authorization mechanism used by a system should be pluggable, so that the software is not tied to a specific infrastructure. For the Control System Studio (CSS), we have developed a generic authorization framework which can be used by applications built on top of CSS to authorize user actions. For example, the framework provides support for the creation of menu items or graphical display elements that are automatically enabled and disabled based on the user's permissions. The framework is implemented in plug-ins which can be exchanged to interact with different infrastructures. Currently available implementations use standard Java authentication and authorization techniques to integrate with Kerberos and LDAP systems.