SLAC
WWW-Tech
Mtg 6/18/97SLAC
WWW-Tech
Mtg 6/18/97
Attendees: Tony Johnson, Les Cottrell, Andrea Chan, John Halperin, Laurie Gennari, Jennifer Masek, Nina Adelman, Pat Kreitz., Edgar Whipple, Ilse Vinson, Joan Winters, Dennis Wisinski, Brian Lalor.
Agenda:
Nina has been looking for a package. She has identified a package from Reserve Enterprises which costs about $5K for a site license. It has a Web interface. There is a problem with using it for printing at the moment. This is one of several possibilities. Meeting Maker, which has been used extensively for about 2 years at the Lab for scheduling meeting rooms, does not have a Web interface at the moment and also only runs on Macs and PCs. They claim they are working on one but it will be read only. Also Meeting Maker has a problem with incremental costs (e.g. each user needs a license) and keeping all versions current (if they are not current then different versions do not interwork well). After some discussion it was tabled for a future meeting after people have tried out Netscape's calendar application.
Dennis has set up Netscape's proxy server on WNT. It works by sending all requests for URLs to the proxy server which then knows where the real pages lie. It then gets the page from the real server and serves it up after placing it in a cache. The caching can help performance especially for requests for pages on heavily loaded servers. It will not help for dynamic pages (e.g. database hits). A major interest is to help with security issues by only opening up one port thru the firewall. It could also be used to provide outbound access to inappropriate sites/servers. A question comes up as to whether the browsers need to be configured to point to the proxy, or whether it is automatic. There are also issues of performance and availability.
For providing a single inbound access via "www" port 80 into SLAC which then distributes the requests to the actual machines (e.g. www-nt, www1) it is not believed thta the Netscape proxy server will help, it is unclear whether the Netscape Enterprise server will help, Bebo will address this at a future meeting. It is unclear how much effort it will be to maintain the configuration file keeping track of hundreds of servers.
Questions that were raised included:
BSD has requests to put some new (PeopleSoft) reports on the Web. They need finer granularity for access to such pages (e.g. it's OK for a manager to view salary but not for the public at large) than is available today (SLAConly vs world readable). They would like a username password facility that is easy to use and manage. Tieing the username/password to the Unix/Enterprise password is a concern since it might make the Enterprise password less secure. The new Netscape server will have SSL and we need to understand how that might help the security since it does encrypt the information. To use SSL we will need a site certificate from a Certification Agency (CA). This is a bag of worms with legal ramifications. We could have our own uncertified certification server and set up a play system using it in order to understand how it works. The new security person who arrives in August has experience in this area.
The answer for BSD is the only granularity we will have in the near future (at least until October) will be SLAConly and World readable.
There is a new version of Netscape 4.0 that was available last week for PCs (W95, WNT) and was fixed this week for the security problem. It should be available in the next week for Macs. We will need to put the security fix in for older versions (Netscape 3.0). They may never fix 2.0 and 1.0 versions. There are workarounds for the earlier versions. Tony will remove Netscape-old (2.0) as we install Netscape 4.0. Older Macs may not have enough memory to run newer (post 2.0) versions of Netscape, so there is a budgetary impact.