Integrating security into an accelerator control systems web interface

Embedded devices for control and monitoring are becoming more powerful as technology evolves. It is common that these embedded devices are communicating through a local area network with other, sometimes more powerful, nodes for receiving and distributing commands and data gathering. This distributed system can then be connected to other systems over the Internet for data exchange, remote control and monitoring. It is essential in such complex environment that the users are authorized and authenticated as users of the system, and that these security credentials can be easily managed. But this is not enough since not all commands are suitable to be executed in every status of a complex system and by all users from all locations. The wrong command pattern or security policy could potentially cause great damage to the system being controlled. We are developing a system allowing remote monitoring and control of the European XFEL projects accelerators control system DOOCS (see doocs.desy.de). This remote system uses a service oriented architecture based on web services for communication between its nodes. The interface to the underlying classical accelerator control system will be implemented on a central server, whereby any remote access can be audited and controlled. To meet the mentioned requirements for security and safe control patterns, we found it necessary to add a security layer. We decided to implement the OpenSSO package from Sun in our distributed system for authentication and authorization, to make certain that only authorized users can execute commands according to the allowed policy, based on user credentials, location and system status.