A design of authentication system for distributed education

Abstract

We designed and constructed an authentication system for a distributed education system using World Wide Web (WWW) servers. Distributed education systems need an authentication function. Since we used WWW servers, the authenticate function checks every request. There were two ways to construct this authentication system. The first was for the WWW servers to be located in the DMZ (demilitarized zone) and for each server to have an authentication function. The second was for the WWW servers to be located in an internal network and for the authentication system to be located in the DMZ. We adopted the latter, because it ensured good security for the authentication system. In addition, the WWW servers were easier to manage. We designed and constructed the authentication system so that users could safely access internal WWW servers from the Internet. Functions of this system were authentication, access control, and relaying users' requests to internal servers. When it accepts a user's request, it authenticates the user and relays this to an appropriate internal server. We chose client certificate authentication instead of traditional user-ID and password authentication, because it is more secure. After authentication, the system relays the request with the user's ID that sent the request to the system. If the internal server uses users' IDs, it can do Web-based examination without authentication by itself. To check its functions, we constructed a question-and-answer system and a log management system that processed a log that recorded students' answers to questions. This system of authentication made it easy to construct a WWW server as an internal server and to produce a secure and flexible system.