ZDAC Introduction

The distributed module implements the Zeus Distributed Authentication and Content API. The ZDAC API allows the web server to interact with external authentication servers and content generation servers over a TCP/IP socket interface.

Authentication

Zeus Web Server provides a high-performance API to allow third parties to completely customize the access control performed by the server. The API allows the server to delegate its access control policies for portions of its document tree to a separate authentication server. The interface utilizes the TCP/IP socket abstraction, allowing the authentication server to be running on a physically different machine from the server, and multiple Zeus Servers to share a centralized authentication server. It also allows the authentication server implementation to be in any programming language which can interact with sockets.

Sites running online subscription magazines, for example, have very complicated access control policies, requiring external database lookups on every request. On receiving a request, Zeus Server can be configured to connect to an authentication server to check whether the request should be satisfied or requires a password etc. The authentication server can do whatever is required to validate the client, for example perform some SQL query into a central database on a mainframe where all of the subscription records are kept. Such a design allows for complete flexibility.

Content

Zeus Server provides a high-performance CGI replacement which allows dynamic documents to be provided to its clients. The dynamic document API utilizes a TCP/IP socket interface to allow the document generation code to be implemented on a separate machine to facilitate load-balancing, and lso makes no restrictions on the implementation language.

The dynamic document generation code, called sockd here in, runs as an external daemon to the server and listens for the request from the server to generate a page. The server then passes information, similar to the environment setup for a CGI process, to the sockd server, which can then use this information to determine the data for the page to generate. This information is then routed back through the server down to the client.

This offers significant performance increases over frequently forking a large CGI script.

Advantages

• Extremely simple
• High Performance
• Applications can be remote, on a different machine to the web server
• Language independent
• Applications can be securely chroot()ed and run with different permissions for each application.

Disadvantages

• Limited to authentication and content generation services
• Non-standard, proprietary interface

Content Manager [Administrator] 16 December 2005