Enforcing
Closed Communities
You wish to establish a safe place on the web for
elementary students. This place will have chat rooms and other interactive
applications. You want the children at school to freely access it,
but you must make sure that adults are kept out.
You first thought is to use passwords, but you quickly realize
that passwords can't be trusted. A child could easily share a password
with an adult. You also considered address filtering, which allows
you to restrict access to only those computers at school sites.
But you are concerned with the cost of setting up and administering
such a scheme. What happens when a school changes it's network address?
How do you prevent address spoofing (a non-school computer using
a school address)? You need a solution that can be trusted and easily
administered.
The WSA's Subscriber Authentication provides a ready solution.
First, you install the WSA in front of your “safe place”
servers. You configure the WSA to control access to all servers,
so only those users with enrolled certificates can enter the safe
place.
You establish one or more enrollment accounts for each school.
You provide the enrollment password to a trusted staff member, say
the principal or librarian. The trusted staff member accesses your
safe place and presents a valid enrollment password. This causes
the WSA to generate and download a certificate into the computer
and enroll the certificate for access to the safe place. Thereafter,
any student using the computer can access the safe place.
To enhance security, you can control the enrollment passwords by
either limiting number of times the password can be used or by configuring
the password to expire at a specified date. These solutions make
it harder for an unscrupulous person to use the enrollment password.
Our scheme is trustworthy because the WSA installs the certificate
in such a manner that makes it practically impossible to move the
certificate to another computer. Therefore, you can be certain that
only those computers that were enrolled at school can access the
safe place. In the event that a computer is stolen, a member of
the school staff can quickly remove the certificate from the safe
place, thereby denying access to the thief.
|