An authentication and authorization infrastructure: The PAPI system

PAPI is a system for providing access control to restricted information resources across the Internet. It intends to keep authentication as an issue local to the organization the user belongs to, while leaving information providers full control over the resources they offer. The authentication mechanisms are designed to be as flexible as possible, allowing each organization to use its own authentication schema, keeping user privacy, and offering information providers data enough for statistics. Moreover, access control mechanisms are transparent to the user and compatible: with the most commonly employed Web browsers (i.e., Netscape/MSIE/Mozilla/Lynx), with any HTTP based java application solution, and any operating system. This solution is being successfully used in different research organizations in Spain and Europe as a control access system to restricted resources in a transparent and single sign-on way. It is allowing mobile and external users to access to resources that are internal to organizations, contributing to remote participations in results of experiments and inter-institutional resource collaboration.