Jefferson Lab Electronic Logbook

API Authentication

Submission of a logentry for immediate processing takes place over the network using the PUT method of the HTTP protocol. The server requires some means of identifying who sent the entry it just received. Usernames and passwords are not ideal for this because they must either be provided over and over for each log entry or else stored on disk where they are vulnerable to discovery. Therefore a system of SSL client certificates is used to authenticate log entries that are sent directly to the server.

The Logbook Certificate Authority

Certificates that allow a client to make entries to the logbook server programmatically are issued by the Logbook Certificate Authority. Any user with a valid JLAB (CUE) username and password may download his or her certificate from the certificates tab under preferences after logging in to the logbooks server as illustrated below. If a user owns certificates for one or more service accounts, those certificates will also be available for download. When downloading the certificate, the recommended location and filename are shown in the table below.

Users with accounts on Accelerator (ACE) workstations should find that they already have a .elogcert in their home directory that was generated and placed there for them by the System Administrators. For them it would only be necessary to re-download the certificate if it were accidentally deleted.

Certificate Expiration

Logbook client certificates are valid for two years. Users may use the certificates "reissue" option at any time to generate a new certificate with a new 2 year validity period. ACE Linux users will not have to worry about this because System Administrators will automatically generate new certificates each year for all current users.