[Workstation Support Services Home] Search:   

SAFE (Secure Access From Everywhere)

Overview    
CalNet Authentication and Authorization  
Secure Socket Layer for Security  
Download Instructions 
Error Messages 
News and Announcements  (10/23/2003 9:30 pm)

Overview

SAFE provides secure, authenticated download of campus software from any Internet location.

Security is based on use of Secure Socket Layer (SSL).  SSL is used to encrypt sessions and authenticate the server.  This protects the secret authentication information and verifies the source and integrity of the downloaded software.

Access is based on who you are and whether you are currently authorized to download campus site licensed software.  Your CalNet ID is used to authenticate you and the CalNet Directory is used to authorize the download.

SAFE currently supports CalAgenda authentication for CalAgenda downloads.

CalNet Authentication and Authorization

You prove your identity with your CalNet ID and secret passphrase.  All faculty, staff, and students have CalNet identities.  Faculty and staff can activate their identity by contacting their department's administrative staff or CalNet Deputy , or contact User Account Services.   Student identities are created by Student Information Systems and are activated on first use of Bear Facts.  Certain types of university affiliates can also do downloads (Affiliate Types).

The CalNet Directory contains information on your current UC Berkeley status.  This is used to ascertain whether you are authorized to download campus site licensed software.  You must be a current UC Berkeley faculty, staff, or student member.

Please note: Students that are registered only for summer session and do not have another authorized status such as employee or full-time student are not authorized to download licensed software.

See CalNet Gateway for more information on CalNet.

Secure Socket Layer (SSL) for Security

Secure Socket Layer (SSL) is used to encrypt sessions and authenticate the server.

The Software server has a Thawte public key certificate. (Click Thawte graphic at bottom of this page for information specific to this site.) This certificate authenticates the web server to the browser and hence verifies the origin of the software.  The browser checks the certificate and its encrypted signature to assure that the server is who it says it is.  Most browsers will notify you when entering or exiting secure connections, and will allow you to view the server's certificate.

The entire session is encrypted to protect the secret authentication credential, and to prevent tampering with the downloaded software..

News and Announcements

Wednesday, October 22 2003 3 pm
The new Opera 7 browser has a feature that blocks "pop up" windows to stop annoying advertising.  This prevents SAFE from starting the download after the CalNet authentication completes.  To allow pop ups for software.berkeley.edu only,  set Opera to 'Accept' or 'Open in Background'.  The latter opens the window under a "tab" rather than popping up a window.

Thursday, August 15 2003 7:15 pm
The new Mozilla Firebird browser has a feature that blocks "pop up" windows to stop annoying advertising.  This prevents SAFE from starting the download after the CalNet authentication completes.  To allow pop ups for software.berkeley.edu only, use the Tools/Options/Web Features menu and under "Block Popup Windows" click on Add Site and add "software.berkeley.edu".

Friday, May 30, 2003 2:30 pm
The browser will usually display PDF, TXT, or HTML files rather than save it to a file.  To save the displayed file, use File/Save or File/Save Page As ...

Monday, April 14, 2003 6:45 pm
The SAFE Download Service scripts have been extensively revised to modernize their PHP practice, and for performance.  SAFE no longer requires the HTTP Referer header because some browsers and privacy software do not provide them, but some things will work better if the header is supplied.

Monday, February 25 2002 4:00 pm
SAFE now supports CalAgenda downloads authenticated with a CalAgenda user name and password.

Wednesday, August 26, 2001 10:00 am
MS IE 5.5 and 6.0 in a few cases have somehow become configured to treat application file (*.EXE) downloads as if they were an object to be displayed.  This prevents the download from succeeding.  The symptom is a blank screen with an object icon in the upper left corner which occurs after CalNet authentication with the AWS server.  We have not yet discovered the cause of this anomaly.

Thursday, March 29, 2001.
The SAFE Software Download Service is re-deployed using CalNet ID authentication  and CalNet Directory authorization.

Friday, May 29, 1998
Macintosh software download with SAFE.  Site licensed Macintosh software download is allowed using UCLink account name and passwords as a UCB affiliation credential.

Monday, October 6, 1997 
PC/Windows software download with SAFE.    Site licensed PC software download is allowed using UCLink account name and passwords as a UCB affiliation credential.

Security
About the SAFE Download Service
Security Level

ABOUT SSL CERTIFICATES


QuickLinks to WSS:   CalAgenda Cal WebDisk Computer Labs Computer Repair Computer Store Computer Training Connecting@Berkeley Departmental Support (DOCS) Getting Help Software Distribution Student Consulting UCLink WSSG Software

Copyright and disclaimer notice
Send comments.
WSS is a unit of Information Systems & Technology (IS&T), UC Berkeley

URL: /about/SAFE/index.html , page modified: Friday, 02-Jul-2004 13:51:12 PDT