1	Cookie Daemon	This is the master daemon. This is where all of the information about the various authorization cookies is stored, including what the cookies are, what uniqname is matched with a given cookie, and what IP number that cookie is valid for. All initial cookies are registered with this daemon, and this daemon is the final authority on whether or not a cookie is valid.
2	Cookie Caching Daemon	This is just a cache for the Cookie Daemon. All this daemon does is copy down cookie information, and tell the web server whether or not a given cookie is valid. The model is designed to have multiple hosts use the same cookies for access, with a Cookie Caching Daemon running on each host, and only one Cookie Daemon running on a central host. Right now this is only being used for the NT port of the software, but could easily be expanded in the future.
3	PT Services Caching Daemon	This daemon is fairly simple, and is the only one that includes any AFS or Kerberos calls. All it does is cache protection server information for five minutes, so that multiple requests to the same server (for example, for a web page and ten small graphics on that web page) don't cause a lot of requests to the overloaded IFS PT servers. This has the added benefit of being an extremely fast way to manage protection information.

There are also several CGI scripts that run to support the above daemons:

1	genlogin	This is the program that generates the login screen. it is configurable with text files contained in the same directory so that the look and feel of the screen can be changed for different services without changing any source or recompiling. This allows the web administrator to add graphics and other links to the login screen, though adding graphics is generally discouraged, because it makes the login page take much longer to load.
2	nph-login	This program does most of the work of the cookieserver code. This is the script that is passed a uniqname and password. It checks the password against the Kerberos servers, and then throws the password away. If the password is correct, it registers the authentication cookie with the Cookie Daemon, and redirects to the resource originally requested. If the password is incorrect, it prints that, along with a link to the login page.
3	logout	This program should be linked to from as many secured resources as possible. This logs out of the secure space, and tells the Cookie Daemon and Cookie Caching Daemon to expire the authentication cookie. Logging out of Private WebSpace reduces the risk that someone could access private pages from your machine if you get up to leave.

In order to port this code to the NT server platform, it is currently necessary to rely on a remote PTS caching daemon, at least at first. This is because the PT server calls for AFS haven't been ported to the NT platform as far as I know. I am hoping that this work will be done, as the PTS caching daemon plays an important role in the overall security of Private WebSpace. If it is not, SSL encrypting the PTS caching daemon's transactions should provide security from a man-in-the-middle attack.