LAKE (our institutional DAMS) is integrated with our collection management system, which has its own database of users and credentials.
We use SAML to log into LAKE, which verifies user credentials against an authentication API provided by our CMS.
Each user belongs to one department and zero or more workgroups. These correspond to the SAML "primary affiliation" and "unscoped affiliation" properties.
We periodocally synchronize our CMS users, departments and workgroups into LAKE so they are available as Fedora resources. These resources are also indexed in Solr and available to our Sufia-based DAMS application.
In a different scenario, the same could be done with an institutional LDAP or other directory service.
The advantages of having users, departments and workgroups available as Fedora resources with their own URIs are multiple:
- We can use these resources to build lookup lists and auto-complete fields for users to assign sharing permissions. Departments are proxied by PCDM lists so we can build ordered drop-down menus if we want. Users can be listed via an AJAX autocomplete fied which queries the Solr index for fields such as uid, last, first name etc.
- The same users and departments can be referenced in other parts of the application. For example, the "Depositor" field can be filled with the user's URI, or the "Created by Department" field can use the department URI. This brings the underlying data structure closer to the Linked Data paradigm.
- Another "reuse case" is referencing departments for accessioned objects, which are also read-only resources imported from our CMS. The "Department" property points to the same resources as the users' membership department, which represent exactly the same concept.
This scenario is currently being tested and its source code is available on https://github.com/aic-collections/aicdams-lakeshore
