Current Status
We have created a Contributor Project around this problem area. For up to date information on this work, go to the Improved Fedora Security Layer project page.
Required Features for first release
...
- Simple, intuitive, well documented vocabulary for controlling Read, Create, Edit and Delete for Collections, Objects, and Datastreams Datastreams
- Assign permissions by User or by Group, regardless of where user attributes are coming from (ie. LDAP, Shibboleth, OpenId, CAS, etc.)
- One vocabulary covers all equivalent methods in SOAP and REST APIs (ie. policies decide at a higher level who can edit a datastream, rather than saying who can call the modifyDatastream SOAP method)
...
- Keep the implementation stable & current current
- Bundle solution with Fedora and include it in the installer
- Audit the Implementation for potential security flaws
- Support community innovation & allow people to completely replace the whole thing if they wish
...