...
A general design principle of the FSL approach is that an object can only belong to one collection for authorization purposes, but can be in multiple collections for presentation purposes.
Authentication (AuthN)
- Support surrogate authentication and document how to do it
- Support LDAP and Tomcat-Users
- Implement authentication in a modular way so that participating organizations can write their own adapters (ie. Drupal integration)
- Use servlet filters to enforce access controls on all inbound requests
Wiki Markup Support _surrogate authentication_ and document how to do it \[This needs clarification.\]- Support LDAP, AD and Tomcat-Users by refactoring the existing servlet filters to make them more user friendly
Wiki Markup Implement authentication in a modular way so that participating organizations can write their own adapters (ie. Drupal integration) \[This needs some additional information from Paul.\]
Policy Manager / Authorization (AuthZ)
- Enforce policies at Datastream, Object and Collection level. (Rely on either RELS-EXT or Fedora's bundled RIsearch for evaluating collection memberships.) This is already supported in the Muradora authZ work by supporting the precedence rule, where the policy at at the lower level takes precedence over that at higher levels.
- Support use of Fedora Objects' POLICY datastream
...