...

1. Implementing client-facing side of authZ
2. Targeting "pre-authenticated" scenario
3. Starting with a mock of the pep
4. PEP is over the entire set of modeshape operations
5. Repo managers can control access with their own PEPs
6. Could potentially expose "access control manager" service
   • Native to JCR
7. Wisc, working on a simple XACML rules engine
   • Concerned with speed/performance
   • Rules stored outside of f4
   • Will likely be choosing an existing XACML engine project
   • Example usecase: embargo etd for five years for the history department
8. Noting, embargo is a common usecase
9. UVa, would like to integrate institutional IdP
   • Shibboleth, and PubCookie
10. Colorado Alliance, using XACML
    • Have user-classes, and different roles across the repo
    • Need to ensure that Islandora supports access control design
11. There is a need to be able to check the access controls at any point in the repo
12. Follow-up meeting
    • We will set up a follow-up AuthN/Z meeting

Actions

•  Andrew Woods to setup follow-up meeting on topic of AuthN/Z