...
- Implementing client-facing side of authZ
- Targeting "pre-authenticated" scenario
- Starting with a mock of the pep
- PEP is over the entire set of modeshape operations
- Repo managers can control access with their own PEPs
- Could potentially expose "access control manager" service
- Native to JCR
- Wisc, working on a simple XACML rules engine
- Concerned with speed/performance
- Rules stored outside of f4
- Will likely be choosing an existing XACML engine project
- Example usecase: embargo etd for five years for the history department
- Noting, embargo is a common usecase
- UVa, would like to integrate institutional IdP
- Shibboleth, and PubCookie
- Colorado Alliance, using XACML
- Have user-classes, and different roles across the repo
- Need to ensure that Islandora supports access control design
- There is a need to be able to check the access controls at any point in the repo
- Follow-up meeting
- We will set up a follow-up AuthN/Z meeting
Actions
- Andrew Woods to setup follow-up meeting on topic of AuthN/Z