...
- A user comes into the system. They are assigned a principal:
- If they authenticate through some authentication gateway, then their principal may be generated from some of the person's attributes;
- If they don't authenticate, then they may be assigned a default principal (such as "guest").
- Question: do we have default principals? Or only a default role, which is assigned if no principal is available?
- The principal is then mapped onto one or more roles. Roles are basically bundles of permissions.
- The user then makes a request for a given object. The Fedora PEP intercepts the request, and passes along the roles assigned to the principal to the Fedora PDP.
- The Fedora PDP will then query the object for the roles it has assigned, compare that to the roles the use has attached to their principal, determine the permissions the user has on the given object, and approve or deny the specific request.
- Based on the decision returned from the PDP, the Fedora PEP will approve or deny the request.
- The one exception to this process is the admin role. if a principal has an admin role, then no object check is made, and the Fedora PEP automatically approves the request: admins have permission to do everything. Objects will never have the admin role explicitly assigned to them.
This module assigns roles to generic security principals, i.e. any class that implements java.security.Principal. Roles are serialized and matched against the principal name, a string property of the principal. All the principals used in your repository environment must have unique names. Other than that, you may use whatever principals you wish. This module does not validate principal names.