...
- Basic authorization compares the user's role(s) with an Access Control List (ACL) defined on a Fedora resource.
- ACLs can be inherited; if a given node does not have an associated ACL, Fedora will examine parent nodes until it finds one.
XACML Authorization
- XACML
...
- policies can provide much more complex and granular authorization.
- A default policy must be defined for the repository, and each node can override the default with another policy.
- A XACML policy referenced by a node will also apply to all the node's children, unless they define their own XACML policies that override the parent policy.
Performance
Transactions
- Multiple actions can be bundled together into a single repository event (transaction).
- Transactions offer performance benefits by cutting down on the number of times data is written to the repository filesystem (which tends to be the slowest action).
Clustering
...
- Two or more Fedora instances can be configured to work together in a cluster.
- Fedora 4 currently supports clustering for high-availability use cases.
- A load balancer can be setup in front of two or more Fedora instances to evenly distribute read requests across each instance.
- If one Fedora instance in the cluster goes down, read requests can be directed to the other instance.
- Ingests are replicated across all instances in the cluster.