...
Excerpt |
---|
Fedora 4 authorization is designed to be fine grained, while at the same time manageable by administrators and end users. Authentication is tied to the servlet container or OAuth tokens, but authorization mechanisms are open to extension and many reference implementations are included. Roles-based access control is an included feature that makes permissions more manageable and at the same time easier for external applications to retrieve, index and enforce. Finer grained security checks have no impact on the performance of requests that have a Fedora administrator role. |
Use Cases
- Researcher Researchers control the polices on their own objects
- Distributed authentication and authorization
- University of North Carolina at Chapel Hill
- Unified Authorization
- Setting Individual Permissions
- Yale University
- Fedora managing access conditions
- Programmers use API for access condition support in external systems, i.e. HydraTitle (goal)
- Applications use API for updating access conditions stored in Fedora
- University of Wisconsin - Madison
- Islandora
- Hydra
- Avalon Media System
...
- In servlet container authentication, forwarding with will require the container role of fedoraProxy.
- In OAuth token authentication, the token must include the scope forward credentials.
...
Info | ||
---|---|---|
| ||
A policy enforcement point enforces appropriate access for fedora Fedora users and their proxies, i.e. applications acting on their behalf. One policy enforcement point may be configured at a time. |
...