Versions Compared

Old Version 11

changes.mady.by.user Andrew Woods

Saved on

compared with

New Version 12

changes.mady.by.user Andrew Woods

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Enforce ACLs on ACL resources with filesystem-based backstop
  2. Add ACL uris to response headers as "Link: <acl-uri>; rel=acl"
  3. Implement acl:Control, acl:Append, and acl:Delete modes
  4. F4 MUST provide a way for external services such as Solr to enforce the authorization rules defined in the repository
  5. Enforce ACLs on binary files
  6. More documentation
  7. Support external ACLs (ACLs not managed by fedora)
  8. Add support for agentClass graphs defined within F4
  9. Add support for agentClass graphs defined external to F4
  10. Verify header-based (delegated) authentication is supported (where headers are used to define the effective agent, independent of any container-based AuthN)
  11. Support for inclusion of other ACLs via acl:include
  12. Fix bug with versioned resources: 
    Jira
    serverDuraSpace JIRA
    serverIdc815ca92-fd23-34c2-8fe3-956808caf8c5
    keyFCREPO-1760
  13. Make webac and audit default configuration in fcrepo-webapp-plus: 
    Jira
    serverDuraSpace JIRA
    serverIdc815ca92-fd23-34c2-8fe3-956808caf8c5
    keyFCREPO-1773

Related Documents

Minutes

Collect stakeholder feedback on Sprint 1

  1. Suggestion: Include stakeholders during sprint-2 to help work through issues with sprint-1 verification process.
    • This should also result in new integration tests (translations of stakeholders scenarios)
    • Additional curl examples for creation and testing may be helpful

What Phase1 requirements must be addressed in Sprint 2?

  1. https://wiki.duraspace.org/display/FF/Design+-+WebAccessControl+Authorization+Delegate#Design-WebAccessControlAuthorizationDelegate-ProposedRequirements(Phase1)
    • Note re: 3a: Sprint-1 implementation does not confine ACLs to reside in a "preconfigured location", but they can instead exist anywhere within the repository.
      union of DELETE and UPDATE = WRITE

Proposed Sprint-2 Requirements

1. Include in sprint-2: Enforce ACLs...
2. Not high-priority, nice to have: Add ACL...
3. Include in sprint-2: Implement acl:Control...

  • Another meetings/emails required to discuss mode definitions

4. Include in sprint-2: F4 MUST provide...

  • Solr: documentation for existing patterns,
  • Triplestore: investigate approaches and document
    • Nick to lead investigation on protecting triplestores

5. Include in sprint-2: Enforce ACLs on binary files
6. Include in sprint-2: More documentation
7. Not high-priority, nice to have: Support external ACLs...
8. Include in sprint-2: Add support for agentClass graphs defined within F4

  • and document it

9. Not high-priority, nice to have: Add support for agentClass graphs defined external to F4

  • does the resource need to be public or can it be protected?
    • not for this sprint, if implemented at all in this sprint

10. Include in sprint-2: Verify header-based...

  • More discussion needed to clarify possible scenarios

11. NOT in sprint-2: Support for inclusion of other ACLs via acl:include

  • Risk due to vague relationship in spec

12. Include in sprint-2: Fix bug with versioned resources
13. Include in sprint-2: Make webac and audit default configuration in fcrepo-webapp-plus

Developer Sprint-2 Planning Meeting

  1. 11am meeting on 10/26