- The features of the phase 1 implementation as described would seem to suit our use cases very well. I think we will be able to carry out most of our initial implementation plan using these features.
- The highest priority for us in phase 2 would be to add agent classes. This would seem to enable much easier management of access as the roles of individual users within our organization change over time.
- In practice, beyond creating ACLs, authorizations, and connecting resources to them, I have not been able to test very effectively whether or not the system in fact behaves as expected, which is why I said "as described" in #1 above.
- Using the existing Vagrant, I was able to authenticate at "fedoraAdmin" in my browser, and create various resources, ACLs, and authorizations, but I could not test very effectively because my browser seemed to want to return a 403 forbidden error whenever I attempted to access anything as any user other than fedoraAdmin. I'm not sure if that is because the "testuser" and "adminuser" I used in my authorizations was not recognized as the same user as when I logged in using the supplied test accounts, or whether I was doing something wrong. I tried clearing the browser cache, restarting the browser, and using a different browser. In every case, the only user who could access any resources in my testing instance was fedoraAdmin. All other users received 403 forbidden. Perhaps the root of the repository needs an ACL which allows full read access to all users?
- I would be happy to test more if someone would be able to provide some guidance how to do so with the existing set of user accounts. It would be nice to be able to put the implementation through its paces and see if all the behaviors are as advertised, but I have not been able to do so thusfar. Perhaps a fuller testing capability can be one of the goals of the phase 2 sprint.
- Unfortunately, I will not be at the meeting today, due to a conflict.
Page History
Overview
Content Tools