DSpaceDirect Resources
DSpaceDirect Website
DSpaceDirect Demo Site
DSpace Resources
DSpace Website
DSpace Documentation
DSpace Wiki
DSpaceDirect KnowledgeBase
...
Info |
---|
This page consists of common security related questions pertaining to the DSpaceDirect hosted service. If you have additional questions not answered below, please contact support@dspacedirectcontact dspacedirect@lyrasis.org |
Table of Contents |
---|
DSpaceDirect provides the following security-focused monitoring:
We use Amazon Web Services (AWS) as our is the data center for DSpaceDirect. AWS provides very detailed documentation on their security compliance:
Yes. The data center we use for DSpaceDirect is AWS (Amazon Web Services). It is SOC certified. See: https://aws.amazon.com/compliance/soc-faqs/
...
...
...
DuraSpace / DSpaceDirect does not have any independent ISO certifications. However, AWS (Amazon Web Services), which provides our data center, is ISO 27001 certified. See: https://aws.amazon.com/compliance/iso-27001-faqs/
...
...
We support all authorization/authentication plugins that are available in out-of-the-box DSpace. Currently (as of DSpace 6), those include:
...
Please be aware that configuring/managing authorization plugins often requires extra support and/or coordination with local staff at your institution. Therefore, they are considered add-on packages: http://dspacedirect.org/add-on-packages
...
Yes, all calls to DSpaceDirect are encrypted using Transport Layer Security protocols (HTTPS). We require HTTPS for all sites, and do not allow any site data to be sent via plain HTTP. All sites also enable HSTS (HTTP Strict Transfer Security) to tell all web browsers to only use HTTPS.
Note, however, there is one exception to this rule. As OAI-PMH requires HTTP, we do allow HTTP access via the OAI-PMH interface only. That said, OAI-PMH only allows access to publicly available metadata, and does not provide any means for file access, authentication, etc.