Overview
Excerpt |
---|
The Fedora 4 Authentication (AuthN) and Authorization (AuthZ) framework is designed to be flexible and extensible, to allow any organization to configure access to suit its needs. |
The following sections explain the Fedora 4 AuthN/Z framework, and provide instructions for configuring some out-of-the-box access controls.
For clarity's sake, a distinction is made between Authentication and Authorization:
- Authentication answers the question "who is the person, and how do I verify that they are who they say they are?" Fedora 4 relies on the web servlet container to answer this question.
- Authorization answers the question, "does this person have permission to do what they want to do?". Fedora 4 provides three different ways to answer this question:
- Simple servlet container authentication. Anyone who has authenticated through the web application container (Tomcat, Jetty, WebSphere, etc.) has permission to do everything – in effect all, authenticated users are superusers.
- Basic Access Roles authorizations. Authenticated users are mapped onto one or more preconfigured roles; a user's role determines what they have permission to do.
- XACML authorizations. Policies created using the XACML framework are used to determine what operations are permissible to whom, using user and resource properties exposed to the XACML engine.
Servlet Container Configuration
Include Page |
---|
| How to Configure Servlet Container Authentication |
---|
| How to Configure Servlet Container Authentication |
---|
|
Authorization Delegates
Include Page |
---|
| Authorization Delegates |
---|
| Authorization Delegates |
---|
|
Access Roles Module
Include Page |
---|
| Access Roles Module |
---|
| Access Roles Module |
---|
|
Basic Role-based Authorization Delegate
Include Page |
---|
| Basic Role-based Authorization Delegate |
---|
| Basic Role-based Authorization Delegate |
---|
|
XACML Authorization Delegate
Include Page |
---|
| XACML Authorization Delegate |
---|
| XACML Authorization Delegate |
---|
|
Bypassing Authorization
Include Page |
---|
| How To Bypass Authorization |
---|
| How To Bypass |
---|
|
Include Page |
---|
OAuth Authorization | OAuth Authorization |
|