Table of Contents

Overview

Excerpt
The Fedora 4 Authentication (AuthN) and Authorization (AuthZ) framework is designed to be flexible and extensible, to allow any organization to configure access to suit its needs.

...

Authentication answers the question "who is the person, and how do I verify that they are who they say they are?" Fedora 4 relies on the web servlet container to answer this question.
Authorization answers the question, "does this person have permission to do what they want to do?". Fedora 4 provides four two different ways to answer this question:
- Bypass authorization. : Anyone who has authenticated through the web application container (Tomcat, Jetty, WebSphere, etc.) has permission to do everything – in effect all, authenticated users are superusers.
- WebAC authorizations. authorization: Authenticated users' access to resources is mediated by WebAC Access Control Lists stored in the repository.[Deprecated] Basic Access Roles authorizations (RBACL). Authenticated users are mapped onto one or more preconfigured roles; a user's role determines what they have permission to do.
- [Deprecated] XACML authorizations. Policies created using the XACML framework are used to determine what operations are permissible to whom, using user and resource properties exposed to the XACML engine.

Servlet Container Authentication Configuration

...

Include Page

	How To Bypass Authorization
	How To Bypass Authorization

...

	Web Access Control

Warning
As of Fedora 4.7.4, the RBACL authorization module is officially deprecated, and will not be included in future releases of Fedora. Subsequent Fedora releases will only include the WebAC authorization module.

Warning
As of Fedora 4.7.4, the XACML authorization module is officially deprecated, and will not be included in future releases of Fedora. Subsequent Fedora releases will only include the WebAC authorization module.

Web Access Control