Versions Compared

Old Version 9

changes.mady.by.user Scott Prater

Saved on

compared with

New Version Current

changes.mady.by.user David Wilcox

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Overview

Excerpt

The Fedora 4 Authentication (AuthN) and Authorization (AuthZ) framework is designed to be flexible and extensible, to allow any organization to configure access to suit its needs.

  The following sections explain the Fedora 4 AuthNZ AuthN/Z framework, and provide instructions for configuring some out-of-the-box access controls.

...

  • Authentication answers the question "who is the person, and how do I verify that they are who they say they are?"  Fedora 4 relies on the web servlet container to answer this question.
  • Authorization answers the question, "does this person have permission to do what they want to do?".  Fedora 4 provides three different ways to answer this question:
    • Simple servlet container authentication.  Anyone who has authenticated through the web application container (Tomcat, Jetty, WebSphere, etc.) has permission to do everything – in effect all, authenticated users are superusers.
    • Basic Access Roles authorizations.  Authenticated users are mapped onto one or more preconfigured roles;  a user's role determines what they have permission to do.
    • XACML authorizations.  Policies created using the XACML framework are used to determine what operations are permissible to whom, using user and object resource properties exposed to the XACML engine.

...

Include Page
How to Configure Servlet Container Authentication
How to Configure Servlet Container Authentication

...

Authorization Delegates

Include Page
Authorization Delegates
Authorization DelegatesPolicy Enforcement PointsPolicy Enforcement Points

Access Roles Module

Include Page
Access Roles Module
Access Roles Module

Basic Role-based

...

Authorization Delegate

Include Page
Basic Role-based PEPAuthorization Delegate
Basic Role-based PEPAuthorization Delegate

XACML

...

Authorization Delegate

Include Page
XACML PEPAuthorization Delegate
XACML PEP

OAuth

Include Page
OAuth AuthorizationOAuth AuthorizationAuthorization Delegate

Bypassing Authorization

Include Page
How To Bypass Authorization
How To Bypass Authorization