Overview
Excerpt |
---|
The Fedora 4 Authentication (AuthN) and Authorization (AuthZ) framework is designed to be flexible and extensible, to allow any organization to configure access to suit its needs. |
The following sections explain the Fedora 4 AuthN/Z framework, and provide instructions for configuring some out-of-the-box access controls.
For clarity's sake, a distinction is made between Authentication and Authorization:
- Authentication answers the question "who is the person, and how do I verify that they are who they say they are?" Fedora 4 relies on the web servlet container to answer this question.
- Authorization answers the question, "does this person have permission to do what they want to do?". Fedora 4 provides two different ways to answer this question:
- Bypass authorization: Anyone who has authenticated through the web application container (Tomcat, Jetty, WebSphere, etc.) has permission to do everything – in effect all, authenticated users are superusers.
- WebAC authorization: Authenticated users' access to resources is mediated by WebAC Access Control Lists stored in the repository.
Servlet Container Authentication Configuration
Include Page |
---|
| How to Configure Servlet Container Authentication |
---|
| How to Configure Servlet Container Authentication |
---|
|
Bypass Authorization
Include Page |
---|
| How To Bypass Authorization |
---|
| How To Bypass Authorization |
---|
|
WebAC Authorization
Include Page |
---|
| Web Access Control |
---|
| Web Access Control |
---|
|