Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Overview

Excerpt

The Fedora 4 Authentication (AuthN) and Authorization (AuthZ) framework is designed to be flexible and extensible, to allow any organization to configure access to suit its needs.

The following sections explain the Fedora 4 AuthN/Z framework, and provide instructions for configuring some out-of-the-box access controls.

For clarity's sake, a distinction is made between Authentication and Authorization:

  • Authentication answers the question "who is the person, and how do I verify that they are who they say they are?"  Fedora 4 relies on the web servlet container to answer this question.
  • Authorization answers the question, "does this person have permission to do what they want to do?".  Fedora 4 provides two different ways to answer this question:
    • Bypass authorization: Anyone who has authenticated through the web application container (Tomcat, Jetty, WebSphere, etc.) has permission to do everything – in effect all, authenticated users are superusers.
    • WebAC authorization: Authenticated users' access to resources is mediated by WebAC Access Control Lists stored in the repository.

Servlet Container Authentication Configuration

Include Page
How to Configure Servlet Container Authentication
How to Configure Servlet Container Authentication

Bypass Authorization

Include Page
How To Bypass Authorization
How To Bypass Authorization

WebAC Authorization

Include Page
Web Access Control
Web Access Control