...
Applications can be authenticated by means of token credentials delivered through the OAuth protocol. A user with the fedoraAdmin role may authorize application access without any limits upon scope, including access equivalent to the fedoraAdmin role. A user with the fedoraUser role can only grant tokens within a scope that is limited by their own user credentials, since the application will only be able to act on their behalf. For specifics see the OAuth section below.
...
Reference Implementation: ServletAuthenticationProvider Fedora ships with a AuthenticationProvider that checks for proper Fedora user roles before Session session creation. |
|---|
...
Reference Implementation: OAuthAuthenticationProvider Fedora ships with an authentication provider that verifies OAuth token credentials and creates a special OAuth security context for new sessions. |
|---|
Authorization (DRAFT)
Fedora 4 will intercept JCR operations in order to enforce policies that are based on the Fedora object model and other node characteristics. While a single Fedora API call may span several JCR operations, these will be joined by a JCR transaction and may all fail together due to a permission check.
...