...
Note: Use of a PEP and Fedora-specific authorization are options. You can also configure Fedora to run without API security. You may want to only enforcing container authentication or leave the service running completely unsecured, behind a firewall for instance. For details see How to configure Fedora without authorization.
Fedora Administrators (fedoraAdmin user role)
The PEP is not consulted when servlet credentials identify a client with the fedoraAdmin role. When the container has authenticated the connected client as a fedoraAdmin, all actions are permitted and we bypass the PEP completely.
PEP Implementions
The PEP is an extension point for which there are several reference implementations available:
...