Page History

...

Security Monitoring

...

DuraSpace / DSpaceDirect does not have any independent ISO certifications.  However, AWS (Amazon Web Services), which provides our data center, is ISO 27001 certified. See: https://aws.amazon.com/compliance/iso-27001-faqs/

Authorization / authentication Support 

We support all authorization/authentication plugins that are available in out-of-the-box DSpace. Currently (as of DSpace 6), those include:

• LDAP authentication/authorization (including Active Directory)
• Shibboleth authentication/authorization
• IP address / range authorization (e.g. for restricting access to specific collections to "on campus")
• Default DSpace authentication (where DSpace manages all accounts, passwords and permissions)

Please be aware that configuring/managing authorization plugins often requires extra support and/or coordination with local staff at your institution. Therefore, they are considered add-on packages: http://dspacedirect.org/add-on-packages

Is data encrypted at rest in DSpaceDirect?

...

Yes, all calls to DSpaceDirect are encrypted using Transport Layer Security protocols (HTTPS).  We require HTTPS for all sites, and do not allow site data to be sent via plain HTTP.  All sites also enable HSTS (HTTP Strict Transfer Security) to tell all web browsers to only use HTTPS. 

(Note, however, there is one exception to this rule. As OAI-PMH requires HTTP, we do allow HTTP access via the OAI-PMH interface only. )That said, OAI-PMH only allows access to publicly available metadata, and does not provide any means for file access, authentication, etc.