Fedora Security Layer (FeSL)

Introduction

The Fedora Security Layer (FeSL) is the future replacement of Fedora's legacy authentication and authorization system. Fedora 3.3 introduces FeSL as an experimental option, a preview of things to come.

FeSL offers a new authentication layer that reduces complexity and allows for integration with more authentication systems. FeSL authentication is built on the Java Authentication and Authorization Service (JAAS). JAAS offers a well-established standard for authentication implementations. Among the benefits that JAAS provides are: cascading authentication, re-use of existing JAAS authentication modules and comprehensive documentation for those who wish to write their own authentication modules.

FeSL extends and improves upon Fedora's legacy XACML-based authorization. Notably, FeSL provides hierarchical enforcement of access control policies. Access controls can be set at the collection level, object level or datastream level. As a result collection level policies can be applied to all collection members.

All FeSL policies are stored as FESLPOLICY datastreams within Fedora Digital Objects.

FeSL was produced under a community funding model, made possible by generous contributions from a number of institutions, including University of Prince Edward Island, Stanford University, University of Hull, University of Virginia and MediaShelf; with recent contributions from the University of York and Acuity Unlimited.

Open Issues

Add a new issue