Archived

If you are looking for the last documentation in the 4.x series, see 4.7.5. Looking for another version? See all documentation.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

WebAC authorization fedora module is an implementation of the still evolving draft by the W3C that proposes a decentralized authorization mechanism. See WebAccessControl specifications at the W3C website. 

W3C's definition of WebAccessControl:

WebAccessControl is a decentralized system for allowing different users and groups various forms of access to resources where users and groups are identified by HTTP URIs. 

The WebAC module will enforce access control based on the Access Control List (ACL) RDF file associated with requested resource. The ACL file should specify the types of access, allowed users or groups, and applicable resources.

User/Group -> Read/Write/Append/Control -> Resource/ResourceType

Example:

1. userA can Read document foo
@prefix acl: <http://www.w3.org/ns/auth/acl>

</acls/read> acl:accessTo </foo> ;
acl:mode acl:Read;
acl:agent </agents/userA> .


2. users in NewsEditor group can Write to any resource of type News
@prefix acl: <http://www.w3.org/ns/auth/acl>

</acls/write> acl:accessToClass </objecttype/news> ;
acl:mode acl:Read, acl:Write;
acl:agentClass </agents/newsEditor> .

Example Request Authorization Flow:

Gliffy Macro Error

An error occurred while rendering this diagram. Please contact your administrator.

  • Name: Fedora WebAC Request Authorization Flow

 

 

  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.