Difference between revisions of "Access Control Layer"
|  (Add category) | |||
| Line 1: | Line 1: | ||
| + | {{Template:AccessControl}} | ||
| This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects. | This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects. | ||
Revision as of 14:55, 9 October 2014
| Access Control Layer | ||
This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects.
The model we're currently work with is:
Authenticating Authority (AA) - a trusted sign-in method that may also provide some knowledge about the person signing in, and offer groupings based on their attributes.
ACLRole - These are configured based on what an AA can offer. When a user signs in, any ACLRoles that the AA can grant to the user are added to their session. A user could sign in via more than one AA at a time.
ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.
Contents
Associated pages
These pages have been created as part of the documentation of our work.
When we make this shizzle, how should it be done?
- StyleGuide
- NO text in citation files or other files - use phrases - a la https://github.com/eprints/eprints/commit/cccfab14e0b6764d7f1d80daf57bf4e308f56dd7
Things to do
- LogHandler - what do we log an when? See ~/perl_lib/EPrints/Apache/Rewrite.pm@515
- Check poly-lingual behaviour
- Check behaviour for summary_page and summary_page_denied
- Abstract summary page handler up to dataobj level
- Add config options to enable summary pages for specific dataobjs $c->{summary_pages}->{document} = ??? filters/citations/logs?
Other thoughts / useful links
- Category:Authentication
- http://files.eprints.org/836/ - Webserver authentication using auth_memcookie and simplesamlphp
- Webserver authentication - Single-sign-on via Shibboleth, CAS/mod_cas, Kerberos or just about any mod_auth_* Module for Apache httpd
- CAS - Central Authentication Service
- LDAP - Lightweight Directory Authentication Protocol
- Shibboleth authentication - UK Federation
- https://www.google.co.uk/search?q=site%3Afiles.eprints.org+authentication - Google files.eprints.org for Authentication
- https://www.google.co.uk/search?q=site%3Abazaar.eprints.org+authentication - same, but on the Bazaar.
