EPrints User Group 2015-01-13
John Salter and John Beaman, University of Leeds
Contents
Intro
- Hello: we're John Salter and John Beaman from the University of Leeds.
- We've spent some time trying to write an Access Control system for EPrints. It's been a horror.
- One of our use-cases is for Research Data, but it could be used on other repository types.
Out of the box User Access Control
- EPrints (you all know what this is, right..?) has basic control at the document level - the 'security' field:
- public (Open Access)
- validuser (anyone who's got an account on that EPrints instance)
- staffonly (Repository editors/admins)
 
- This doesn't cover the requirements for some repositories...
Requirements
- Control access to EPrints, Documents
- Control access based on:
- User attributes e.g. signed-in via Shibboleth
- Location e.g. on-campus
 
- Simple interface to assign restrictions
EPACL: EPrints Access Control Layer
- Doesn't overwrite any existing 'security' specified on documents.
ACL_Roles
- Fields
- ID
- ACL_Authority e.g. LDAP; IP address; EPrintsUser
- Role title
- Role description
- Filter e.g. member of a specific LDAP group; EPrintsUser type = editor;
 
ACL_Groups
- Fields
- ID
- Group name
- Group description
- ACL_Roles
- Role combination (AND / OR)
 
ACL_Authority
???
Dealing with rejection
- What happens when someone is denied access?
- Document landing pages
- Restricted summary pages
- Contact details to request access?
 
Homeless thoughts
- Summary Page citation style
- Access logging
- Login sources
- Modular design
- Request vs User
- Describe ACL_Group, ACL_Role, ACL_Authority
- DOIs at Doc level = landing page citation style
