Difference between revisions of "Access Control Layer"

From EPrints Documentation
Jump to: navigation, search
(Other thoughts / useful links)
 
Line 35: Line 35:
 
*https://www.google.co.uk/search?q=site%3Afiles.eprints.org+authentication - Google files.eprints.org for Authentication
 
*https://www.google.co.uk/search?q=site%3Afiles.eprints.org+authentication - Google files.eprints.org for Authentication
 
*https://www.google.co.uk/search?q=site%3Abazaar.eprints.org+authentication - same, but on the Bazaar.
 
*https://www.google.co.uk/search?q=site%3Abazaar.eprints.org+authentication - same, but on the Bazaar.
 +
*[http://wiki.unimas.my/unimaswiki/bin/view/HOW-TO,+Tutorial+%26+User+Manual/HOW-TO+%3A+Install+Eprints+v3.3.12++on+Ubuntu+14.04+With+LDAP+Authentication Install Eprints v3.3.12 on Ubuntu 14.04 With LDAP Authentication]
 +
*[http://wiki.unimas.my/unimaswiki/bin/view/HOW-TO%2C+Tutorial+%26+User+Manual/HOW-TO+%3A+Install+Eprints+v3.3.12++on+Ubuntu+12.04+With+LDAP+Authentication Install Eprints v3.3.12 on Ubuntu 12.04 With LDAP Authentication]
  
 
[[Category:Access Control]]
 
[[Category:Access Control]]

Latest revision as of 17:24, 28 October 2014

Access Control Layer

This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects.

The model we're currently work with is:

Authenticating Authority (AA) - a trusted sign-in method that may also provide some knowledge about the person signing in, and offer groupings based on their attributes.

ACLRole - These are configured based on what an AA can offer. When a user signs in, any ACLRoles that the AA can grant to the user are added to their session. A user could sign in via more than one AA at a time.

ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.

Associated pages

These pages have been created as part of the documentation of our work.


When we make this shizzle, how should it be done?

Things to do

  • LogHandler - what do we log an when? See ~/perl_lib/EPrints/Apache/Rewrite.pm@515
  • Check poly-lingual behaviour
  • Check behaviour for summary_page and summary_page_denied
  • Abstract summary page handler up to dataobj level
  • Add config options to enable summary pages for specific dataobjs $c->{summary_pages}->{document} = ??? filters/citations/logs?

Other thoughts / useful links