Access Control Layer

From EPrints Documentation
Revision as of 09:03, 30 June 2014 by Libjlrs (talk | contribs) (Initial notes on ACL work)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects.

The model we're currently work with is:

Authenticating Authority (AA) - a trusted sign-in method that may also provide some knowledge about the person signing in, and offer groupings based on their attributes.

ACLRole - These are configured based on what an AA can offer. When a user signs in, any ACLRoles that the AA can grant to the user are added to their session. A user could sign in via more than one AA at a time.

ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.

Other thoughts / useful links