Access Control Layer
This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects.
The model we're currently work with is:
Authenticating Authority (AA) - a trusted sign-in method that may also provide some knowledge about the person signing in, and offer groupings based on their attributes.
ACLRole - These are configured based on what an AA can offer. When a user signs in, any ACLRoles that the AA can grant to the user are added to their session. A user could sign in via more than one AA at a time.
ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.
When we make this shizzle, how should it be done?
- NO text in citation files or other files - use phrases - a la https://github.com/eprints/eprints/commit/cccfab14e0b6764d7f1d80daf57bf4e308f56dd7
- http://files.eprints.org/836/ - Webserver authentication using auth_memcookie and simplesamlphp
- Webserver authentication - Single-sign-on via Shibboleth, CAS/mod_cas, Kerberos or just about any mod_auth_* Module for Apache httpd
- CAS - Central Authentication Service
- LDAP - Lightweight Directory Authentication Protocol
- Shibboleth authentication - UK Federation
- https://www.google.co.uk/search?q=site%3Afiles.eprints.org+authentication - Google files.eprints.org for Authentication
- https://www.google.co.uk/search?q=site%3Abazaar.eprints.org+authentication - same, but on the Bazaar.