EPrints User Group 2015-01-13

From EPrints Documentation
Revision as of 15:50, 8 January 2015 by Libjlrs (talk | contribs) (EPACL: EPrints Access Control Layer)
Jump to: navigation, search

John Salter and John Beaman, University of Leeds

Intro

  • Hello: we're John Salter and John Beaman from the University of Leeds.
  • We've spent some time trying to write an Access Control system for EPrints. It's been a horror.
  • One of our use-cases is for Research Data, but it could be used on other repository types.

Out of the box User Access Control

  • EPrints (you all know what this is, right..?) has basic control at the document level - the 'security' field:
    • public (Open Access)
    • validuser (anyone who's got an account on that EPrints instance)
    • staffonly (Repository editors/admins)
  • This doesn't cover the requirements for some repositories...

Requirements

  • Control access to EPrints, Documents
  • Control access based on:
    • User attributes e.g. signed-in via Shibboleth
    • Location e.g. on-campus
  • Simple interface to assign restrictions


EPACL: EPrints Access Control Layer

  • Doesn't overwrite any existing 'security' specified on documents.

ACL_Roles

  • Fields
    • ID
    • ACL_Authority e.g. LDAP; IP address; EPrintsUser
    • Role title
    • Role description
    • Filter e.g. member of a specific LDAP group; EPrintsUser type = editor;

ACL_Groups

  • Fields
    • ID
    • Group name
    • Group description
    • ACL_Roles
    • Role combination (AND / OR)

ACL_Authority

???

Dealing with rejection

  • What happens when someone is denied access?
    • Document landing pages
    • Restricted summary pages
    • Contact details to request access?

Homeless thoughts

  • Summary Page citation style
  • Access logging
  • Login sources
  • Modular design
  • Request vs User
  • Describe ACL_Group, ACL_Role, ACL_Authority
  • DOIs at Doc level = landing page citation style