Difference between revisions of "Access Control Layer"

From EPrints Documentation
Jump to: navigation, search
(Initial notes on ACL work)
 
Line 8: Line 8:
  
 
ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.
 
ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.
 +
 +
== When we make this shizzle, how should it be done? ==
 +
*[[StyleGuide]]
 +
*NO text in citation files or other files - use phrases - a la https://github.com/eprints/eprints/commit/cccfab14e0b6764d7f1d80daf57bf4e308f56dd7
  
  

Revision as of 15:55, 3 October 2014

This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects.

The model we're currently work with is:

Authenticating Authority (AA) - a trusted sign-in method that may also provide some knowledge about the person signing in, and offer groupings based on their attributes.

ACLRole - These are configured based on what an AA can offer. When a user signs in, any ACLRoles that the AA can grant to the user are added to their session. A user could sign in via more than one AA at a time.

ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.

When we make this shizzle, how should it be done?


Other thoughts / useful links