Difference between revisions of "Access Control Layer"
| Line 14: | Line 14: | ||
== Things to do == | == Things to do == | ||
| − | *LogHandler - what do we log an when? | + | *LogHandler - what do we log an when? See ~/perl_lib/EPrints/Apache/Rewrite.pm@515 |
*Check poly-lingual behaviour | *Check poly-lingual behaviour | ||
*Check behaviour for summary_page and summary_page_denied | *Check behaviour for summary_page and summary_page_denied | ||
*Abstract summary page handler up to dataobj level | *Abstract summary page handler up to dataobj level | ||
| − | *Add config options to enable summary pages for specific dataobjs $c->{summary_pages}->{document} = | + | *Add config options to enable summary pages for specific dataobjs $c->{summary_pages}->{document} = ??? filters/citations/logs? |
== Other thoughts / useful links == | == Other thoughts / useful links == | ||
Revision as of 16:11, 3 October 2014
This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects.
The model we're currently work with is:
Authenticating Authority (AA) - a trusted sign-in method that may also provide some knowledge about the person signing in, and offer groupings based on their attributes.
ACLRole - These are configured based on what an AA can offer. When a user signs in, any ACLRoles that the AA can grant to the user are added to their session. A user could sign in via more than one AA at a time.
ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.
When we make this shizzle, how should it be done?
- StyleGuide
- NO text in citation files or other files - use phrases - a la https://github.com/eprints/eprints/commit/cccfab14e0b6764d7f1d80daf57bf4e308f56dd7
Things to do
- LogHandler - what do we log an when? See ~/perl_lib/EPrints/Apache/Rewrite.pm@515
- Check poly-lingual behaviour
- Check behaviour for summary_page and summary_page_denied
- Abstract summary page handler up to dataobj level
- Add config options to enable summary pages for specific dataobjs $c->{summary_pages}->{document} = ??? filters/citations/logs?
Other thoughts / useful links
- Category:Authentication
- http://files.eprints.org/836/ - Webserver authentication using auth_memcookie and simplesamlphp
- Webserver authentication - Single-sign-on via Shibboleth, CAS/mod_cas, Kerberos or just about any mod_auth_* Module for Apache httpd
- CAS - Central Authentication Service
- LDAP - Lightweight Directory Authentication Protocol
- Shibboleth authentication - UK Federation
- https://www.google.co.uk/search?q=site%3Afiles.eprints.org+authentication - Google files.eprints.org for Authentication
- https://www.google.co.uk/search?q=site%3Abazaar.eprints.org+authentication - same, but on the Bazaar.
