Difference between revisions of "Access Control Layer"
(→Other thoughts / useful links) |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | {{Template:AccessControl}} | ||
This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects. | This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects. | ||
Line 8: | Line 9: | ||
ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted. | ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted. | ||
+ | |||
+ | == Associated pages == | ||
+ | These pages have been created as part of the documentation of our work. | ||
+ | *[[Anatomy of a request]] | ||
+ | |||
== When we make this shizzle, how should it be done? == | == When we make this shizzle, how should it be done? == | ||
Line 13: | Line 19: | ||
*NO text in citation files or other files - use phrases - a la https://github.com/eprints/eprints/commit/cccfab14e0b6764d7f1d80daf57bf4e308f56dd7 | *NO text in citation files or other files - use phrases - a la https://github.com/eprints/eprints/commit/cccfab14e0b6764d7f1d80daf57bf4e308f56dd7 | ||
+ | == Things to do == | ||
+ | *LogHandler - what do we log an when? See ~/perl_lib/EPrints/Apache/Rewrite.pm@515 | ||
+ | *Check poly-lingual behaviour | ||
+ | *Check behaviour for summary_page and summary_page_denied | ||
+ | *Abstract summary page handler up to dataobj level | ||
+ | *Add config options to enable summary pages for specific dataobjs $c->{summary_pages}->{document} = ??? filters/citations/logs? | ||
== Other thoughts / useful links == | == Other thoughts / useful links == | ||
Line 23: | Line 35: | ||
*https://www.google.co.uk/search?q=site%3Afiles.eprints.org+authentication - Google files.eprints.org for Authentication | *https://www.google.co.uk/search?q=site%3Afiles.eprints.org+authentication - Google files.eprints.org for Authentication | ||
*https://www.google.co.uk/search?q=site%3Abazaar.eprints.org+authentication - same, but on the Bazaar. | *https://www.google.co.uk/search?q=site%3Abazaar.eprints.org+authentication - same, but on the Bazaar. | ||
+ | *[http://wiki.unimas.my/unimaswiki/bin/view/HOW-TO,+Tutorial+%26+User+Manual/HOW-TO+%3A+Install+Eprints+v3.3.12++on+Ubuntu+14.04+With+LDAP+Authentication Install Eprints v3.3.12 on Ubuntu 14.04 With LDAP Authentication] | ||
+ | *[http://wiki.unimas.my/unimaswiki/bin/view/HOW-TO%2C+Tutorial+%26+User+Manual/HOW-TO+%3A+Install+Eprints+v3.3.12++on+Ubuntu+12.04+With+LDAP+Authentication Install Eprints v3.3.12 on Ubuntu 12.04 With LDAP Authentication] | ||
+ | |||
+ | [[Category:Access Control]] |
Latest revision as of 17:24, 28 October 2014
Access Control Layer | ||
This development is designed to allow access restrictions to be placed on EPrints, Documents and other data objects.
The model we're currently work with is:
Authenticating Authority (AA) - a trusted sign-in method that may also provide some knowledge about the person signing in, and offer groupings based on their attributes.
ACLRole - These are configured based on what an AA can offer. When a user signs in, any ACLRoles that the AA can grant to the user are added to their session. A user could sign in via more than one AA at a time.
ACLGroup - A set of ACLRoles that can be applied to an EPrint/Document/?. When access to the item is requested, the session ACLRoles are checked against the allowed ACLRoles. If there is a match, access is granted.
Contents
Associated pages
These pages have been created as part of the documentation of our work.
When we make this shizzle, how should it be done?
- StyleGuide
- NO text in citation files or other files - use phrases - a la https://github.com/eprints/eprints/commit/cccfab14e0b6764d7f1d80daf57bf4e308f56dd7
Things to do
- LogHandler - what do we log an when? See ~/perl_lib/EPrints/Apache/Rewrite.pm@515
- Check poly-lingual behaviour
- Check behaviour for summary_page and summary_page_denied
- Abstract summary page handler up to dataobj level
- Add config options to enable summary pages for specific dataobjs $c->{summary_pages}->{document} = ??? filters/citations/logs?
Other thoughts / useful links
- Category:Authentication
- http://files.eprints.org/836/ - Webserver authentication using auth_memcookie and simplesamlphp
- Webserver authentication - Single-sign-on via Shibboleth, CAS/mod_cas, Kerberos or just about any mod_auth_* Module for Apache httpd
- CAS - Central Authentication Service
- LDAP - Lightweight Directory Authentication Protocol
- Shibboleth authentication - UK Federation
- https://www.google.co.uk/search?q=site%3Afiles.eprints.org+authentication - Google files.eprints.org for Authentication
- https://www.google.co.uk/search?q=site%3Abazaar.eprints.org+authentication - same, but on the Bazaar.
- Install Eprints v3.3.12 on Ubuntu 14.04 With LDAP Authentication
- Install Eprints v3.3.12 on Ubuntu 12.04 With LDAP Authentication