Difference between revisions of "EPrints User Group 2015-01-13"

John Salter and John Beaman, University of Leeds

Intro

• Hello: we're John Salter and John Beaman from the University of Leeds.
• We've spent some time trying to write an Access Control system for EPrints. It's been a horror.
• One of our use-cases is for Research Data, but it could be used on other repository types.

Out of the box User Access Control

• EPrints (you all know what this is, right..?) has basic control at the document level - the 'security' field:
  • public (Open Access)
  • validuser (anyone who's got an account on that EPrints instance)
  • staffonly (Repository editors/admins)
• This doesn't cover the requirements for some repositories...

Requirements

• Control access to EPrints, Documents
• Control access based on:
  • User attributes e.g. signed-in via Shibboleth
  • Location e.g. on-campus
• Simple interface to assign restrictions

EPACL: EPrints Access Control Layer

• Doesn't overwrite any existing 'security' specified on documents.

ACL_Roles

• Fields
  • ID
  • ACL_Authority e.g. LDAP; IP address; EPrintsUser
  • Role title
  • Role description
  • Filter e.g. member of a specific LDAP group; EPrintsUser type = editor;

ACL_Groups

• Fields
  • ID
  • Group name
  • Group description
  • ACL_Roles
  • Role combination (AND / OR)

ACL_Authority

???

Dealing with rejection

• What happens when someone is denied access?
  • Document landing pages
  • Restricted summary pages
  • Contact details to request access?

Homeless thoughts

• Summary Page citation style
• Access logging
• Login sources
• Modular design
• Request vs User
• Describe ACL_Group, ACL_Role, ACL_Authority
• DOIs at Doc level = landing page citation style