DA1: Improve repository deposits through end-user controlThis draft of the final report is now open for comment. Please forward any comment to the author listed in the report by 28 June 2007. Please note that this report is subject to change and you should not quote this report until it is finalised. DA1 Report for review [PDF 79Kb].OverviewAfter meeting with some research teams and collaborating with ARROW project team, several key features that were missing from the FEDORA security module available at the time were identified. Specifically, in order to meet the needs of the ARROW and DART projects, the Fedora repository needed to be able to make authorization decisions based on particular fields in MARCXML (ARROW) and other metadata (DART). After studying the FEDORA architecture, it was concluded that a software patch needed to be developed to improve the authentication in Fedora repository, to fulfil those requirements. In particular, based on feedback from the Fedora development team, it was confirmed that the version of Fedora we were using (2.1 and 2.1.1) could only make authorization decisions based on a pre-defined and limited set of attributes defined in FOXML. So the proposal that the repository might make authorization decisions based on particular attributes in MARCXML was not possible without further work. By enhancing the features inside the Fedora XACML module, it made control access to resources and data stored within Fedora repositories more flexible, rather than using the insufficient default attribute values provide by Fedora itself. After this was done, the gathered access control requirements are encoded in XACML format and made available to the FEDORA system. Authorization process within FedoraAs described in the below figure, there are few major actors within Fedora Authorization process:
Download the security enhancements here. Please follow the readme to install. |
