Child pages
  • Fedora Project Survey
Skip to end of metadata
Go to start of metadata

Respondent

Sandy Payette, Executive Director of Fedora Commons

Goal/Problem Space

Fedora - digital repository system (exposed as web services)

Features

Fedora:  digital object model;  management of content;  versioning; RDF relationships, access and management via SOAP and REST APIs;  associate services with objects ("disseminators"); preservation-enabling features;  XACML policy enforcement;  companion search service (supporting Lucene, Solr, Zebra);  replication; pluggable storage layer.

Technology Stack

Java
Tomcat; Axis;
RDBMS for registry (tested with MySQL, Derby, Oracle, Postgres)
Home-grown plug-in framework;  looking to move to OSGi or similar
Sun XACML engine

Identity Services

NOTE: Answers in table below are probably difficult to interpret since it depends on how any one installation is configured.   For example, people have configured AuthN/AuthZ above the core Fedora repository and shut off the capabilities built in at the repository layer.  Others have used the simple configurations we provide out of the box driven by authentication configuration at the web app level, plus Fedora-specific modules for XACML authorization).   Others have configured Fedora with Shibboleth.

Managed Information

Consume?

Produce?

Broker/Convey?

Privileges

 

Yes

 

Roles

 

Yes

Yes

Groups

 

 

Yes

Attributes

Yes

Yes

Yes

Identification

Yes

Yes

Yes

Defined Interfaces

Consume?

Produce?

Broker/Convey?

Authentication

 

 

Yes

Attributes

 

 

Yes

Permissions

 

Yes

 

Provisioning

 

 

 

Authorization

 

Yes

 

Subjects

 

 

 

Other

Consume?

Produce?

Broker/Convey?

XACML Policies

Yes

 

Yes

Standards and Interfaces

Generally, authentication is pluggable via servlet filters.   We provide sample templates and documentation for commons cases (e.g., LDAP).

We use XACML for authorization and policy enforcement.   A set of default XACML policies ship with the repository.   Then we have a set of sample policies that people can modify for their needs and deploy in the repository configuration.

Issues and Challenges

It's not easy for people to get things going out of the box.   We are currently working with some members of the Fedora community to refactor and do authentication using JAAS.

More Information

Fedora Commons
Authentication documentation
XACML Documentation

  • No labels