Fedora Project Survey

Respondent

Sandy Payette, Executive Director of Fedora Commons

Goal/Problem Space

Fedora - digital repository system (exposed as web services)

Features

Fedora:  digital object model;  management of content;  versioning; RDF relationships, access and management via SOAP and REST APIs;  associate services with objects ("disseminators"); preservation-enabling features;  XACML policy enforcement;  companion search service (supporting Lucene, Solr, Zebra);  replication; pluggable storage layer.

Technology Stack

Java
Tomcat; Axis;
RDBMS for registry (tested with MySQL, Derby, Oracle, Postgres)
Home-grown plug-in framework;  looking to move to OSGi or similar
Sun XACML engine

Identity Services

NOTE: Answers in table below are probably difficult to interpret since it depends on how any one installation is configured.   For example, people have configured AuthN/AuthZ above the core Fedora repository and shut off the capabilities built in at the repository layer.  Others have used the simple configurations we provide out of the box driven by authentication configuration at the web app level, plus Fedora-specific modules for XACML authorization).   Others have configured Fedora with Shibboleth.

Standards and Interfaces

Generally, authentication is pluggable via servlet filters.   We provide sample templates and documentation for commons cases (e.g., LDAP).

We use XACML for authorization and policy enforcement.   A set of default XACML policies ship with the repository.   Then we have a set of sample policies that people can modify for their needs and deploy in the repository configuration.

Issues and Challenges

It's not easy for people to get things going out of the box.   We are currently working with some members of the Fedora community to refactor and do authentication using JAAS.

More Information

Fedora Commons
Authentication documentation
XACML Documentation