Sandy Payette, Executive Director of Fedora Commons
Fedora - digital repository system (exposed as web services)
Fedora: digital object model; management of content; versioning; RDF relationships, access and management via SOAP and REST APIs; associate services with objects ("disseminators"); preservation-enabling features; XACML policy enforcement; companion search service (supporting Lucene, Solr, Zebra); replication; pluggable storage layer.
Java
Tomcat; Axis;
RDBMS for registry (tested with MySQL, Derby, Oracle, Postgres)
Home-grown plug-in framework; looking to move to OSGi or similar
Sun XACML engine
NOTE: Answers in table below are probably difficult to interpret since it depends on how any one installation is configured. For example, people have configured AuthN/AuthZ above the core Fedora repository and shut off the capabilities built in at the repository layer. Others have used the simple configurations we provide out of the box driven by authentication configuration at the web app level, plus Fedora-specific modules for XACML authorization). Others have configured Fedora with Shibboleth.
Managed Information |
Consume? |
Produce? |
Broker/Convey? |
---|---|---|---|
Privileges |
|
Yes |
|
Roles |
|
Yes |
Yes |
Groups |
|
|
Yes |
Attributes |
Yes |
Yes |
Yes |
Identification |
Yes |
Yes |
Yes |
Defined Interfaces |
Consume? |
Produce? |
Broker/Convey? |
Authentication |
|
|
Yes |
Attributes |
|
|
Yes |
Permissions |
|
Yes |
|
Provisioning |
|
|
|
Authorization |
|
Yes |
|
Subjects |
|
|
|
Other |
Consume? |
Produce? |
Broker/Convey? |
XACML Policies |
Yes |
|
Yes |
Generally, authentication is pluggable via servlet filters. We provide sample templates and documentation for commons cases (e.g., LDAP).
We use XACML for authorization and policy enforcement. A set of default XACML policies ship with the repository. Then we have a set of sample policies that people can modify for their needs and deploy in the repository configuration.
It's not easy for people to get things going out of the box. We are currently working with some members of the Fedora community to refactor and do authentication using JAAS.
Fedora Commons
Authentication documentation
XACML Documentation