Proposal for Development of an Enhanced Security Layer for Fedora 3In 2008, the Fedora team released Fedora v3 which included many notable changes, although one area where there was not much change was authentication and authorization. There have been many requests from the Fedora user community for a wider range of authentication methods, a simpler approach to security and better management and enforcement of XACML authorization policies. In order to address this critical issue, the Fedora Commons and a number of Fedora community members have proposed a project, the Fedora Security Layer (FeSL), to enhance one of the more promising developments in this area and provide it to the Fedora community.We are proposing that funds be contributed by members of the Fedora community to ensure timely and appropriate development of this aspect of the Fedora system. The budget for the FeSL project is $50,000. Each Project Contributor is asked to provide a contribution of $5,000 for a total of 10 Project Contributors who agree to provide a minimum of $5,000. Project ContributorsTo date the following organizations have committed $5,000 to the project:
Proposed WorkTo date, some significant developments in the area of security have been undertaken as part of the DRAMA and Muradora projects. Muradora, which started in 2007, is a web-based GUI for the Fedora repository. As part of its development, new authentication and authorization modules for Fedora were introduced to support SAML-based federated authentication, and XACML-based authorization policy creation, management, and enforcement. These modules were designed to be pluggable so that they could be deployed on top of any Fedora v2.2.x repository without requiring code modification to Fedora itself. While Muradora requires the use of these new authentication and authorization modules, other "non-Muradora" users of Fedora can also employ these modules to take advantages of the services that they offer. The April 2009 Beta release of Muradora is the first step in making Muradora compatible with Fedora 3.x.The FeSL project will extract the existing Fedora XACML module from the core and provide the enhanced functionality via this new security layer, operating in concert with the repository at a higher level in the stack. FESL will run alongside existing Fedora code but will assume that the standard Fedora XACML component is turned off. In this context FESL will override the existing XACML implementation. The project will have the following deliverables:
More details on these 5 areas of development can be found on the Fedora Commons site at: https://fedora-commons.org/confluence/display/DEV/Fedora_Enhanced_Security_Layer_FESL_Requirements The goal of this project is to deliver on all 5 components by mid 2009, assuming a start date of June 1. The development team will consist of key members of the core DRAMA/Muradora team. Additional input and development will be provided by individuals from the Project Contributor institutions. Project ManagementThe University of PEI and MediaShelf have agreed to manage the project, and will work closely with Fedora Commons to ensure optimal integration into the Fedora software. In support of the project, Fedora Commons will contribute a core developer to work with the FeSL team. Contributions to the FeSL project budget will be managed by Fedora Commons on behalf of the community and will be disbursed to pay contractors and developers hired to work on the project. Unallocated funds would be used for future enhancements as per community input. If you are interested in becoming a Project Contributor or would like more information about the FeSL project, please contact Mark Leggott. I would highlight that this project provides one example of how we can expand the efforts of the Fedora Commons and the larger community to build a sustainable ecology around what has become a critical application at many of our institutions. Mark Leggott, University Librarian |