Skip to end of metadata
Go to start of metadata
Table of Contents

Security Documentation

Since security is a cross-cutting topic, security documentation must be kept accurate, timely and accessible to our users. Generally, security documentation has a section that brings together all the security-related subjects though often those subjects are also individually discussed close to their closest usage context. Using a Wiki for documentation make this easier since we can cross-link and use excerpts to make the documentation authoring and maintenance much easier.

Fedora 3.5 Security Documentation Updates

The central security documentation for Fedora has become fragmented and is out of date. For Fedora 3.5, the hope is to improve the documentation followed by an ongoing task of improving the documentation with each incremental release. This is the work of many hands since no-one has the complete story. In particular, security is very much involved with the use of the system so the participation of repository administrators and application developers is a key aspect of this thread.

The current core security documentation has become very fragmented and out of date. It was assembled out of fragments of old documents during the move to Wiki-based documentation in Fedora 3.0. The security documentation in the individual APIs is fairly accurate but the there is little flow back to the security section of the documentation. And the documentation is could be made easier to use. To help, we hope you will look at the current security documentation and comment on deficiencies or areas that can be improved. Please, don't assume if you spot a problem you will be asked to fix it — we will be asking the person who has the most knowledge to do that (although help is always appreciated). Also, don't be concerned if you don't like to write — let's just get the accurate material and we can get the help to smooth it out (likely Dan).

Deficiencies, Inaccuracies, and Improvements

  • Security Options
    • Section does not describe all the options with a quick indication of which should be used and when.
  • Quick Start Guide
    • A simple cookbook for a basic repository security set up.
  • Repository XACML Enforcement
    • How does it interact with other security components
    • Insufficient examples for typical security policy
  • FeSL
    • Most of the documentation is incomplete
  • Operational
  • Institutional

Documentation Updates




  • No labels


  1. I'm not sure how much of the development process is to be exposed in Fedora's core documentation, but unless that process is to remain entirely hidden, I suggest that until FeSL authn and authz are completely online, stable and are the default services, it would be useful to include in the section about FeSL a reasonably complete picture of the state of development, with reference to Jira entities.