Use case 1 - Fedora managing access conditions
Fedora managing access conditions
The producer of Fedora content wants to be able to set access conditions that would allow for the following scenarios:
As for implementation, I can offer some examples of what we use now. We specify the file type/size, the authorization type and then any values associated. Some examples:
TIF - Active Directory Group - ManuscriptCurators
TIF - Aeon
JPG 600px - IP - list of IP values or ranges
PDF - external authentication
JPG 1200px - Yale only
JPG 150px - open access
TIF - NetID - yale\mf438 (or a list of NetIDs)
DSK - Active Directory Group - ManuscriptDirectors
DSK - Emulation - AppleWin v1.1.8
Basically our need is for very granular levels of permission to be stored with the object in Fedora. Right now it is stored as XML as a data stream, it would be beneficial to have it stored differently so that we could make mass changes to materials for entire collections.
Another note, we would only be storing a single JPG or possibly no JPG and only a JP2 and will derive the JPG on the fly. So the access condition setup may include conditions for resolutions of digital formats not contained in the data streams. The JPG examples above would indicate that a single JPG exists as a data stream and from that stream we will derive smaller images. But the access conditions are different for ranges of sizes. For Yale, we stick to these sizes, 150px or less (thumb), 151-600px (medium), 600+ (full resolution). For TIF images we use Full, Half page and Quarter page. Right now, all other sizes/resolutions are tied directly to the file type stored as a data stream. But being able to reference access for something that is dynamically generated would make this scale to future needs.
Use case 2 - Programmers use API for access condition support in external systems, i.e. Hydra
Programmers use API for access condition support in external systems, i.e. Hydra
A programmer can use an API in Fedora that will provide access conditions for a requested object.
In an ideal implementation I could make a request to Fedora with a PID and the data stream, the API would then return the requirements for access. For example, a URL might look like http://fedora/PID/TIF/access and then returns something sort of JSON or XML that has all the access information for the specific request. If the data stream type is not specified then all access information would be returned.
Since we also would like to contain information related to born digital/emulation environments, this output would also list the restrictions for environments for accessing materials.
Use case 3 - Applications use API for updating access conditions stored in Fedora
Applications use API for updating access conditions stored in Fedora
A programmer use the API to update/add access conditions to a PID, PID range or all PIDs in a namespace. This would essentially be API access to do everything in the Use Case 1 above. Since no curators at Yale will have direct access to Fedora and all interaction will be through a different software front end such as Archivematica or our homegrown solution Ladybird, we will need CRUD controls for Access Conditions that can be handled from the other software products after ingest takes place.
Bulk updates are the most important part of this feature. Working with individual objects is time consuming and a wasteful operation. Ideally this is implemented so that a single update to a PID takes about the same amount of time as updating 10,000 PIDs.