...
The first time the Fedora repository server is started, these policies will be automatically copied into the official repository-wide policy storage location that was specified in the Fedora configuration file (fedora.fcfg). The policies are activated once they are copied into this location.
HTML Table |
---|
|
Table Row (tr) |
---|
bgcolor | #c0c0c0 |
---|
align | center |
---|
| Table Cell (td) |
---|
XACML Policy File |
Table Cell (td) |
---|
Policy Description |
|
|
Wiki Markup |
---|
{table:border=1}
{tr:align=center|bgcolor=#c0c0c0}
{td}*Rule*{td}
{td}*Service*{td}
{td}*XACML Policy File*{td}
{td}*Policy Description*{td}
{tr}
{tr:bgcolor=#ffffff}
{td}1{td}
{td}any{td}
{td}[|XACML Policy Enforcement^permit-anything-to-administrator.xml]{td}
{td}This is a "positive policy" that permits the Fedora administrator to have access to any operation on any Fedora repository service Table Cell (td) |
---|
This is a "positive policy" that permits the Fedora administrator to have access to any operation on any Fedora repository service (API-M, |
| {td}
{tr}
{tr:bgcolor=#ffffff}
{td}2{td}
{td}API-M{td}
{td}[|XACML Policy Enforcement^deny-apim-if-not-localhost.xml]{td}
{td}This is a "negative policy" that denies access to API-M operations that are not made from the IP address of the machine on which the Fedora repository is running on. In other words, the policy will not allow API-M requests from hosts other than "localhost."{td}
{tr}
{tr:bgcolor=#ffffff}
{td}3{td}
{td}API-A{td}
{td}[ Table Cell (td) |
---|
This is a "negative policy" that denies access to API-M operations that are not made from the IP address of the machine on which the Fedora repository is running on. In other words, the policy will not allow API-M requests from hosts other than "localhost." |
| |XACML Policy Enforcement^permit-apia-unrestricted.xml]{td}
{td}This is a "positive policy" that permits unrestricted access to Table Cell (td) |
---|
This is a "positive policy" that permits unrestricted access to API-A. |
| {td}
{tr}
{tr:bgcolor=#ffffff}
{td}4{td}
{td}OAI{td}
{td}[|XACML Policy Enforcement^permit-oai-unrestricted.xml]{td}
{td}This is a "positive policy" that permits unrestricted access to the default OAI provider interface to the Fedora repository. In other words, OAI-PMH operations are completely open for use by any user/agent. (Note, this does not control access to the stand-alone PROAI service that is distributed with Fedora 2.1. PROAI is a stand-alone web application that must be secured separately.{td}
{tr}
{table} Table Cell (td) |
---|
This is a "positive policy" that permits unrestricted access to the default OAI provider interface to the Fedora repository. In other words, OAI-PMH operations are completely open for use by any user/agent. (Note, this does not control access to the stand-alone PROAI service that is distributed with Fedora 2.1. PROAI is a stand-alone web application that must be secured separately. |
|
|
A review of how the policy combining algorithm works, will reveal that access to a service operation cannot occur unless access is expressly permitted. The net effect of the default access control policies is that the administrator is expressly permitted to do anything (with the restriction of having to make API-M requests from the same IP address that the server runs on), and all users are expressly permitted access to API-A and OAI service requests.
...
Generally, the default repository utility policies should not be removed. They enforce core and crucial protections of the repository. Considerate understanding of how they work should proceed any (unlikely) needed editing. For example, consider and edit to permit other IPs than localhost, as opposed simply to deleting the policy.
HTML Table |
---|
|
Table Row (tr) |
---|
bgcolor | #c0c0c0 |
---|
align | center |
---|
| Table Cell (td) |
---|
XACML Policy File |
Table Cell (td) |
---|
Policy Description |
|
|
Wiki Markup |
---|
{table:border=1}
{tr:align=center|bgcolor=#c0c0c0}
{td}*Rule*{td}
{td}*Service*{td}
{td}*XACML Policy File*{td}
{td}*Policy Description*{td}
{tr}
{tr:bgcolor=#ffffff}
{td:align=center}1{td}
{td}serverAdmin{td}
{td}[ Table Row (tr) |
---|
| Table Cell (td) |
---|
serverAdmin |
| |XACML Policy Enforcement^deny-policy-management-if-not-administrator.xml]{td}
{td} {td}
{tr}
{tr:bgcolor=#ffffff}
{td:align=center}2{td}
{td}any{td}
{td}[|XACML Policy Enforcement^deny-inactive-or-deleted-disseminations-if-not-administrator.xml]{td}
{td}This is a "negative policy" that will deny all access to inactive/deleted disseminations if the user/agent is not the Fedora administrator. Unlike purged disseminations, inactive/deleted disseminations still exist, but they are just marked as inactive/deleted. As such they should not be available to users. The exception is that the Fedora administrator is allowed to access them.{td}
{tr}
{tr:bgcolor=#ffffff}
{td:align=center}3{td}
{td}any{td}
{td}[ Table Cell (td) |
---|
This is a "negative policy" that will deny all access to inactive/deleted disseminations if the user/agent is not the Fedora administrator. Unlike purged disseminations, inactive/deleted disseminations still exist, but they are just marked as inactive/deleted. As such they should not be available to users. The exception is that the Fedora administrator is allowed to access them. |
| |XACML Policy Enforcement^deny-inactive-or-deleted-objects-or-datastreams-if-not-administrator.xml]{td}
{td}This is a "negative policy" that will deny all access to inactive/deleted datastreams if the user/agent is not the Fedora administrator. Unlike purged objects/datastreams, inactive/deleted objects/datastreams still exist, but they are just marked as inactive/deleted. As such they should not be available to users. The exception is that the Fedora administrator is allowed to access them.{td}
{tr}
{tr:bgcolor=#ffffff}
{td:align=center}4{td}
{td}API-M{td}
{td}[deny-purge-datastream-if-active-or-inactive.xml|XACML Policy Enforcement^deny Table Cell (td) |
---|
This is a "negative policy" that will deny all access to inactive/deleted datastreams if the user/agent is not the Fedora administrator. Unlike purged objects/datastreams, inactive/deleted objects/datastreams still exist, but they are just marked as inactive/deleted. As such they should not be available to users. The exception is that the Fedora administrator is allowed to access them. |
| ]
{td}
{td}This is a "negative policy" that will ensure that datastreams cannot be purged (permanently removed) unless they are in the deleted state. Purging of active or inactive datastreams is not allowed.
{td}
{tr}
{tr:bgcolor=#ffffff}
{td:align=center}5{td}
{td}API-M{td}
{td}[ Table Cell (td) |
---|
This is a "negative policy" that will ensure that datastreams cannot be purged (permanently removed) unless they are in the deleted state. Purging of active or inactive datastreams is not allowed. |
| |XACML Policy Enforcement^deny-purge-object-if-active-or-inactive.xml]{td}
{td}This is a "negative policy" that will ensure that objects cannot be purged (permanently removed) unless they are in the "deleted" state. Purging of active or inactive objects not allowed.{td}
{tr}
{tr:bgcolor=#ffffff}
{td:align=center}6{td}
{td}serverAdmin{td}
{td}[ Table Cell (td) |
---|
This is a "negative policy" that will ensure that objects cannot be purged (permanently removed) unless they are in the "deleted" state. Purging of active or inactive objects not allowed. |
|
Table Row (tr) |
---|
| Table Cell (td) |
---|
serverAdmin |
| |XACML Policy Enforcement^deny-reloadPolicies-if-not-localhost.xml]{td}
{td}This is a "negative policy" that will deny requests to reload policies Table Cell (td) |
---|
This is a "negative policy" that will deny requests to reload policies (i.e., |
| {td}
{tr}
{tr:bgcolor=#ffffff}
{td:align=center}7{td}
{td}serverAdmin{td}
{td}[ Table Row (tr) |
---|
| Table Cell (td) |
---|
serverAdmin |
| |XACML Policy Enforcement^deny-serverShutdown-if-not-localhost.xml]{td}
{td}This is a "negative policy" that will deny requests to shutdown the Fedora server if this requests is not initiated from the IP address of the machine on which the repository is running (i.e., localhost).{td}
{tr}
{tr:bgcolor=#ffffff}
{td:align=center}9{td}
{td}serverAdmin{td}
{td}[ Table Cell (td) |
---|
This is a "negative policy" that will deny requests to shutdown the Fedora server if this requests is not initiated from the IP address of the machine on which the repository is running (i.e., localhost). |
|
Table Row (tr) |
---|
| Table Cell (td) |
---|
serverAdmin |
| |XACML Policy Enforcement^permit-serverStatus-unrestricted.xml]{td}
{td}This is a "positive policy" that permits unrestricted access for obtaining the Fedora server status.{td}
{tr}
{table} Table Cell (td) |
---|
This is a "positive policy" that permits unrestricted access for obtaining the Fedora server status. |
|
|
6 Sample Policies for Typical Fedora Use
...