...
- A resource can be related to tags. Each tag is contained in a tag category: Conservation, Imaging, Licensing, etc. For tags related to a certain resource:
- Imaging users can read, create and delete tags in Imaging category
- Imaging users can read tags in Conservation category
- Conservation users can read, create and delete tags in Conservation and Imaging categories
- Note: F4 does not have "tags" per se. Are you envisioning a "tag" as a resource? or a property?
- See comment below
- Enforce ACLs on binary resources
- Add support for external ACL resources (resources that point to an ACL that is outside the Fedora domain)
- Add support for external agentClass graphs
- Enforce ACLs on ACL resources with a filesystem-based backstop (at present, only the admin user can add/edit ACLs)
- Verify header-based (delegated) authentication use cases
- Add ACL URIs to response headers as
Link: <acl-uri>; rel=meta
- Implement
acl:Control
andacl:Append
modes - Add support for inclusion of other acls via
acl:include
Removed/Amended Use Cases
...
Proposed Requirements (Phase 1)
Panel | ||
---|---|---|
| ||
|
Sprint 1 (Phase I) Requirements
- F4 MUST allow assertions about authorization to be modeled in RDF in accordance with the WebAccessControl specification.
- Access assertions to be implemented are
- READ -> GET a resource
- WRITE -> PUT/POST/PATCH/DELETE a resource
- APPEND -> PATCH a resource, restricted to Insert statements only.
- as well as extending for:
- DELETE -> DELETE a resource
- UPDATE -> PUT/POST a resource
- The implementation assumes an ACL is it's own ACL, therefore CONTROL will not be implemented at this time.
- Optional extensions (ie. regex matching) will not be implemented in Phase 1.
- Access assertions to be implemented are
- F4 MUST be able to enforce authorization based on WebAC when a resource is requested via the REST-API
- F4 MUST allow authorization policies to apply to a group of resources which consists of:
- Resources sharing a rdf:type attribute matching an acl:accessToClass rule in an ACL in the preconfigured location.
- Note: sprint-1 implementation does not confine ACLs to reside in a "preconfigured location", but they can instead exist anywhere within the repository.
- Resources (without their own specific policy) share the policy of their container (defined as the resource which ldp:contains the target).
- Resources sharing a rdf:type attribute matching an acl:accessToClass rule in an ACL in the preconfigured location.
- F4 MUST honor the most permissive authorization policy when multiple policies apply to a request.
- See the section Finding the effective policy set, for more clarity.
- F4 MUST provide a way for external services such as Solr to enforce the authorization rules defined in the repository.
- Would one method of achieving this be to create separate solr cores for public users vs. admin users and publish only the public resources to the former and everything to the latter, or does the use case dictate more granular distinctions?
- Each request for a Web Resource returns an HTTP document containing a Link header (Link: <>; rel=acl) to an ACL resource which describes access to the given resource and potentially others.
- Servers are required to recognize the class foaf:Agent as the class of all agents (i.e. foaf:Agent is synonymous with "everyone")
Sprint 2 (Phase I) Requirements
Must have
- Enforce ACLs on ACL resources with filesystem-based backstop:
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1792
- Implement acl:Control, acl:Append, acl:Update and acl:Delete modes:
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1794
- F4 MUST provide a way for external services such as Solr to enforce the authorization rules defined in the repository:
andJira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1795 Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1802
- Enforce ACLs on binary files:
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1791
- More documentation:
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1239 Jira server DuraSpace JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1806 Jira server DuraSpace JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1791
- Add support for agentClass graphs defined within F4:
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1793
- Verify header-based (delegated) authentication is supported (where headers are used to define the effective agent, independent of any container-based AuthN):
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1790
- Fix bug with versioned resources:
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1760
- Make webac and audit default configuration in fcrepo-webapp-plus:
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1773 Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1821
- Bug fixes
Jira server DuraSpace JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1809
Nice to have
- Add ACL uris to response headers as "Link: <acl-uri>; rel=acl":
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1795
- Support external ACLs (ACLs not managed by fedora)
- Add support for agentClass graphs defined external to F4
- Minor code cleanup:
Jira server DuraSpace JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1807
Likely not
- Support for inclusion of other ACLs via acl:include
Removed requirements
- F4 resources that are open for public read should not challenge the client to authenticate
- What if a resource has no ACL? Should there be a default behavior? (for example allow all to admin user; deny all to non-admin?)
- This requirement specifies public *read*. Do we also want to allow a public write? While use cases for the latter are admittedly going to be rare, it would seem better not to be opinionated here if public write is what an implementer wants.
...