...
Agents are the users of Fedora. These identify the principles principals (in a security sense) have made authenticated requests to the repository. In ACL Authorizations used by Fedora, these may be represented as strings or as URIs. The SOLID WebAC spec stipulates that agents are identified by URIs, and suggests (but does not have any normative language requiring) that these URIs are intended to be WebIDs. The Fedora specification does not comment on the topic of identifying agents. Nevertheless, for legacy purposes, the Fedora 5.x software allows strings or URIs to identify agents (e.g. "bob" or <http://example.org/people/bob>). When using URIs, there is no expectation be Fedora that these URIs be resolvable, or have a representation. It is highly recommended that you use URIs
The mapping of a logged-on principal to a string or URI depends on the selection and configuration of a Principal Provider, which may provide the identity of users as strings or URIs depending on its implementation. Because agents are recommended to be represented as URIs, Fedora can be configured to automatically prefix any principals that are provided as strings with a baseURI. This is achieved by setting the system property fcrepo.auth.webac.userAgent.baseUri. For example:
| Code Block | ||||
|---|---|---|---|---|
| ||||
fcrepo.auth.webac.userAgent.baseUri=http://example.org/agent/ |
Continuing with this example, if a user comes in as user "dra2", the user's identity will be converted to the URI http://example.org/agent/dra2 before applying ACLs.
Examples of Authorizations
...