Hydra does not rely on Fedora 3's AuthN/Z capabilities, but rather stores it access policy on the "rightsMetadata" datastream of Fedora objects. The handling of access controls is then managed at the application level above Fedora.
The intent of this document is twofold:
- To clearly record how Hydra is currently designed to manage user access to resources across:
- Fedora REST API
- Fedora Resource Index
- Repository Search
- To describe how Hydra could potentially leverage the nascent Fedora 4 AuthN/Z framework
Hydra AuthN/Z Design
Hydra in simple terms is the Blacklight discovery interface on top of ActiveFedora, with the addition of access controls.
Fedora REST API
ActiveFedora uses the Rubydora library to handle Fedora REST API requests and responses. The credentials of the Hydra application authenticated user, however, are not used for authorization of Fedora REST API requests. A single Fedora user account provided in a configuration file is used for access to restricted methods (API-M).
Fedora Resource Index
Hydra makes no direct usage of the Fedora RI, since it relies on Solr for repository queries (via Blacklight and ActiveFedora).
Repository Search
Hydra and Fedora 4
The potential delegation of AuthN/Z responsibility from Hydra to Fedora 4 is captured in the following use cases.
Title (Goal) | |
---|---|
Primary Actor | |
Scope | |
Level | |
Story (A paragraph or two describing what happens) |