The following questions need to be resolved by the next audit service meeting (to be scheduled between March 4-6). In each case, a default answer has been provided in case there is insufficient community input in the allotted time. The default answers are highlighted in green.
Answer | Submitted by |
---|---|
Yes. By default, no restrictions will be enforced. | David Wilcox |
Yes. No restrictions enforced. Capturing the event's source (or agent) to distinguish between internal/imported. | Ralf Claussnitzer |
Yes. The source of the externally created event, along with an indication that the event occurred externally, should be included in the resource's audit log. | Joshua Westgard |
Import format should be RDF in the same ontology as audit retrieval and export. | A. Soroka |
Answer | Submitted by |
---|---|
Fedora will use servlet-request#getUserPrincipal to get the principal. This means that applications will need to pass user principals to Fedora in order for them to be recognized by the audit service. | David Wilcox |
User Principle applies if no other principal is provided. Problem with entities other than users ("frontendServer1"?). Providing "On-Behalf-Of" mechanism (SWORD Authentication and Mediated Deposit) might help. | Ralf Claussnitzer |
I'm a little worried about the use of a servlet-specific means here. For integrations directly via in-process calls, that seems off-point, and in any event, it will draw Servlet API types and abstractions down into a lower layer of implementation code than should have to be the case. Perhaps we can just use some form of agent from the eventually-chosen ontology that could be auto-filled as appropriate? | A. Soroka |
This is related to the previous question, and need not be resolved as quickly as the other questions.
Answer | Submitted by |
---|---|
I suggest Fedora internal PUIDs bound to the Authentication System. | Ralf Claussnitzer |
I'm not sure this is the job of the repository. Isn't it the job of the agency assigning principal identifiers? | A. Soroka |
I agree with A. Soroka here. If users are managed by a higher-level application (which I think is the scenario), then Fedora should simply receive and retain the user info provided as part of the event record. | John Doyle |