Hi Bram,
Thanks a lot for your swift and thorough answer.
This looks promising :)
regards,
Kristian
On 19. nov. 2010, at 17.07, Bram Luyten <b...@mire.be> wrote:
> Hi Kristian,
>
> section 2.7 and 2.8 cover authentication and authorization.
> http://www.dspace.org/1_6_2Documentation/ch02.html#N102B8
>
> more detail: 5.2.11 on authentication
> http://www.dspace.org/1_6_2Documentation/ch05.html#N12A26
>
> and 3.7 on authorization
> http://www.dspace.org/1_6_2Documentation/ch13.html#N17F3C
>
> In context of some of our projects it was definitely worth the time and the
> effort to leverage authorization information in other sources, to be "mapped"
> to authorizations in DSpace.
> For example, given that the structure of your DSpace corresponds with the
> hierarchy of your institution you can:
>
> when someone logs in for the first time:
>
> 1. The user logs in with his existing institution credentials (for example,
> the login that he/she uses for an email box or internal ERP system). This can
> be achieved by linking the authentication with your institutional LDAP or
> shibboleth. In this way, you avoid the necessity to (self) register new users.
> 2. Once authenticated, you make DSpace ping the staff directory for
> information, to determine to which department the person belongs
> 3. Once DSpace learns which department/unit someone belongs to, it can create
> a corresponding e-person object for the person who logs in, with submission &
> read rights, determined from the retrieved information from the staff
> directory.
>
> If you have a lot of users, it would really take you a long time to set
> authorizatin manually through the groups & policy webinterface in DSpace. But
> you can customize it this way, that it is highly automated, given that your
> repository structure matches the structure of your institution, and that
> there is some kind of API available.
> You can really do a lot of neat stuff. Let's say that you have a community
> for the computer science department, with collections for working papers,
> theses, ... these kind of methods can grant submission rights for all of the
> collections under a community to which someone belongs.
>
> good luck,
>
> Bram Luyten
>
> @mire - http://www.atmire.com
>
> Technologielaan 9 - 3001 Heverlee - Belgium
> 533 2nd Street - Encinitas, CA 92024 - USA
>
> http://www.togather.eu - Before getting together, get t...@ther
>
>
> On Fri, Nov 19, 2010 at 4:07 PM, Kristian Roberto Salcedo
> <k.r.salc...@ub.uio.no> wrote:
> Hi,
>
> Does anyone know if any work has been done
> on using external authorization systems for
> controlling user permissions in DSpace?
>
> Is it possible (or worth the time) to map external authorization
> information to the internal authorization mechanisms in
> DSpace for example...?
>
> I've been looking in the various list archives for some
> info on this, but I havent been able to find anything.
>
> regards,
> Kristian
>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today
> http://p.sf.net/sfu/msIE9-sfdev2dev
> _______________________________________________
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
