On Fri, Aug 06, 2010 at 09:59:44AM -0500, Tim Donohue wrote: > (1) We noticed that the REST API documentation on the wiki currently > doesn't mention anything about Authentication. How is authentication > expected to be handled (or being handled)? Is it just Basic HTTP Auth? > Is there any extra configuration/setup that should be documented on > the wiki page? It might be good to document how authentication is > expected to be handled, and anything else worth knowing in this area.
This is of concern because DSpace provides a number of authentication
mechanisms which aren't defined over HTTP. It would thus not be
possible to use the REST API with those types of credentials, and this
might be a serious impediment to sites which make heavy use of those
mechanisms. If this feature does not now use DSpace's pluggable
authentication infrastructure, I feel certain that we will want to
rework it at some point so that it can.
> (2) We also noticed there isn't mention of Authorization in the wiki
> documentation. From looking at the code, it looks like you are handling
> Authorization by letting the dspace-api handle it (which is perfectly
> fine, in my opinion). You then catch any AuthorizationExceptions thrown
> and return a 401 or 403 response, depending on the situation. (Please
> correct me if I'm wrong about anything I've stated.) It just might be
> good to also document that more clearly, so that everyone is aware how
> Authorization is being handled and what happens when you are not
> authorized to make a change or access a particular resource.
Now, this sounds to me like the proper way to do things. AAA really
should be more centralized in DSpace so that, where possible,
different user interfaces automatically behave in similar ways.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Balance your desire for bells and whistles with the reality that only a
little more than 2 percent of world population has broadband.
-- Ledford and Tyler, _Google Analytics 2.0_
pgplGOts2GuXC.pgp
Description: PGP signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel
