[
https://jira.duraspace.org/browse/DS-937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20768#action_20768
]
Mark Diggory commented on DS-937:
---------------------------------
In reference to "netid" above, the problem is that we have two conceptually
different domain objects bound together in one class. EPerson is a
profile/representation for a user in DSpace and used in foreign key constraints
throughout the system. It also has password authentication entangled in it.
An identifier for the profile should be available that is not dependent on any
authentication mechanism and represents the user locally in DSpace, this would
be like any other DSpace object and referencable via a URL, (in similar manner
as a Facebook, LinkedIn or Google Profile). The conflated password
authentication mechanism should be separated from eperson and stored in a
AuthenticationMethod domain object backed by a separate table. Other
authentication methods should store their data separately (or as MarkW points
out, not at all)
The Id for the DSpace user could be auto generated (handle like) or be chosen
by the user. It would exist forever regardless of authentication mechanism.
Ideally, the item would have a separately stored change history rather than the
provenance stored in a metadata field. The change history would record the
EPerson user that makes the change to the DSpace item and a reason (this is a
capability of the Versioning prototype currently in development by @mire and
NESCent for Dryad.
> Stop using Email Address as Identifier for DSpace User.
> -------------------------------------------------------
>
> Key: DS-937
> URL: https://jira.duraspace.org/browse/DS-937
> Project: DSpace
> Issue Type: Improvement
> Components: DSpace API
> Affects Versions: 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1,
> 1.7.2, 1.8.0
> Reporter: Mark Diggory
> Priority: Major
>
> Use of email address as a persistent identifier for the DSpace conflicts with
> the fact that email addresses are not persistent. Email addresses go away
> and/or are reassigned to other individuals. There are also policy concerns
> with Authenticators like Shibboleth and CAS that may or may not deliver an
> email address as a organizational policy.
> This Task is a placeholder to identify a solution to correct for the problem.
> 1.) DSpace should use a different identifier / key for the EPerson (netid? or
> combination of "authenticator + netID")
> 2.) DSpace should make providing an email address as optional for cases where
> the Authentication features lack this specific capability.
> 3.) Issuing emails should be optional for accounts without email addresses.
> 4.) Stop storing email address (or any other detail about who made the
> change) in dc.description.provenance field.
> One proposed solution to this problem is that the Authentication Method
> should be broken off of EPerson and stored separately, making EPerson a
> "Profile" and the method of Authentication be stored separately (Password,
> Certificate, LDAP, Shibboleth, CAS, Facebook, Google) Different
> AuthenticationMethods may store the data as they see fit. And the Profile
> would store only those local details for that user.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
