Hi Kristian,
section 2.7 and 2.8 cover authentication and authorization.
<http://www.dspace.org/1_6_0Documentation/ch02.html#N102B8>
http://www.dspace.org/1_6_2Documentation/ch02.html#N102B8
more detail: 5.2.11 on authentication
http://www.dspace.org/1_6_2Documentation/ch05.html#N12A26
and 3.7 on authorization
http://www.dspace.org/1_6_2Documentation/ch13.html#N17F3C
In context of some of our projects it was definitely worth the time and the
effort to leverage authorization information in other sources, to be
"mapped" to authorizations in DSpace.
For example, given that the structure of your DSpace corresponds with the
hierarchy of your institution you can:
when someone logs in for the first time:
1. The user logs in with his existing institution credentials (for example,
the login that he/she uses for an email box or internal ERP system). This
can be achieved by linking the authentication with your institutional LDAP
or shibboleth. In this way, you avoid the necessity to (self) register new
users.
2. Once authenticated, you make DSpace ping the staff directory for
information, to determine to which department the person belongs
3. Once DSpace learns which department/unit someone belongs to, it can
create a corresponding e-person object for the person who logs in, with
submission & read rights, determined from the retrieved information from the
staff directory.
If you have a lot of users, it would really take you a long time to set
authorizatin manually through the groups & policy webinterface in DSpace.
But you can customize it this way, that it is highly automated, given that
your repository structure matches the structure of your institution, and
that there is some kind of API available.
You can really do a lot of neat stuff. Let's say that you have a community
for the computer science department, with collections for working papers,
theses, ... these kind of methods can grant submission rights for all of the
collections under a community to which someone belongs.
good luck,
Bram Luyten
@mire - http://www.atmire.com
Technologielaan 9 - 3001 Heverlee - Belgium
533 2nd Street - Encinitas, CA 92024 - USA
http://www.togather.eu - Before getting together, get t...@ther
On Fri, Nov 19, 2010 at 4:07 PM, Kristian Roberto Salcedo <
[email protected]> wrote:
> Hi,
>
> Does anyone know if any work has been done
> on using external authorization systems for
> controlling user permissions in DSpace?
>
> Is it possible (or worth the time) to map external authorization
> information to the internal authorization mechanisms in
> DSpace for example...?
>
> I've been looking in the various list archives for some
> info on this, but I havent been able to find anything.
>
> regards,
> Kristian
>
>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today
> http://p.sf.net/sfu/msIE9-sfdev2dev
> _______________________________________________
> DSpace-tech mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
