Vamsee, The Fedora security documentation, which is admittedly lacking in various respects, is located at: http://www.fedora-commons.org/confluence/display/FCR30/Securing+Your+Fedora+Repository
Fedora 3.3 also includes, as an option, a preview of a new security architecture (FeSL), documented here: http://www.fedora-commons.org/confluence/display/FCR30/Fedora+Security+Layer+%28FeSL%29 In short, out of the box, Fedora has support for authentication via an xml user file and ldap. FeSL notably provides authentication via JAAS, which provides a standards-based framework for implementing your own custom auth (e.g. shib, openid, etc). If this is a direction you're interested in pursuing, you can get in touch w/ me as I'd like to organize different efforts to implement different auth modules. And yes, Fedora's auth applies to both its SOAP and REST APIs. As for audit trails. Each Fedora object maintains its own audit trail datastream. There isn't a built-in facility for a multi-system audit trail, but depending on your requirements, you could build this fairly easily. Off the top of my head, I'd consider using Fedora's messaging service to build a syslog-like service. You could also write a custom Management decorator (see fedora.fcfg) to implement whatever sort of audit trail you desired (assuming you only need an audit trail for API-M operations and not API-A). Eddie On 27 Jan 2010, at 11:46 PM, Vamsee Vanaparthy wrote: > Hello Friends, > > I have few questions about Authentication and ACL on Fedora Commons. I would > appreciate if someone could answer them or at least point me in the right > direction: > > 1) Can you please let me know or direct me to a proper url where I can read > about how authentication is implemented on Fedora Commons? > > 2) Can Fedora support various authentication schemes like Ldap, Open ID etc. > I am trying to understand the single Sign on implementation from various > applications to fedora. > > 3) Does this authentication hold true for Rest API access as well. In the > current Rest API , how can I pass in User credentials for secure access? > > 4) How can different users have different access levels for the Fedora Repo. > For example admin can ingest files, anonymous can access only access API > calls. If this functionality is available where can we configure it? > > Last but not least question > > 5) We have an architecture of many private fedoras getting information from > Global repo. How is possible to have a audit trail across the systems. (Multi > tenancy) > > Thank you in advance for helping me. I sincerely appreciate it. > > Thanks, > Vamsee > > > > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > _______________________________________________ > Fedora-commons-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
