Hi Jonathan, In the British Film Institute National Archive, we have an approach to this that might be of interest.
We use Adlib (from Axiell) as our CMS, and Imagen as our Media Asset Management system (basically, a DAM with substantial media-specific functionality for a/v workflows). Both systems have RESTful APIs, and we integrate them in various ways, including direct writes from Adlib to Imagen to update descriptive metadata, and direct writes from Imagen to Adlib to update preservation data, file UMIDs, etc However, for your question below, the relevant integration is achieved with some Python scripting that we created. The script automates high volume ingest of preservation files to Imagen (between 100 and 700 files / 5TB - 25TB, each day), and it works by creating an Imagen record and an ingest job, by fetching metadata from the relevant Adlib record, and passing that to a REST API post to Imagen. The Adlib XML is passed to Imagen API as a payload, and an XSLT in Imagen transforms the Adlib XML into Imagen-compliant data. This is where we use data from our CMS to drive permissions in our MAM. In the XSLT in Imagen, we parse various properties from the Adlib record (rightsholder, acquisition source and method, digitisation project or other collecting context) and use those to calculate the permissions that should be added to the Imagen record and associated digital media outcomes. For example, a record in Adlib that represents a digitisation from a partner archive's collection, will result in a permissions set in Imagen that allows viewing access to that source archive, download permission only to system admins, and no permissions to other staff. The permissions that get passed to Imagen result in complex ACLs that control access on multiple tiers: - record view: can the user see the record at all - low-bitrate viewing: can the user view a 1.5Mbps HLS MP4 rendition - download of low-bitrate rendition: can the user download that, with logo / timecode - download of preservation file: can the user request a restore from our data tape libraries, of the original preserved file at full quality It would be feasible to implement these fine-grained permissions manually or semi-manually in Imagen admin GUI, but the scale of ingest (1.5 million records, with over 5 million associated files) would make that difficult to resource. So the automated permissions control based on metadata from the CMS, is an effective way to scale it appropriately. I hope this is useful Jonathan, let me know if you'd like a phone conversation about it. All the best, Stephen McConnachie Head of Data and Digital Preservation, BFI -----Original Message----- From: mcn-l [mailto:[email protected]] On Behalf Of Hoppe, Jonathan Sent: 06 March 2020 22:45 To: [email protected] Subject: [MCN-L] DAMS and Collections Management Systems Permissions Good evening DAMS SIG, We are in the beginning phases of standing up a new digital asset management system and I am trying to survey of the landscape around integrating user permissions and restrictions between systems. I was wondering if anyone here leverages their collections management system's user/security directly to directly (or indirectly drive) restrictions and permissions in their DAMS? That is, does anyone tie to their CMS's user groups directly to their DAMS via API or some other connector, or otherwise base their DAMS' user configuration around some user metadata point from their CMS? And if you do leverage that user/security group metadata, what sort of actions in your DAMS do you drive with it? Restricting access to certain assets in your DAMS, hiding certain metadata fields, etc.? Any insights you could provide would be most helpful and welcome, Thanks all! Jon Jonathan Hoppe Digital Asset Librarian t 215-684-7926 Philadelphia Museum of Art PO Box 7646, Philadelphia, PA 19101-7646 www.philamuseum.org<http://www.philamuseum.org/> _______________________________________________ You are currently subscribed to mcn-l, the listserv of the Museum Computer Network (http://www.mcn.edu) To post to this list, send messages to: [email protected] To unsubscribe or change mcn-l delivery options visit: http://mcn.edu/mailman/listinfo/mcn-l The MCN-L archives can be found at: http://www.mail-archive.com/[email protected]/ The British Film Institute is governed by Royal Charter and is a charity registered in England and Wales number 287780. The contents of this e-mail are confidential and may be legally privileged. If you are not the intended recipient, kindly notify the sender that you have received this message in error and immediately delete it. Unless you are the intended recipient, you may not forward this e-mail to anybody, nor make any use of its contents. _______________________________________________ You are currently subscribed to mcn-l, the listserv of the Museum Computer Network (http://www.mcn.edu) To post to this list, send messages to: [email protected] To unsubscribe or change mcn-l delivery options visit: http://mcn.edu/mailman/listinfo/mcn-l The MCN-L archives can be found at: http://www.mail-archive.com/[email protected]/
