/docs/user/acontrol.html - Annotate - Metacat - Ecoinformatics Redmine

metacat/docs/user/acontrol.html @ 4691

-            berkley
+<!--
   * acontrol.html
+  *
   *      Authors: Jivka Bojilova
   *    Copyright: 2000 Regents of the University of California and the
   *               National Center for Ecological Analysis and Synthesis
   *  For Details: http://www.nceas.ucsb.edu/
   *      Created: 2000 April 5
   *      Version: 0.01
   *    File Info: '$Id$'
+  *
   * October Meeting SDSC, 2000
 -->
 <HTML>
 <HEAD>
 <TITLE>Metacat</TITLE>
-            daigle
+<link rel="stylesheet" type="text/css" href="./default.css">
-            berkley
+</HEAD>
 <BODY>
   <table width="100%">
     <tr>
       <td class="tablehead" colspan="2"><p class="label">Metacat User
       Authentication and Access Control</p></td>
       <td class="tablehead" colspan="2" align="right">
         <a href="./xmlindex.html">Back</a> | <a href="./metacattour.html">Home</a> |
-            berkley
+        <a href="./ldap.html">Next</a>
-            berkley
+      </td>
     </tr>
   </table>
   <p><b>Authentication</b></p>
     <p>Metacat has a public interface for porting authentication
-            berkley
+      schemes to Metacat.  Currently an LDAP scheme is implemented.
-            berkley
+      LDAP stands for Lightweight Directory Access Protocol.
-            berkley
+      It is an optimized database for fast retrival of stored data:
-            berkley
+      It is used by Metacat to store its users and their information.
       The users can be organized in one or more groups.
     </p>
     <P> <img src="auth.gif">
     <P> <b>Access control in Metacat. </b></p>
     <ul>
-            berkley
+      <li> Metacat users stored in the LDAP directory database are authenticated
       to use Metacat services and resources.</li>
-            berkley
+      <li> A persistant session is assigned to an authenticated user.</li>
-            berkley
+      <li> Metacat also allows document level access control via Access Control
       Lists (ACLs).</li>
-            berkley
+    </ul>
-            jones
+  <p style="color: red; font-face: bold">WARNING: The rest of this page is
    out-of-date and no longer accurate. It is left only for reference purposes.
    ACL information is now set through EML 2.0.0 access control elements.
   </p>
-            berkley
+  <!--<img src="acontrol.gif">-->
   <b>ACLs</b>
-            berkley
+  <p>Metacat allows a user to set permissions for users or groups on individual
   documents by using
   a special XML file called an Access file.
   The <a href="./packages.html">Package</a> file
-            berkley
+  specifies which documents the Access file refers to.
   A sample Access file looks like the following:</p>
   <pre>
     &lt;?xml version="1.0"?&gt;
     &lt;!DOCTYPE acl PUBLIC "-//NCEAS//eml-access-2.0//EN" "eml-access-2.0.dtd"&gt;
     &lt;acl authSystem="knb" order="allowFirst"&gt;
       &lt;identifier&gt;nceas.36.1&lt;/identifier&gt;
       &lt;allow&gt;
         &lt;principal&gt;jones&lt;/principal&gt;
         &lt;principal&gt;higgins&lt;/principal&gt;
         &lt;principal&gt;berkley&lt;/principal&gt;
         &lt;principal&gt;bojilova&lt;/principal&gt;
         &lt;permission&gt;read&lt;/permission&gt;
         &lt;duration&gt;
           &lt;startDate&gt;10/9/2000&lt;/startDate&gt;
           &lt;stopDate&gt;10/9/2001&lt;/stopDate&gt;
         &lt;/duration&gt;
         &lt;ticketCount&gt;100&lt;/ticketCount&gt;
       &lt;/allow&gt;
       &lt;allow&gt;
         &lt;principal&gt;bojilova&lt;/principal&gt;
         &lt;permission&gt;write&lt;/permission&gt;
         &lt;ticketCount&gt;10&lt;/ticketCount&gt;
       &lt;/allow&gt;
       &lt;allow&gt;
         &lt;principal&gt;reviewers&lt;/principal&gt;
         &lt;permission&gt;read&lt;/permission&gt;
         &lt;ticketCount&gt;5&lt;/ticketCount&gt;
       &lt;/allow&gt;
       &lt;allow&gt;
         &lt;principal&gt;blankman&lt;/principal&gt;
         &lt;permission&gt;all&lt;/permission&gt;
       &lt;/allow&gt;
       &lt;deny&gt;
         &lt;principal&gt;eddins&lt;/principal&gt;
         &lt;permission&gt;all&lt;/permission&gt;
       &lt;/deny&gt;
     &lt;/acl&gt;
   </pre>
   <p>This file is read into Metacat like any other XML file.  Like
      <a href="./packages.html">Packages</a> the doctype is checked against
      the accessdoctype parameter in the <a href="./properties.html">Metacat
      Properties</a> file.  If the doctype matches, special postprocessing
      is performed on the document and the persmissions described in the file
      are applied to the specified document.
   </p>
   <p>The main tag &lt;acl&gt; has attributes 'order' and 'authSystem'.
      Order refers to which permission type to process first, allow or deny.
      The allowed values are "allowFirst" and  "denyFirst".  The default is "allowFirst".
   </p>
   <p>The &lt;identifier&gt; tag specifies the document identifier for the Access file
      itself as stored in Metacat.
   </p>
   <p>Next are the permissions themselves.  An allow tag gives permissions to
-            berkley
+  the specified user(s) (&lt;principal&gt;) and a deny tag takes the permissions
-            berkley
+  away from the user(s).  A principal should be a registered user or group.
   A timed duration can be set on the permission after
   which the user(s) will no longer have the specified permission.  A ticket count
   can also be set.  This gives the user the number of accesses specified.  After
   the user has accessed the document that number of times, the permissions are
   revoked.
   </p>
   <br>
   <a href="./xmlindex.html">Back</a> | <a href="./metacattour.html">Home</a> |
-            berkley
+  <a href="./ldap.html">Next</a>
-            berkley
+</BODY>
 </HTML>

Project

General

Profile

Metacat