Revision 881
Added by berkley over 22 years ago
| acontrol.html | ||
|---|---|---|
| 29 | 29 |
</table> |
| 30 | 30 |
<p><b>Authentication</b></p> |
| 31 | 31 |
<p>Metacat has a public interface for porting authentication |
| 32 |
schemes to Metacat. Currently LDAP scheme is implemented. |
|
| 32 |
schemes to Metacat. Currently an LDAP scheme is implemented.
|
|
| 33 | 33 |
LDAP stands for Lightweight Directory Access Protocol. |
| 34 |
It is optimized database for fast retrival of stored data: |
|
| 34 |
It is an optimized database for fast retrival of stored data:
|
|
| 35 | 35 |
It is used by Metacat to store its users and their information. |
| 36 | 36 |
The users can be organized in one or more groups. |
| 37 | 37 |
</p> |
| 38 | 38 |
<P> <img src="auth.gif"> |
| 39 | 39 |
<P> <b>Access control in Metacat. </b></p> |
| 40 | 40 |
<ul> |
| 41 |
<li> Metacat users stored in the LDAP directory database are authenticated to use Metacat services and resources.</li> |
|
| 41 |
<li> Metacat users stored in the LDAP directory database are authenticated |
|
| 42 |
to use Metacat services and resources.</li> |
|
| 42 | 43 |
<li> A persistant session is assigned to an authenticated user.</li> |
| 43 |
<li> Metacat also allows document level access control via Access Control Lists (ACLs).</li> |
|
| 44 |
<li> Metacat also allows document level access control via Access Control |
|
| 45 |
Lists (ACLs).</li> |
|
| 44 | 46 |
</ul> |
| 45 | 47 |
<!--<img src="acontrol.gif">--> |
| 46 | 48 |
<b>ACLs</b> |
| 47 |
<p>Metacat allows a user to set permissions for users or groups on individual documents by using |
|
| 48 |
a special XML file called an Access file. The <a href="./packages.html">Package</a> file |
|
| 49 |
<p>Metacat allows a user to set permissions for users or groups on individual |
|
| 50 |
documents by using |
|
| 51 |
a special XML file called an Access file. |
|
| 52 |
The <a href="./packages.html">Package</a> file |
|
| 49 | 53 |
specifies which documents the Access file refers to. |
| 50 |
These are the same documents the permissions are assigned for. |
|
| 51 | 54 |
A sample Access file looks like the following:</p> |
| 52 | 55 |
<pre> |
| 53 | 56 |
<?xml version="1.0"?> |
| ... | ... | |
| 102 | 105 |
itself as stored in Metacat. |
| 103 | 106 |
</p> |
| 104 | 107 |
<p>Next are the permissions themselves. An allow tag gives permissions to |
| 105 |
the specified user(s) (<principal>) and a deny tag take the permissions |
|
| 108 |
the specified user(s) (<principal>) and a deny tag takes the permissions
|
|
| 106 | 109 |
away from the user(s). A principal should be a registered user or group. |
| 107 | 110 |
A timed duration can be set on the permission after |
| 108 | 111 |
which the user(s) will no longer have the specified permission. A ticket count |
| ... | ... | |
| 113 | 116 |
|
| 114 | 117 |
<br> |
| 115 | 118 |
<a href="./xmlindex.html">Back</a> | <a href="./metacattour.html">Home</a> | |
| 116 |
<a href="./metacatout.html">Next</a>
|
|
| 119 |
<a href="./ldap.html">Next</a>
|
|
| 117 | 120 |
</BODY> |
| 118 | 121 |
</HTML> |
| 119 | 122 |
|
Also available in: Unified diff
updated documentation. removed a lot of typos and updated all of the new stuff for the new release