Revision 881
Added by berkley about 23 years ago
acontrol.html | ||
---|---|---|
29 | 29 |
</table> |
30 | 30 |
<p><b>Authentication</b></p> |
31 | 31 |
<p>Metacat has a public interface for porting authentication |
32 |
schemes to Metacat. Currently LDAP scheme is implemented. |
|
32 |
schemes to Metacat. Currently an LDAP scheme is implemented.
|
|
33 | 33 |
LDAP stands for Lightweight Directory Access Protocol. |
34 |
It is optimized database for fast retrival of stored data: |
|
34 |
It is an optimized database for fast retrival of stored data:
|
|
35 | 35 |
It is used by Metacat to store its users and their information. |
36 | 36 |
The users can be organized in one or more groups. |
37 | 37 |
</p> |
38 | 38 |
<P> <img src="auth.gif"> |
39 | 39 |
<P> <b>Access control in Metacat. </b></p> |
40 | 40 |
<ul> |
41 |
<li> Metacat users stored in the LDAP directory database are authenticated to use Metacat services and resources.</li> |
|
41 |
<li> Metacat users stored in the LDAP directory database are authenticated |
|
42 |
to use Metacat services and resources.</li> |
|
42 | 43 |
<li> A persistant session is assigned to an authenticated user.</li> |
43 |
<li> Metacat also allows document level access control via Access Control Lists (ACLs).</li> |
|
44 |
<li> Metacat also allows document level access control via Access Control |
|
45 |
Lists (ACLs).</li> |
|
44 | 46 |
</ul> |
45 | 47 |
<!--<img src="acontrol.gif">--> |
46 | 48 |
<b>ACLs</b> |
47 |
<p>Metacat allows a user to set permissions for users or groups on individual documents by using |
|
48 |
a special XML file called an Access file. The <a href="./packages.html">Package</a> file |
|
49 |
<p>Metacat allows a user to set permissions for users or groups on individual |
|
50 |
documents by using |
|
51 |
a special XML file called an Access file. |
|
52 |
The <a href="./packages.html">Package</a> file |
|
49 | 53 |
specifies which documents the Access file refers to. |
50 |
These are the same documents the permissions are assigned for. |
|
51 | 54 |
A sample Access file looks like the following:</p> |
52 | 55 |
<pre> |
53 | 56 |
<?xml version="1.0"?> |
... | ... | |
102 | 105 |
itself as stored in Metacat. |
103 | 106 |
</p> |
104 | 107 |
<p>Next are the permissions themselves. An allow tag gives permissions to |
105 |
the specified user(s) (<principal>) and a deny tag take the permissions |
|
108 |
the specified user(s) (<principal>) and a deny tag takes the permissions
|
|
106 | 109 |
away from the user(s). A principal should be a registered user or group. |
107 | 110 |
A timed duration can be set on the permission after |
108 | 111 |
which the user(s) will no longer have the specified permission. A ticket count |
... | ... | |
113 | 116 |
|
114 | 117 |
<br> |
115 | 118 |
<a href="./xmlindex.html">Back</a> | <a href="./metacattour.html">Home</a> | |
116 |
<a href="./metacatout.html">Next</a>
|
|
119 |
<a href="./ldap.html">Next</a>
|
|
117 | 120 |
</BODY> |
118 | 121 |
</HTML> |
119 | 122 |
|
Also available in: Unified diff
updated documentation. removed a lot of typos and updated all of the new stuff for the new release