In 2008, the Fedora team released Fedora v3.1 which included many
notable changes, although one area where there was not much change was
authentication and authorization. There have been many requests from
the Fedora user community for a wider range of authentication methods,
a simpler approach to security and better management and enforcement
of XACML authorization policies. In order to address this critical
issue, the DuraSpace Fedora team and a number of Fedora community
members have initiated a project to enhance this part of the project.
To date, some of the more significant developments in this area have
been undertaken as part of the DRAMA/Muradora projects. Muradora,
which started in 2007, is a web-based GUI for the Fedora repository.
As part of its development, new authentication and authorization
modules for Fedora were introduced to support SAML-based federated
authentication, and XACML-based authorization policy creation,
management, and enforcement. These modules were designed to be
pluggable so that they could be deployed on top of any Fedora v2.2.x
repository without requiring code modification to Fedora itself. While
Muradora requires the use of these new authentication and
authorization modules, other “non-Muradora” users of Fedora can also
employ these modules to take advantages of the services that they offer.
The Fedora Security Layer (FeSL) project will extract the existing
Fedora XACML module from the core and provide the enhanced
functionality via this new security layer, operating in concert with
the repository at a higher level in the stack. The project will have
the following deliverables:
1. A re-factoring of Fedora authentication code so that it is more
modular and can be customized easily to support new authentication
methods.
2. Definition of an XACML vocabulary for use in authorization policies
with a generic repository and provision of a suite of sample templates
for the most common requirements.
3. Extension of Muradora's authorization module so that it supports
the complete Fedora 3 SOAP and REST APIs.
4. Provision of web services and REST-APIs for the management of XACML
policies as well as detailed documentation.
5. Provision of a test suite and documentation for the developed
modules.
More details on these 5 areas of development can be found on the
Fedora Commons site at:
https://fedora-commons.org/confluence/display/DEV/Fedora+Enhanced+Security+Layer
The goal of this project is to deliver on all 5 components by the end
of 2009: deliverables 1-3 above are largely done and the code is being
tested with the latest Fedora release. The development team consists
of key members of the core DRAMA/Muradora team. Additional input and
development is being provided by individuals from the Project
Contributor institutions as well as MediaShelf.
The budget for the project is $50,000 and we have proposed that the
funds be contributed by members of the Fedora Community interested in
ensuring a timely and appropriate development of this aspect of the
Fedora system. The initial Project Contributors (each has provided
$5,000) are the University of Prince Edward Island, Stanford, the
University of Virginia and the University of Hull and MediaShelf is
providing coordination and additional resources. With these
contributions we have been able to release code for the first set of
deliverables. We are looking for additional Contributors to facilitate
completion of the project. All contributions will be maintained in the
FeSL project budget, which is managed by DuraSpace on behalf of the
community. Unallocated funds would be used for future enhancements as
per community input.
I would highlight that this project provides one example of how we can
expand the efforts of DuraSpace and the larger community to build a
sustainable ecology around what has become a critical application at
many of our institutions.
If you would like more information or would like to support the
project with a $5,000 contribution, please contact Mark Leggott at the
coordinates below. We would like to confirm additional Contributors by
the end of October.
Mark Leggott, University Librarian
University of Prince Edward Island
550 University Ave. Charlottetown, PE C1A 4P3
902-566-0460 Fax 902-628-4305 Cell 902-314-7507
[email protected] Skype: markleggott
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Fedora-commons-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
