Hello everyone,
I was recently re-configuring my Invenio oai repository configuration
and the got the following idea regarding managing access in the oai2d
service:
Since responses to requests sent to the OAI service are formatted as
standard HTTP responses (see:
http://www.openarchives.org/OAI/openarchivesprotocol.html#HTTPResponseFormat),
a firerole(-like) access list could be applied to this service, so when
requests come from certain IP ranges, the service could work as
expected, or else an 403 error could be returned. For this, a new
webaccess role/action(like 'accessoaiservice') could be created, so that
all relevant libraries can refer to it.
If one wants to spend more time on it, a web gui could be created in the
oairepository admin page, that -in addition to the firerole support-
could allow a set of specific user/password pairs to access the service.
To take it even further, these access restrictions could(?) be applied
per OAI collection, allowing different people/IPs to access different
sets of setSpecs.
If you think that it might be useful to others and could be implemented
in a future release, I would be happy to create a relevant 'enhancement
request' ticket, so that it does not get forgotten.
Kind regards,
Theodoros Theodoropoulos
