Archived News
DRAMA Beta Release (Fiddler)
June 14 2007
Our Beta Release (nicknamed "Fiddler") is now available for download. The key features and improvements in this release are:
- Hierarchical access control enforcement: Policies can be applied at the collection level, object level or datastream level. The policies are automatically inherited from the parents, and the most local policies take precedent. Thus when accessing a datastream, if there are policies specifically for that datastream, those take effect. If there are no policies, the evaluation engine traverses to the object level, finds and applies policies (if any) for that object. If there are still no policies, the engine keeps traversing up to the collection(s) to which the object belongs, looking for those collections policies. If ultimately there are no policies, a Not Applicable result is returned and depending on the default setup of the system, this can be configured as allowing or denying access.
- Improved access control interface: One can now view existing access control of a particular user or group for a given datastream, object or collection. The interface displays the effective permission (ie. the inherited permission as well as the local permission) for that particular user or group.
- User-centric GUI: mura only presents users with operations for which they have permissions.
- XForms Metadata Input: We employ an XForms engine (Orbeon) for metadata input. XForms allow better user interaction, validation and supports any XML-based metadata schemas (such as MARC or MODS).
- LDAP Filter for Fedora: The current Fedora LDAP filter (in version 2.2) does not authenticate properly, so we have developed a new LDAP filter to fix this problem.
- Local authentication for DAR and ASM: In addition to Shibboleth authentication, the DAR and ASM can be configured to use a local authentication source (eg. via a local LDAP).
- Generic XACML Vocabulary: XACML policies are now expressed in a generic vocabulary rather than Fedora specific ones. This applies mostly to XACML actions.
- XACML Optimization: We have optimized of the evaluation engine by employing a cache with user configurable time-to-live. We have also greatly reduced the time for policies matching with DB XML, through the use of bind parameters in our queries.
- Flexible mapping of Fedora actions to new Apache Axis handlers: Axis is the SOAP engine that Fedora employs to provide its web services. The new flexibility allows new handlers to be easily plugged into Fedora to support new features that follow the same Interceptor pattern as our authorization framework.
- Version control: mura now supports version control.
- Full-text search: We enabled full-text search by incorporating Fedoragsearch package.
DRAMA Alpha Release (Fifer)
March 21 2007
The DRAMA team is happy to announce the initial Alpha Release (nicknamed "Fifer") of our Fedora components. The aim of this release is to demonstrate the following:
- Federated authentication (using Shibboleth) for Fedora.
- Extended XACML engine support via the introduction of an XML database for storing and querying policies and XACML requests over web services.
- Re-factoring of Fedora XACML authorization into an interceptor layer which is separate from Fedora.
- A new web GUI for Fedora nicknamed mura
Since the software is still in a very early stage, this release is intended to illustrate the various designs and features, and to bed down the framework that we will be using. In upcoming releases, we will focus on stability, performance and documentation. We would appreciate any help from people trying out the software and provide feedbacks to us in making it better.