Muradora Version 1.0: Shibboleth Authentication and XACML Authorization
Muradora Version 1.0: A Web-based Repository Supporting Federated Identity and Flexible Access Control
Macquarie University, Sydney, Australia. October 11, 2007.
The DRAMA (Digital Repository Authorization Middleware Architecture) development team has announced the release of Muradora Version 1.0, a "Turnkey GUI for Fedora Repository Supporting Federated Identity and Flexible Access Control."
Muradora is an easy to use repository application that supports federated identity (via Shibboleth authentication) and flexible authorization (using XACML). Muradora leverages the modularity, flexibility and scalability of the well-known Fedora repository.
Muradora's unique vision is one where Fedora forms the core back-end repository, while different front-end applications (such as portlets or standalone web interfaces) can all talk to the same instance of Fedora, and yet maintain a consistent approach to access control.
The DRAMA team is happy to announce the V1.0 release of Muradora. Its key features are:
"Out-of-the-box" or customized deployment options
Intuitive access control editor allows end-users to specify their own access control criteria without editing any XML.
Hierarchical enforcement of access control policies. Access control can be set at the collection level, object level or datastream level.
Metadata input and validation for any well-formed metadata schema using XForms (a W3C standard). New metadata schemas can be supported via XForms scripts (no Muradora code modification required).
Flexible and extensible architecture based on the well known Java Spring enterprise framework.
Multiple deployments of Muradora (each customized for their own specific purpose) can talk to the one instance of Fedora.
Freely available as open source software (Apache 2 license). All dependent software is also open source.
Muradora utilises the new Digital Repository Authorization Middleware Architecture (DRAMA Auth/Z Suite). It consists of the following components:
Extended XACML support with a native XML database (DB XML) for efficient storing and querying of XACML policies. There is also a new hierarchical policy combination algorithm to support hierarchical enforcement while still allowing for fine-grained access control. These extended XACML features can be used by any XACML-aware application, especially those requiring better management of their policies.
Pluggable and extensible authorization infrastructure for Fedora. This new architecture utilizes an interceptor pattern to remove embedded authorization logic inside Fedora and allows new authorization requirements to be added to the system without modifying any code inside Fedora.
Support for federated identity with Shibboleth. The actual Shibboleth authentication is done on the Fedora server itself. This is different to the common approach of having the web interface handle Shibboleth authentication which would prevent multiple web interfaces talking to the same Fedora instance. Again this module is pluggable and can be deployed on top of Fedora without any code modification. It can also be used in conjunction with existing Fedora authentication modules.
Muradora and DRAMA Auth/Z suite can be downloaded separately and installed together by following the deployment guide, available at:
However, due to configuration flexibility and the large number of components, this installation method should be attempted only by experienced Fedora administrators.
For other users, we recommend our Live DVD which integrates all necessary components for an "out-of-the-box" repository. The Live DVD can be used to try Muradora by booting the system from the DVD and running the pre-installed system directly from the DVD (no changes are made to the host computer's hard disk). Alternatively, the Live DVD can install Muradora on a server following an easy installation procedure that is based on Ubuntu Linux Distribution. The Muradora Live DVD can be downloaded from the Muradora.org web site.
Software download: http://www.muradora.org/software
Acknowledgement: DRAMA (Digital Repository Authorization Middleware Architecture) is part of the RAMP project based at MELCOE, Macquarie University, Sydney, Australia. RAMP is funded by DEST under Backing Australia's Ability.
Prepared by Robin Cover for The XML Cover Pages archive.