Security

Authentication

Authentication to the catalog is done using HTTP authentication. When trying to access a resource that requires authentication and user hasn't authenticated yet, the server will first respond with a HTTP 401 message, causing the client to handle authentication appropriately. In a web browser, this usually triggers an authentication popup.

In the Catalog Web Interface

The Catalog Web Interface allows read-only access whe not logged. The login panel on the top right allows explicit logging, to enable extra features of the interface and display catalog records that may not be accessible with anonymous credentials.

Authorization

The Catalog object model offers row-level security, storing per-object, per-user CRUD operations. Therefore, any instance of object in the catalog possibly has its own set of CRUD authorizations for each user.

When using the REST interface, any operation (GET, POST, DELETE) may result in a HTTP 403 message (forbidden) if the authenticated user is not allowed to read, update or delete the (set of) object(s) requested.