Even though most of our resources are open-access, some resources must be placed under access control. Ideally, the access control mechanism should be as close to the repository as possible, so one mechanism can handle all of our uses, but this may not be the most efficient solution. The information below outlines the broad types of access control we would like to enforce, to give us an idea of features we will need to build into an access control system. Actual policies will differ between collections.
We will need to control access at the level of:
- a collection - while most collections are open-access, some are only available to certain groups of users.
- an object - some collections distinguish between objects that are copyrighted and objects that are Public Domain.
- a datastream - we often want to restrict access to master files
We will need to assign rights to various groups, including:
- IU people
- custom-made groups
We will need to be able to create groups based on:
- ADS entries
- IP addresses
- combinations of existing groups
(check the XACML policy guide to see what's even possible)
Content in Variations may be marked as "Restricted Access" or "Publicly Accessible".
Publicly Accessible content is available to everyone, regardless of their affiliation (derivative files, not masters). In general, this content is believed to be in the public domain.
Access to Restricted Access material is based on enrollment. Students must be enrolled in "Variations" courses get access to restricted material. All faculty in the Jacobs School of Music have permanent access to restricted material.
A few recordings belong to private collections. These recordings are restricted to the faculty member who owns them, and students in the specific courses for which the recordings are reserved.
EVIADA content is restricted, primarily due to ethical or sensitivity issues and not copyright issues (e.g. protect identities, political sensitivity issues, etc.).
What is the current policy?