Log of the #duraspace-ff channel on chat.freenode.net

Using timezone: Eastern Standard Time
* longshou leaves03:48
* dwilcox joins07:51
* dwilcox leaves07:52
* dwilcox joins07:53
* dwilcox leaves08:17
* tecoripa joins08:21
<pivotal-bot>Andrew Woods added comment: "Please add description of available pid-minters and how to "write your own" in the wiki.08:22
" https://www.pivotaltracker.com/story/show/70678050
* dwilcox joins08:28
* tecoripa leaves08:43
* cjcolvar joins09:02
* benpennell1 joins
<pivotal-bot>Andrew Woods rejected "Remote pid-minter" https://www.pivotaltracker.com/story/show/7067805009:16
* ksclarke joins09:17
* github-ff joins09:19
[fcrepo-module-auth-xacml] gregjan closed pull request #13: Check for nulls in FedoraEvaluationCtxBuilder (master...evalctx-nullfix) http://git.io/jYUiyA
* github-ff leaves
* tecoripa joins09:20
<pivotal-bot>Mike Durbin added comment: "https://github.com/fcrepo4/fcrepo4/pull/359" https://www.pivotaltracker.com/story/show/7126623209:26
Mike Durbin finished "Omit protected triples from object RDF." https://www.pivotaltracker.com/story/show/71266232
* travis-ci joins09:27
[travis-ci] fcrepo4/fcrepo-module-auth-xacml#35 (master - 692fe09 : Gregory Jansen): The build was fixed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo-module-auth-xacml/compare/3cf3a7ce1731...692fe09c8bbd
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo-module-auth-xacml/builds/25242758
* travis-ci leaves
* longshou joins09:33
<pivotal-bot>Kevin Clarke edited "Migrate fcrepo-generator-dc functionality" https://www.pivotaltracker.com/story/show/7051037609:34
Kevin Clarke edited "Refactor kernel/kernel-api names and packages" https://www.pivotaltracker.com/story/show/70718582
* github-ff joins09:35
[fcrepo-module-auth-xacml] sprater opened pull request #14: Triplefinder (master...triplefinder) http://git.io/2jKxVw
* github-ff leaves
<pivotal-bot>Kevin Clarke added comments: "Added proposed eclipse config files as attachments." https://www.pivotaltracker.com/story/show/7126229809:36
Kevin Clarke estimated "Update Eclipse/IntelliJ formatting settings files" as 1 point https://www.pivotaltracker.com/story/show/7126229809:37
* github-ff joins
[fcrepo-module-auth-xacml] gregjan pushed 5 new commits to master: http://git.io/dR8u1g
fcrepo-module-auth-xacml/master a340218 sprater: XACML finder for triple attributes
fcrepo-module-auth-xacml/master 329ebfa sprater: More triple finder test work
fcrepo-module-auth-xacml/master fe2c719 sprater: Check for nulls
* github-ff leaves
<pivotal-bot>Kevin Clarke started "Update Eclipse/IntelliJ formatting settings files" https://www.pivotaltracker.com/story/show/71262298
Kevin Clarke edited "Hide/disable interface add object/ds option if FilesystemConnector is read-only" https://www.pivotaltracker.com/story/show/6589933009:38
Kevin Clarke edited "Only enable AuthZ UI form when applicable" https://www.pivotaltracker.com/story/show/63178228
* github-ff joins09:42
[fcrepo4] bbpennel opened pull request #360: Javadoc warnings (master...javadoc-warnings) http://git.io/QOOduQ
* github-ff leaves
<pivotal-bot>Benjamin Pennell added comment: "https://github.com/fcrepo4/fcrepo4/pull/360" https://www.pivotaltracker.com/story/show/6974710809:43
Benjamin Pennell finished "Javadoc build warnings" https://www.pivotaltracker.com/story/show/69747108
* travis-ci joins09:45
[travis-ci] fcrepo4/fcrepo-module-auth-xacml#37 (master - daac6e7 : Gregory Jansen): The build passed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo-module-auth-xacml/compare/692fe09c8bbd...daac6e7017d4
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo-module-auth-xacml/builds/25244239
* travis-ci leaves
<awoods>escowles: you reviewed the ontology, no?09:51
* dwilcox leaves09:55
<pivotal-bot>Andrew Woods added "Sequencer: MODS.xml extraction" https://www.pivotaltracker.com/story/show/7140014210:00
Andrew Woods edited "Sequencer: MODS.xml extraction" https://www.pivotaltracker.com/story/show/71400142
Andrew Woods delivered "Move git repos to new git organization" https://www.pivotaltracker.com/story/show/70671342
* github-ff joins10:02
[fcrepo-build-tools] ksclarke opened pull request #5: Fixed references to futures in the pom (master...fix-refs-to-futures-in-pom) http://git.io/jkXyIA
* github-ff leaves
<pivotal-bot>Mike Durbin added comment: "UUID turns out to be important... I don't have a clear mandate for what additionally to cut from the root no..." https://www.pivotaltracker.com/story/show/6616306610:13
Mike Durbin finished "Plan to audit and enforce JCR leakages." https://www.pivotaltracker.com/story/show/66163066
* github-ff joins10:19
[fcrepo-jms-indexer-pluggable] ksclarke opened pull request #41: Fixed references to futures org name (master...fix-refs-to-futures-org) http://git.io/BhZvlw
* github-ff leaves
* dwilcox joins10:23
<pivotal-bot>Mike Durbin added comment: "@benjaminpennell completed a thorough investigation finding that the differences between COPY and VERSION ar..." https://www.pivotaltracker.com/story/show/6560232010:33
Mike Durbin estimated "Versioning of container nodes should be more efficient." as 0 points https://www.pivotaltracker.com/story/show/6560232010:37
Longshou Situ started "Refactor CRUD in FedoraNodes and FedoraContent for transparent auto-hierarchy support." https://www.pivotaltracker.com/story/show/71230608
Longshou Situ added comment: "@awoods I am adding support to suppress those version related namespace like �jcr:system/jcr:versionStorag..." https://www.pivotaltracker.com/story/show/7123060810:45
Longshou Situ started "Hierarchy: Location response URL on object creation is unexpected" https://www.pivotaltracker.com/story/show/70984436
Longshou Situ started "Hierarchy: Datastreams created at a level too high" https://www.pivotaltracker.com/story/show/70984934
Longshou Situ started "Hierarchy: 404 on object PUT" https://www.pivotaltracker.com/story/show/70984768
Longshou Situ started "Hierarchy: 404 on datastream creation" https://www.pivotaltracker.com/story/show/70985150
Mike Durbin added comment: "Unless you think I should add an integration test that verifies that onParentVersion for container nodes, fe..." https://www.pivotaltracker.com/story/show/6560232010:48
Mike Durbin finished "Versioning of container nodes should be more efficient." https://www.pivotaltracker.com/story/show/6560232010:49
* github-ff joins10:54
[fcrepo4] escowles pushed 8 new commits to http-pid-minter: http://git.io/PSEzZQ
fcrepo4/http-pid-minter 272707e Esmé Cowles: Adding HTTP-based PID minter
fcrepo4/http-pid-minter 54b16fb Esmé Cowles: Updating configuration, adding unit test
fcrepo4/http-pid-minter 567ff7e Esmé Cowles: Adding support for authenticated PID minter services, extracting identifier from XML responses using XPath
* github-ff leaves
<pivotal-bot>Esme Cowles started "Remote pid-minter" https://www.pivotaltracker.com/story/show/70678050
* edInCo joins10:57
* osmandin joins11:02
* edInCo leaves11:03
* martinjd joins11:04
* dwilcox leaves11:09
* edInCo joins11:10
<mikeAtUva>awoods: Hello? The call went silent... is it just me?
<awoods>mikeAtUVa: just you11:11
<mikeAtUva>awoods: cool... I'm back.
* travis-ci joins11:12
[travis-ci] fcrepo4/fcrepo4#1968 (http-pid-minter - 5fd1392 : Esmé Cowles): The build passed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo4/compare/48327b97da54...5fd139224a20
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo4/builds/25250815
* travis-ci leaves
* edInCo leaves11:13
* dwilcox joins11:17
* github-ff joins11:18
[fcrepo-module-auth-xacml] gregjan pushed 2 new commits to master: http://git.io/hNaPaw
fcrepo-module-auth-xacml/master 72b2c75 Gregory Jansen: added remaining role based XACML ITs...
fcrepo-module-auth-xacml/master 9eacc4e Gregory Jansen: fixes policy algorithms for uri matches...
* github-ff leaves
<pivotal-bot>Esme Cowles added comment: "I've updated the PR to address your comments: ""11:20
https://github.com/fcrepo4/fcrepo4/pull/353
And I've updated..." https://www.pivotaltracker.com/story/show/70678050
Esme Cowles finished "Remote pid-minter" https://www.pivotaltracker.com/story/show/7067805011:21
Esme Cowles started "500 error when you send a string instead of a URI as the object of a REFERENCE property" https://www.pivotaltracker.com/story/show/71279532
Esme Cowles unstarted "Federation: How many files can be managed?" https://www.pivotaltracker.com/story/show/70724572
* cbeer leaves11:25
* cbeer joins
* edInCo joins11:26
<awoods>my audio went bad... apparently
* escowles joins11:44
https://imgflip.com/i/8tdk311:50
<osmandin>I have to run11:54
* osmandin leaves
<cbeer>escowles: do you know anything about .jj grammers?12:02
or grammars.
<pivotal-bot>Mike Durbin added "/jcr:content is accessible in some cases as a resource path." https://www.pivotaltracker.com/story/show/7141204612:04
Andrew Woods edited "Unit and Integration tests to 80%" https://www.pivotaltracker.com/story/show/7067884212:05
Mike Durbin edited "/jcr:content is accessible in some cases as a resource path." https://www.pivotaltracker.com/story/show/71412046
<awoods>cbeer: I wanted to circle back with you on the UUID topic. Were you raising the interest in having internal ModeShape UUIDs available to end users because you have an implementation that needs them?12:24
<cbeer>awoods: i think we need a stable, non-path based identifier for maintaining good indexes after some types of operations (MOVE comes to mind.), and I think the JCR UUID fits the bill.12:25
we could mint and maintain our own UUID, but i'm not sure i see the point.12:26
<awoods>cbeer: The IdentifierTranslator pattern is targeting this issue.12:29
<cbeer>awoods: how?
<awoods>cbeer: It separates external/user identifiers from internal storage structure.12:30
<cbeer>awoods: that's a separate issue entirely.
awoods: my issue is:
I have a node at /a
and someone decides it should be at /b
(and uses e.g. MOVE /a; Location /b)
I think there are things in the stack that would benefit from knowing that /b and /a were the same.12:31
<awoods>cbeer: ok, the question in that case is: is the user interested in establishing a new identifier for the original "a" object, or are they interested in having "a" in a new JCR location?12:32
<escowles>awoods/cbeer: either way, what if you want to be able to delete the solr index record for /a now that it doesn't exist?12:33
<cbeer>awoods: i don't care so much where it really lives. just the URI it is accessible at.12:34
<awoods>cbeer: ok. So I take it that you consider the object's URI separate from the object's identifier.12:37
<cbeer>awoods: i think there are additional notions of identity besides the URI.
<awoods>cbeer: I can certainly see arguments for supporting other notions of identity (although identity provided by the URI seems canonical, in terms of linked data or otherwise), but in any case, I have serious concerns about relying on the stability of the underlying ModeShape UUID, since we have limited control over that.12:41
cbeer: It seems like a risk.12:42
cbeer: A risk that we do not currently need to promise.
<cbeer>awoods: the JCR UUID is guaranteed unique within a given repository, and that's all my use case requires.
<awoods>cbeer: What about the people? It may work for you, but what about the people?12:44
<cbeer>awoods: i don't see how people factor in. this is internal to middleware.
<awoods>cbeer: I am just concerned that we are leaking a dependency that is unstable... and users/implementers may not know that.12:45
<cbeer>awoods: isn't that a matter of documentation, then? i think we need to trust that people writing middleware against fcrepo4 are smart enough to read the docs12:48
but, i should be clear, i'm not tied to the JCR UUID. I just want a stable identifier that isn't tied to the URI of the day.12:49
i'd also be satisfied minting DOIs, ARKs, etc, etc for every object.
<awoods>cbeer: in that case, is there a reason not to name your fedora objects with DOIs or ARKs or something opaque?12:50
<cbeer>awoods: and make everyone who wants to use e.g. hydra do that too?12:51
<awoods>cbeer: The suggestion would be to name fedora objects with an identifier that you want.12:52
<cbeer>awoods: i think we're operating at different levels of the stack. my concern about repository UUIDs only extends as far as middleware layers working with fcrepo4. maybe here's a better full-stack use case:12:53
some setup with /a moved to /b12:54
i have a solr index that is updated asynchronously.
* gregjansen joins12:55
<cbeer>before my solr index gets the change that /a is moved to /b, a user in an application that consumes the index does a search that has as a result the object at /a12:56
the user clicks on a link to the application's show page for /a
in fcrepo3, we're forced to give a 404 error.. or hope that application, index, and data store have some way to reconcile the idea that /a is now /b12:57
(using a DOI, ARK, or other persistent mechanism)
with a repository UUID, the application can ask for /a, get the 404, and then ask the repository "are you sure you don't have /a? it used to be called abc-123-qwerty-56789", and get the appropriate redirect12:58
s/and get/and send/12:59
stability or persistence are not important for that use case, it's just an administrative tool.
* mikeAtUva leaves
<cbeer>(i think that use is less compelling than more middleware centric uses, but..)
<awoods>cbeer: and presumably the user could index on another custom identifier property that they create/populate?13:03
cbeer: and presumably F4 could start generating/maintain its own UUID (outside of the context of ModeShape) if the world became coupled to that identifier?13:04
* longshou leaves13:07
* mikeAtUva joins13:08
* dwilcox leaves13:19
<cbeer>awoods: yes, they could, but that would require configuration in the middleware. right now, we can assume the presence of a UUID, which is nice.13:22
and we can do a GET request on the UUID, so no index is required to find the object13:23
and, yes, fcrepo4 could maintain its own UUID. i'm not sure what that actually gets us over the JCR UUID, though, and if it could satisfy ^
<awoods>cbeer: If having a persistent UUID for F4 objects becomes a "feature", F4 may need to eventually take on that responsibility depending on the direction ModeShape takes.13:25
<cbeer>awoods: right now i think we mask the jcr:uuid property in a fcrepo4 namespace when we serialize to triples. if we just stuck it in another namespace, would that help address your concerns about confusion?
e.g. internal-non-persistent-unique-identifier:uuid
awoods: and, to be clear, i don't think the UUID-ness of the identifier is a feature. i think the uniqueness is, and i think that's a promise JCR makes to us and won't go anywhere anytime soon.13:26
<awoods>cbeer: and at this point, F4 moving away from JCR is somewhat unlikely.13:27
* cjcolvar leaves13:51
* longshou joins14:04
* dwilcox joins14:18
* github-ff joins
[fcrepo4] escowles created reference-literals (+1 new commit): http://git.io/4VSKIg
fcrepo4/reference-literals 57490c2 Esmé Cowles: Prevent reference properties pointing at literals
* github-ff leaves
* github-ff joins14:19
[fcrepo4] escowles opened pull request #361: Prevent reference properties pointing at literals (master...reference-literals) http://git.io/qmQ3cA
* github-ff leaves
<pivotal-bot>Esme Cowles added comment: "https://github.com/fcrepo4/fcrepo4/pull/361" https://www.pivotaltracker.com/story/show/71279532
Esme Cowles finished "500 error when you send a string instead of a URI as the object of a REFERENCE property" https://www.pivotaltracker.com/story/show/7127953214:20
<tecoripa>mikeAtUVa: just finished up the xacml triple finder unit tests...14:26
mikeAtUVa: I can help out with the IP policy, if you like14:27
<mikeAtUva>tecoripa: alright.... I'm normalizing it now based on what I see in the src/main/resources/policies directory.
tecoripa: do the first two ResourceMatch declarations scope it to just objects with a mixin defining it as being subject to xacml policies?14:28
<tecoripa>mikeAtUVA: just a sec, let me parse that question...14:29
what file are you looking at?14:30
* dwilcox_ joins14:31
<awoods>cbeer: JCR UUIDs live to see another day.
* dwilcox leaves
<tecoripa>mikeAtUVa: are you referring to the *PermissionPolicy? for readers?14:32
<mikeAtUva>tecoripa: yeah...
tecoripa: I guess I don't know what http://fedora.info/definitions/v4/authorization#Assignment and http://fedora.info/definitions/v4/authorization#Rbacl mean and which nodes would have that type.14:33
<tecoripa>mikeAtUVa: those ResourceMatches are on a Rule that *denies*. basically, it's saying that anyone with this permission set cannot read those ACL properties (Rbacl and Assignment)14:34
mikeAtUVa: those are the node properties that contain ACL info.
mikeAtUVa: fwiw, I think gregjansen modified them so that readers could read those properties, so those two resources may disappear from the deny ruleset.14:36
<mikeAtUva>tecoripa: Cool... thanks14:37
tecoripa: I'm going to push what i think is a correect and complete IP policy to github and maybe you'd be willing to take a look to see if it makes sense?
* travis-ci joins14:38
[travis-ci] fcrepo4/fcrepo4#1969 (reference-literals - 57490c2 : Esmé Cowles): The build passed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo4/commit/57490c2d9ba5
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo4/builds/25267181
* travis-ci leaves
<tecoripa>mikeAtUVa: sure, I'll do that.
<mikeAtUva>tecoripa: my biggest hangup on this stuff is that it seems like you can put your conditions anywhere... in targets or rules and I'm not sure what is most correct.14:39
* github-ff joins14:40
[fcrepo4] lsitu opened pull request #362: Hierarchy (hierarchy...hierarchy) http://git.io/MRWSSg
* github-ff leaves
<pivotal-bot>Longshou Situ added comment: "https://github.com/fcrepo4/fcrepo4/pull/362" https://www.pivotaltracker.com/story/show/71230608
Longshou Situ finished "Refactor CRUD in FedoraNodes and FedoraContent for transparent auto-hierarchy support." https://www.pivotaltracker.com/story/show/71230608
<tecoripa>mikeAtUVa: you want to put your conditions in Rules, for the most part, at least the way we're thinking about it14:41
mikeAtUva: Permissions policiies will have the actual rules that do filtering; right now, we're thinking of Permissions as the global catch-all for roles, and Rules as the heart of a permission policy.14:43
<mikeAtUva>tecoripa: is it implied that a policy will only be applicable to a node or subgraph to which it's linked or do I have to include something like that in my policies?14:44
* mikeAtUva wonders why it takes minutes to fork the repo...
<tecoripa>mikeAtUva: it is only applicable to the node or subgraph to which it's linked: the node becomes the Resource passed into the PDP in the request.14:45
that said, a policy applies to all the node's children, unless explicitly overridden14:46
and the root node will have a policy attached.
<mikeAtUva>tecoripa: so if we leave the Target tag completely empty it will apply to all actions, resources, subjects, environments on the subgraph to which it's applied?14:49
tecoripa: unless overridden by another applicable policy?14:50
<tecoripa>mikeAtUva: yes.
mikeAtUva: I just noticed that gregjansen had commented out the deny Rule in the Reader policy. So Reader gets to read everything, unless explicitly denied.14:52
<mikeAtUva>tecoripa: https://github.com/mikedurbin/fcrepo-module-auth-xacml/blob/master/src/main/resources/policies/ReadOnlyExcepToLocalPolicySet.xml14:56
tecoripa: let me know if I'm way off base...
<pivotal-bot>Andrew Woods added comment: "Documentation to include notes from: https://github.com/fcrepo4/fcrepo4/pull/357" https://www.pivotaltracker.com/story/show/7071034814:59
Andrew Woods delivered "Refactor fedoraUser AuthZ expectation" https://www.pivotaltracker.com/story/show/7030626815:00
* github-ff joins
[fcrepo4] awoods pushed 2 new commits to master: http://git.io/H9fMqA
fcrepo4/master 083e5c5 Kevin S. Clarke: Removed requirement for fedoraUser in auth'ed connections
fcrepo4/master 3515595 Andrew Woods: Merge pull request #357 from ksclarke/remove-fedoraUser-dependency-70306268...
* github-ff leaves
<tecoripa>mikeAtUva: I'll look now
* gregjansen leaves15:02
<tecoripa>mikeAtUva: I'll post comments as I evaluate this...
<mikeAtUva>tecoripa: thank you very much.15:03
* gregjansen joins15:04
<tecoripa>mikeAtUva: 1) use the prefix "fcrepo-xacml:" for PolicyId, as it's not a referencable object, but just an internal (to the policy) identifier.
mikeAtUva: the "MustBePresent" attribute doesn't need to be included, if it's false -- the default is false.15:09
mikeAtUva: I try to strip out anything extraneous from the policies, since they are hard enough to read as it is.
<mikeAtUva>tecoripa: they sure are... thanks for the tip.15:10
<tecoripa>mikeAtUva: the actions you include are every action except read, which is permiited to all, right?15:13
mikeAtUva: I think you could make the policy a lot smaller...15:14
<mikeAtUva>tecoripa: that was the intent.
tecoripa: I intended to prevent any repository-modifying action...15:15
<tecoripa>mikeAtUva: two rules: 1) permit all to local Ips (no action filters)
mikeAtUva: 2) permit only read to non-local IPs
mikeAtUva: the rule-combining algorithm would be first-applicable15:16
mikeAtUva:15:17
<Rule 1>
<mikeAtUva>tecoripa: and then there's an implied denial if they're not a local IP and not doing a read operation?
tecoripa: inherited, not implied...15:18
<tecoripa>mikeAtUva:15:19
<Rule1 Permit>
<Condition>local IP</Condition>
</Rule>
<Rule2 Permit>
<Action>read</Action>
</Rule>
<Rule3 Deny/>
mikeAtUva: so really, three rules, that last we being a deny
mikeAtUVa: we use that in the Permissions policies, look at the end of the files15:20
<mikeAtUva>tecoripa: makes sense... do the RuleId's have to be globally unique or just unique to the policy?15:22
* travis-ci joins15:23
[travis-ci] fcrepo4/fcrepo4#1972 (master - 3515595 : Andrew Woods): The build was broken.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo4/compare/ff5a3b7be97c...3515595b95e2
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo4/builds/25270433
* travis-ci leaves
<tecoripa>globally, I think. They're all combined into one massive policy by the PDP.
mikeAtUva: another fix: use the EnvironmentAttributeDesignator ID urn:fedora:xacml:2.0:environment:original-ip-address for IPs, gregjansen created that type for special IPs that come from the *real* source.15:27
mikeAtUva: see https://wiki.duraspace.org/display/FF/Fedora+XACML+Attributes towards the bottom15:28
<mikeAtUva>tecoripa: alright, I've fixed it and should be able to whip up a mime type policy more quickly... thanks for doing all the hard work for me;)15:31
<tecoripa>mikeAtUva: also, I don't think you need to wrap the matched in <Condition> and <Apply>... just put the matches in <Environment> blocks
mikeAtUva:15:35
<Environments>
<Environment>
<EnvironmentMatch>
<AttributeValue>
<EnvironmentAttributeDesignator>
</EnvironmentMatch>
[...]
<mikeAtUva>tecoripa: yeah, I'm working on that...
Again... this required "matchId" is kind of annoying... do I just have to make up IDs all over the place that I'll never reference again?15:36
<awoods>longshou: This PR has 14 commits, is it safe to assume that the work needing review is the first and last commit?
https://github.com/fcrepo4/fcrepo4/pull/358/commits
longshou: "rebase master" works well for pushing your local commits to the front of the list.15:37
<tecoripa>mikeAtUva: matchId? that's your match function, right? string-match, string-regex, etc.?
<mikeAtUva>Oh yeah...
tecoripa: https://github.com/mikedurbin/fcrepo-module-auth-xacml/blob/master/src/main/resources/policies/ReadOnlyExceptToLocalPolicySet.xml15:42
<pivotal-bot>Esme Cowles added "Improve performance of range retrieval" https://www.pivotaltracker.com/story/show/7142977015:48
Esme Cowles edited "Improve performance of range retrieval" https://www.pivotaltracker.com/story/show/71429770
<tecoripa>mikeAtUva: another XACML subtlety: multiple match statements *within* an Environment tag are AND'ed, but multiple Environment tags within Environments are OR's15:49
<mikeAtUva>tecoripa: doh... I flipped a coin and lost on that one too.15:50
tecoripa: I can't thank you enough for walking me through this.15:52
<tecoripa>mikeAtUva: sure, no problem. I spent most of the day Tuesday sweating through it -- no need for others to follow that thorny path15:53
<ksclarke>is there a way to open up /fedora/admin on fedora 3 (asking for a colleague)? he wants it wide open to test something15:55
<mikeAtUva>ksclarke: it'd be easiest just to use a shared admin password... but I'm pretty sure you can also eliminate the requirement for authentication at all (I remember commenting out blocks in web.xml that required authorization... that might have changed since Spring was introduced in the later 3.somethings.15:58
<longshou>awoods: Yes, it’s safe to assume all changes are in the first and the last commit, and I think it’s safe to just replace the whole fcr-versions.vsl file if it’s easier since it corssed so many commits.16:00
<ksclarke>thanks mikeAtUVA... I suggested the web.xml and he said he'd tried that; tecoripa (in person) suggested turning off all the policies in fconfig for wide open access, too
<awoods>longshou: thanks16:01
<mikeAtUva>ksclarke: your goal is to prevent any sort of authorization challenge at all?
<ksclarke>mikeAtUva yeah... it's just for testing something (I don't know the full details)16:02
it's a sandbox not our real dev or stage or anything
<mikeAtUva>ksclarke: looks like the new relevant config is in fedora-3.7.0/server/config/spring/web/security.xml16:03
<ksclarke>mikeAtUva, thanks, forwarding that along to him too16:04
<mikeAtUva>(when I say new, it's probably several years old... we run old fedora versions where I work... )
* github-ff joins16:17
[fcrepo4] awoods pushed 1 new commit to master: http://git.io/0zw-Gw
fcrepo4/master dcd0d3d lsitu: Improve and clean up fcr:versions html view to list the child version under its parent....
* github-ff leaves
<tecoripa>mikeAtUva: one last cavilling suggestion: can you change your RuleIDs to be a little more focused? i.e., instead of "PermitReadFromAnyone", name it something like "PermitReadToAllIPs"16:18
* github-ff joins16:19
[fcrepo4] awoods closed pull request #358: Feature/versions html (master...feature/versions_html) http://git.io/AayCQw
* github-ff leaves
<pivotal-bot>Andrew Woods added comment: "Resolved with: https://github.com/fcrepo4/fcrepo4/commit/dcd0d3d495e3b0395c6f3118215c0327b69b7102" https://www.pivotaltracker.com/story/show/70475058
<tecoripa>mikeAtUva: it makes it much easier to track which rules do what when using tools that combine all your policies and present a tree.
<pivotal-bot>Andrew Woods delivered "Improve and simplify fcr:versions response triples." https://www.pivotaltracker.com/story/show/70475058
* dwilcox_ leaves16:20
<mikeAtUva>tecoripa: is there anyway to have a single simple deny rule that's shared? I fear we'll end up with dozens of rules that are catch-all deny's...
<tecoripa>mikeAtUva: that's a good idea. I think we could create a policy set that has that one simple rule, and then include it in the role policies, at the end.16:22
mikeAtUva: in fact, we have one. https://github.com/sprater/fcrepo-module-auth-xacml/blob/master/src/main/resources/policies/GlobalRolesPolicySet.xml16:27
* github-ff joins16:36
[fcrepo-module-auth-xacml] mikedurbin opened pull request #15: Added example IP-based policy and RDF attribute-based policy. (master...master) http://git.io/1GWTqw
* github-ff leaves
<pivotal-bot>Mike Durbin added comment: "https://github.com/fcrepo4/fcrepo-module-auth-xacml/pull/15" https://www.pivotaltracker.com/story/show/70689374
Mike Durbin added comment: "I got a LOT of help from @scottprater and there's still probably some tweaks, but we might be to the point w..." https://www.pivotaltracker.com/story/show/7068937416:37
Mike Durbin finished "Create XACML policies for non-role-based use cases" https://www.pivotaltracker.com/story/show/7068937416:38
<tecoripa>mikeAtUva: the mime-type policy looks good, too16:49
* github-ff joins16:50
[fcrepo4] gregjan opened pull request #363: Adds session information to callbacks for roles-based delegates (master...master) http://git.io/BKieYw
* github-ff leaves
<pivotal-bot>Gregory Jansen added comment: "https://github.com/fcrepo4/fcrepo4/pull/363 happened along the way.." https://www.pivotaltracker.com/story/show/7077180616:51
* github-ff joins
[fcrepo-module-auth-xacml] sprater closed pull request #15: Added example IP-based policy and RDF attribute-based policy. (master...master) http://git.io/1GWTqw
* github-ff leaves
<mikeAtUva>tecoripa: I hope you guys don't spend all night on xacml... I remember there being some decent beer and/or barbeque in Asheville...16:52
* mikeAtUva feels his missed out on escowles legendary breakfasts by not going to the fedora house.16:53
<escowles>mikeAtUva: yes, it's true -- french toast and sausage gravy follow me wherever i go16:54
<tecoripa>mikeAtUva: we miss you... maybe next time
mikeAtUva: but yes -- beer and something edible soon
* github-ff joins16:55
[fcrepo4] escowles pushed 1 new commit to http-pid-minter: http://git.io/oUB4hw
fcrepo4/http-pid-minter c04d047 Esmé Cowles: Config updates
* github-ff leaves
* github-ff joins16:58
[fcrepo4] ksclarke opened pull request #364: fixed bug with remove fedoraUser req commit (master...bugfix-for-fedoraUser-PR-70306268) http://git.io/I9ASQQ
* github-ff leaves
* travis-ci joins
[travis-ci] fcrepo4/fcrepo-module-auth-xacml#40 (master - 57aa3af : sprater): The build passed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo-module-auth-xacml/compare/9eacc4e6bcb7...57aa3af44b0f
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo-module-auth-xacml/builds/25278413
* travis-ci leaves
* github-ff joins17:06
[fcrepo-module-auth-xacml] gregjan opened pull request #16: adjustments to global permissions for basic roles (master...master) http://git.io/T1vqbw
* github-ff leaves
* travis-ci joins17:08
[travis-ci] fcrepo4/fcrepo4#1975 (http-pid-minter - c04d047 : Esmé Cowles): The build passed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo4/compare/5fd139224a20...c04d047f4653
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo4/builds/25278751
* travis-ci leaves
<gregjansen>http://laughingseed.jackofthewood.com/17:16
http://www.chestnutasheville.com/images/pdf/051514_Dinner.pdf17:22
http://www.rhubarbasheville.com/menus/dinner/ (This looks good)17:24
* github-ff joins17:25
[fcrepo4] awoods closed pull request #364: fixed bug with remove fedoraUser req commit (master...bugfix-for-fedoraUser-PR-70306268) http://git.io/I9ASQQ
* github-ff leaves
<gregjansen>http://www.chaipaniasheville.com/menu.htm (indian street food)17:27
* travis-ci joins17:40
[travis-ci] fcrepo4/fcrepo4#1978 (master - 05a9522 : Andrew Woods): The build passed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo4/compare/dcd0d3d495e3...05a952255e3c
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo4/builds/25281413
* travis-ci leaves
<escowles>awoods: POST http://10.0.0.26:8080/dams/api/next_id (username & password both "dams", xpath="/response/ids/value"18:04
* github-ff joins18:15
[fcrepo-module-auth-xacml] sprater pushed 2 new commits to master: http://git.io/MsqT5A
fcrepo-module-auth-xacml/master 07cb251 Gregory Jansen: adjustments to global permissions for basic roles...
fcrepo-module-auth-xacml/master 6fd4e7d sprater: Merge pull request #16 from gregjan/master...
* github-ff leaves
* github-ff joins18:16
[fcrepo4] escowles pushed 1 new commit to http-pid-minter: http://git.io/WG0Yjw
fcrepo4/http-pid-minter e3e21c9 Esmé Cowles: Throwing runtime exceptions when minting fails
* github-ff leaves
<pivotal-bot>Andrew Woods added comment: "Also includes: https://github.com/fcrepo4/fcrepo4/pull/364" https://www.pivotaltracker.com/story/show/7030626818:21
Andrew Woods delivered "Clean-up HTML view of fcr:versions" https://www.pivotaltracker.com/story/show/70910668
* travis-ci joins18:24
[travis-ci] fcrepo4/fcrepo-module-auth-xacml#42 (master - 6fd4e7d : sprater): The build has errored.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo-module-auth-xacml/compare/57aa3af44b0f...6fd4e7d4ecae
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo-module-auth-xacml/builds/25285498
* travis-ci leaves
* github-ff joins18:27
[fcrepo4] ksclarke opened pull request #365: Created BOMs for fcrepo-jcr and fcrepo4 (master...create-project-boms-63571456) http://git.io/ZX-9sQ
* github-ff leaves
* github-ff joins18:28
[fcrepo4] awoods pushed 1 new commit to master: http://git.io/8TQKgw
fcrepo4/master 4959897 Esmé Cowles: Add HTTP-based PID minter...
* github-ff leaves
* github-ff joins18:30
[fcrepo-jms-indexer-pluggable] ksclarke opened pull request #42: switch deps to use fcrepo4-bom (master...switch-to-fcrepo4-bom-63571456) http://git.io/CD5Y8A
* github-ff leaves
* github-ff joins
[fcrepo4] awoods deleted http-pid-minter at e3e21c9: http://git.io/mmWYNw
* github-ff leaves
<pivotal-bot>Andrew Woods added comment: "Resolved with: https://github.com/fcrepo4/fcrepo4/commit/49598972f6b5cb943127c4ca3bfec347ff3c0599" https://www.pivotaltracker.com/story/show/70678050
Andrew Woods delivered "Remote pid-minter" https://www.pivotaltracker.com/story/show/70678050
* travis-ci joins18:31
[travis-ci] fcrepo4/fcrepo4#1980 (http-pid-minter - e3e21c9 : Esmé Cowles): The build passed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo4/compare/c04d047f4653...e3e21c9c9ecf
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo4/builds/25285583
* travis-ci leaves
* gregjansen leaves18:36
* travis-ci joins18:41
[travis-ci] fcrepo4/fcrepo4#1983 (master - 4959897 : Esmé Cowles): The build passed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo4/compare/05a952255e3c...49598972f6b5
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo4/builds/25286381
* travis-ci leaves
<pivotal-bot>Longshou Situ added comment: "Will be fixed: https://github.com/fcrepo4/fcrepo4/pull/362" https://www.pivotaltracker.com/story/show/7098443618:43
Longshou Situ finished "Hierarchy: Location response URL on object creation is unexpected" https://www.pivotaltracker.com/story/show/70984436
Longshou Situ added comment: "Will be fixed in: ""18:44
https://github.com/fcrepo4/fcrepo4/pull/362" https://www.pivotaltracker.com/story/show/70984934
Longshou Situ finished "Hierarchy: Datastreams created at a level too high" https://www.pivotaltracker.com/story/show/70984934
Longshou Situ added comment: "Will be fixed in https://github.com/fcrepo4/fcrepo4/pull/362" https://www.pivotaltracker.com/story/show/70984768
Longshou Situ finished "Hierarchy: 404 on object PUT" https://www.pivotaltracker.com/story/show/7098476818:45
Longshou Situ added comment: "Will be fixed in18:46
https://github.com/fcrepo4/fcrepo4/pull/362" https://www.pivotaltracker.com/story/show/70985150
Longshou Situ finished "Hierarchy: 404 on datastream creation" https://www.pivotaltracker.com/story/show/70985150
* benpennell1 leaves19:13
* mikeAtUva leaves19:23
* edInCo leaves19:28
* longshou leaves21:29
* benpennell1 joins22:21
<pivotal-bot>Andrew Woods accepted "Improve and simplify fcr:versions response triples." https://www.pivotaltracker.com/story/show/7047505822:23
Andrew Woods accepted "Remote pid-minter" https://www.pivotaltracker.com/story/show/7067805022:24
Andrew Woods accepted "Clean-up HTML view of fcr:versions" https://www.pivotaltracker.com/story/show/70910668
Andrew Woods accepted "Refactor fedoraUser AuthZ expectation" https://www.pivotaltracker.com/story/show/70306268
Andrew Woods accepted "Move git repos to new git organization" https://www.pivotaltracker.com/story/show/70671342
* escowles leaves22:35
* tecoripa leaves22:45
* github-ff joins23:04
[fcrepo4] awoods pushed 1 new commit to master: http://git.io/dA2TYg
fcrepo4/master 7ee52ec Gregory Jansen: Passes the user session through to subclasses that implement the role-based permission callback....
* github-ff leaves
<pivotal-bot>Andrew Woods added comment: "Related commit: https://github.com/fcrepo4/fcrepo4/commit/7ee52ecd18671dbd180185415994a2303a8bb115" https://www.pivotaltracker.com/story/show/7077180623:05
Kevin Clarke finished "Create Maven BOMs for fcrepo dependencies" https://www.pivotaltracker.com/story/show/63571456
Kevin Clarke added comment: "Would it make sense to send this ticket to the dev list so that people could try out these proposed formatt..." https://www.pivotaltracker.com/story/show/7126229823:06
* travis-ci joins23:16
[travis-ci] fcrepo4/fcrepo4#1984 (master - 7ee52ec : Gregory Jansen): The build passed.
[travis-ci] Change view : https://github.com/fcrepo4/fcrepo4/compare/49598972f6b5...7ee52ecd1867
[travis-ci] Build details : http://travis-ci.org/fcrepo4/fcrepo4/builds/25298901
* travis-ci leaves
* longshou joins23:58
* github-ff joins00:01
[fcrepo-module-auth-xacml] gregjan opened pull request #17: All tests pass! (master...master) http://git.io/tYcv9Q
* github-ff leaves
<pivotal-bot>Gregory Jansen added comment: "https://github.com/fcrepo4/fcrepo-module-auth-xacml/pull/17" https://www.pivotaltracker.com/story/show/70771806
Gregory Jansen finished "Integration tests for basic role XACML policies" https://www.pivotaltracker.com/story/show/70771806
Gregory Jansen accepted "XACML EnvironmentAttributeFinderModule" https://www.pivotaltracker.com/story/show/70696018
Gregory Jansen accepted "Create CND to express XACML policy structure" https://www.pivotaltracker.com/story/show/70689520
* gregjansen joins00:03
* gregjansen leaves00:30
* ksclarke leaves00:32

Generated by Sualtam