[
https://jira.duraspace.org/browse/DS-950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21228#action_21228
]
Tim Donohue commented on DS-950:
--------------------------------
Ugh. This is opening a can of worms after all.
There are a series of issues around how Crosswalks & the MetadataExposure class
function, which make this change to OAI-PMH problematic & detrimental to other
areas of DSpace (especially anything using Packagers or Crosswalks like AIP
Backup & Restore).
Namely, I've run into the following issues:
1. Issue around determining User Permissions via OAI-PMH
MetadataExposure requires usage of Context object to determine user's
"permissions", in order to allow System Admins to actually see all metadata
fields (even if they are marked as "hidden"). See DS-655 for more info on this.
However, OAI-PMH generates its metadata output formats via classes that
implement org.dspace.content.crosswalk.DisseminationCrosswalk Unfortunately,
Crosswalks have no direct access to the DSpace Context object. This means they
are unable to pass it to MetadataExposure. So, if a metadata field is marked
as "hidden" and a Crosswalk is changed to obey that rule, then it will ALWAYS
be hidden (even to System Administrators, and even to AIP Backup & Restore
functionality). Currently, Crosswalks do not obey MetadataExposure and
instead configure their own metadata fields, usually via a config in
[dspace]/config/crosswalks/
2. Issue around how MetadataExposure & Crosswalks are implemented
Essentially, to broaden the issue #1 above, MetadataExposure & Crosswalks are
not very "compatible" as things stand in DSpace.
Ideally, it seems like MetadataExposure should be replaced by metadata becoming
a full DSpaceObject (as suggested in comments in DS-655 and DS-800). As it
stands, MetadataExposure seems more like a "hack" to attempt to hide a field
system wide. But, this "hack" only really works for XMLUI & JSPUI (and
actually is completely incompatible with anything that uses Crosswalks, like
OAI-PMH). The more appropriate way to handle metadata hiding may be to move to
ideas detailed in DS-800
So, in the end, I'm now thinking this ticket may need to be marked as "won't
fix". It's not something that is easily resolvable until we look at larger
fixes like DS-800. Instead, in order to ensure 'dc.description.provenance' is
hidden from OAI-PMH METS/MODS, I think it should just be removed/commented out
in [dspace]/config/crosswalks/mods.propertes (as suggested in DS-708).
> Update OAI-PMH to fully obey 'metadata.hide.SCHEMA.ELEMENT.QUALIFIER'
> configuration settings
> --------------------------------------------------------------------------------------------
>
> Key: DS-950
> URL: https://jira.duraspace.org/browse/DS-950
> Project: DSpace
> Issue Type: Improvement
> Components: OAI-PMH
> Affects Versions: 1.7.0, 1.7.1, 1.7.2
> Reporter: Tim Donohue
> Assignee: Tim Donohue
> Fix For: 1.8.0
>
>
> This improvement came up as a sub-part of DS-708 (Deprecate & Remove old
> 'org.dspace.app.mets.METSExport' class)
> Essentially, most of the OAI-PMH interface does not obey the
> metadata.hide.SCHEMA.ELEMENT.QUALIFIER settings in dspace.cfg. This is even
> detailed in the dspace.cfg notes that say:
> ##### Hide Item Metadata Fields #####
> # Fields named here are hidden in the following places UNLESS the
> # logged-in user is an Administrator:
> # 1. XMLUI metadata XML view, and Item splash pages (long and short views).
> # 2. JSPUI Item splash pages
> # 3. OAI-PMH server, "oai_dc" format.
> # (NOTE: Other formats are _not_ affected.)
> # To designate a field as hidden, add a property here in the form:
> # metadata.hide.SCHEMA.ELEMENT.QUALIFIER = true
> #
> # This default configuration hides the dc.description.provenance field,
> # since that usually contains email addresses which ought to be kept
> # private and is mainly of interest to administrators:
> metadata.hide.dc.description.provenance = true
> The idea here is to actually make ALL of the OAI-PMH server's formats
> (oai_dc, mets, rdf, etc) obey this setting. In addition, this allows us to
> cleanup the old "oai.mets.hide-provenance" setting which was previously used
> by the METS/MODS format from OAI-PMH (see DS-708)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
