PKP Bugzilla – Bug 4891
Authentication system for SUSHI requests
Last modified: 2011-02-28 15:19:43 PST
Since SUSHI requests are not interactive and so can't use a username and password, we need a way for Journal Managers to manage who can see their SUSHI reports. The existing Subscriptions functionality could be pressed into service here, with its IP number awareness. I believe NLM harvesting relies on subscription functionality to allow it to work by IP also. I need ideas about the best way to handle authentication for SUSHI requests, perhaps: a. using existing subscriptions functionality; or b. coding something new based on the above code other ideas?
Colin, there are currently a number of places where the current subscription checks are used; I'd suggest staying consistent with that, and if we need to change it for some reason, we can change it for all similar cases.
We could make a new Role for journals to share their statistical information with others without having them see the other Journal Manager's tools. Such a "Statistics role" could then be used for the COUNTER, SUSHI, and the other statistical reports.
Commit to my cprince repo showing implementation of the OJS side of Sylvain's authentication server idea: https://github.com/cprince/ojs/commit/edad9d333a1978b55d45d3af0740e04183eeafd0 The idea is sound but I don't know what his ideas are for fleshing this out.