PKP Bugzilla – Bug 4891
Authentication system for SUSHI requests
Last modified: 2013-05-29 16:11:44 PDT
Since SUSHI requests are not interactive and so can't use a username and password, we need a way for Journal Managers to manage who can see their SUSHI reports.
The existing Subscriptions functionality could be pressed into service here, with its IP number awareness.
I believe NLM harvesting relies on subscription functionality to allow it to work by IP also.
I need ideas about the best way to handle authentication for SUSHI requests, perhaps:
a. using existing subscriptions functionality; or
b. coding something new based on the above code
Colin, there are currently a number of places where the current subscription checks are used; I'd suggest staying consistent with that, and if we need to change it for some reason, we can change it for all similar cases.
We could make a new Role for journals to share their statistical information with others without having them see the other Journal Manager's tools.
Such a "Statistics role" could then be used for the COUNTER, SUSHI, and the other statistical reports.
Commit to my cprince repo showing implementation of the OJS side of Sylvain's authentication server idea:
The idea is sound but I don't know what his ideas are for fleshing this out.
Not sure this is still relevant, but certainly isn't until 3.x; deferring.