€cdocutils.nodes document q)q}q(U nametypesq}q(Xfour distinct tiersqˆXinvestigator toolkitqNXapache configuration detailsqNXmnstorage.createq ˆXrestq ˆX accesspolicyq ˆXwhat is dataone?q NX%configuration as a replication targetq NXdataone web siteqˆXdataone service interfaceqˆX member nodesqNXobject replication policiesqNX"generating dataone system metadataqNXthe dataone service interfaceqNX$configuring metacat as a member nodeqNXcoordinating nodesqNX-configure tomcat to allow dataone identifiersqNXcnauthorization.setaccesspolicyqˆXdataone member node supportqNXincommonqˆXaccess control policiesqNXsystemmetadataqˆXdataoneqˆX"cnreplication.setreplicationpolicyqˆXmnstorage.updateqˆXcilogonqˆuUsubstitution_defsq }q!Uparse_messagesq"]q#Ucurrent_sourceq$NU decorationq%NUautofootnote_startq&KUnameidsq'}q((hUfour-distinct-tiersq)hUinvestigator-toolkitq*hUapache-configuration-detailsq+h Umnstorage-createq,h Urestq-h U accesspolicyq.h Uwhat-is-dataoneq/h U%configuration-as-a-replication-targetq0hUdataone-web-siteq1hUdataone-service-interfaceq2hU member-nodesq3hUobject-replication-policiesq4hU"generating-dataone-system-metadataq5hUthe-dataone-service-interfaceq6hU$configuring-metacat-as-a-member-nodeq7hUcoordinating-nodesq8hU-configure-tomcat-to-allow-dataone-identifiersq9hUcnauthorization-setaccesspolicyq:hUdataone-member-node-supportq;hUincommonqhUdataoneq?hU"cnreplication-setreplicationpolicyq@hUmnstorage-updateqAhUcilogonqBuUchildrenqC]qDcdocutils.nodes section qE)qF}qG(U rawsourceqHUUparentqIhUsourceqJXa/var/lib/jenkins/jobs/Metacat_stable/workspace/METACAT_2_8_4/docs/user/metacat/source/dataone.rstqKUtagnameqLUsectionqMU attributesqN}qO(UdupnamesqP]UclassesqQ]UbackrefsqR]UidsqS]qTh;aUnamesqU]qVhauUlineqWKUdocumentqXhhC]qY(cdocutils.nodes title qZ)q[}q\(hHXDataONE Member Node Supportq]hIhFhJhKhLUtitleq^hN}q_(hP]hQ]hR]hS]hU]uhWKhXhhC]q`cdocutils.nodes Text qaXDataONE Member Node Supportqb…qc}qd(hHh]hIh[ubaubcdocutils.nodes paragraph qe)qf}qg(hHXDataONE_ is a federation of data repositories that aims to improve interoperability among data repository software systems and advance the preservation of scientific data for future use. Metacat deployments can be configured to participate in DataONE_. This chapter describes the DataONE_ data federation, its architecture, and the way in which Metacat can be used to participate as a node in the DataONE system.hIhFhJhKhLU paragraphqhhN}qi(hP]hQ]hR]hS]hU]uhWKhXhhC]qj(cdocutils.nodes reference qk)ql}qm(hHXDataONE_UresolvedqnKhIhfhLU referenceqohN}qp(UnameXDataONEUrefuriqqXhttp://dataone.org/qrhS]hR]hP]hQ]hU]uhC]qshaXDataONEqt…qu}qv(hHUhIhlubaubhaXë is a federation of data repositories that aims to improve interoperability among data repository software systems and advance the preservation of scientific data for future use. Metacat deployments can be configured to participate in qw…qx}qy(hHXë is a federation of data repositories that aims to improve interoperability among data repository software systems and advance the preservation of scientific data for future use. Metacat deployments can be configured to participate in hIhfubhk)qz}q{(hHXDataONE_hnKhIhfhLhohN}q|(UnameXDataONEhqhrhS]hR]hP]hQ]hU]uhC]q}haXDataONEq~…q}q€(hHUhIhzubaubhaX. This chapter describes the q…q‚}qƒ(hHX. This chapter describes the hIhfubhk)q„}q…(hHXDataONE_hnKhIhfhLhohN}q†(UnameXDataONEhqhrhS]hR]hP]hQ]hU]uhC]q‡haXDataONEqˆ…q‰}qŠ(hHUhIh„ubaubhaX} data federation, its architecture, and the way in which Metacat can be used to participate as a node in the DataONE system.q‹…qŒ}q(hHX} data federation, its architecture, and the way in which Metacat can be used to participate as a node in the DataONE system.hIhfubeubcdocutils.nodes target qŽ)q}q(hHX .. _DataONE: http://dataone.org/U referencedq‘KhIhFhJhKhLUtargetq’hN}q“(hqhrhS]q”h?ahR]hP]hQ]hU]q•hauhWK hXhhC]ubhE)q–}q—(hHUhIhFhJhKhLhMhN}q˜(hP]hQ]hR]hS]q™h/ahU]qšh auhWK hXhhC]q›(hZ)qœ}q(hHXWhat is DataONE?qžhIh–hJhKhLh^hN}qŸ(hP]hQ]hR]hS]hU]uhWK hXhhC]q haXWhat is DataONE?q¡…q¢}q£(hHhžhIhœubaubhe)q¤}q¥(hHX&The DataONE_ project is a collaboration among scientists, technologists, librarians, and social scientists to build a robust, interoperable, and sustainable system for preserving and accessing Earth observational data at national and global scales. Supported by the U.S. National Science Foundation, DataONE partners focus on technological, financial, and organizational sustainability approaches to building a distributed network of data repositories that are fully interoperable, even when those repositories use divergent underlying software and support different data and metadata content standards. DataONE defines a common web-service service programming interface that allows the main software components of the DataONE system to seamlessly communicate. The components of the DataONE system include:hIh–hJhKhLhhhN}q¦(hP]hQ]hR]hS]hU]uhWKhXhhC]q§(haXThe q¨…q©}qª(hHXThe hIh¤ubhk)q«}q¬(hHXDataONE_hnKhIh¤hLhohN}q­(UnameXDataONEhqhrhS]hR]hP]hQ]hU]uhC]q®haXDataONEq¯…q°}q±(hHUhIh«ubaubhaX project is a collaboration among scientists, technologists, librarians, and social scientists to build a robust, interoperable, and sustainable system for preserving and accessing Earth observational data at national and global scales. Supported by the U.S. National Science Foundation, DataONE partners focus on technological, financial, and organizational sustainability approaches to building a distributed network of data repositories that are fully interoperable, even when those repositories use divergent underlying software and support different data and metadata content standards. DataONE defines a common web-service service programming interface that allows the main software components of the DataONE system to seamlessly communicate. The components of the DataONE system include:q²…q³}q´(hHX project is a collaboration among scientists, technologists, librarians, and social scientists to build a robust, interoperable, and sustainable system for preserving and accessing Earth observational data at national and global scales. Supported by the U.S. National Science Foundation, DataONE partners focus on technological, financial, and organizational sustainability approaches to building a distributed network of data repositories that are fully interoperable, even when those repositories use divergent underlying software and support different data and metadata content standards. DataONE defines a common web-service service programming interface that allows the main software components of the DataONE system to seamlessly communicate. The components of the DataONE system include:hIh¤ubeubcdocutils.nodes bullet_list qµ)q¶}q·(hHUhIh–hJhKhLU bullet_listq¸hN}q¹(UbulletqºX*hS]hR]hP]hQ]hU]uhWKhXhhC]q»(cdocutils.nodes list_item q¼)q½}q¾(hHXDataONE Service Interfaceq¿hIh¶hJhKhLU list_itemqÀhN}qÁ(hP]hQ]hR]hS]hU]uhWNhXhhC]qÂhe)qÃ}qÄ(hHh¿hIh½hJhKhLhhhN}qÅ(hP]hQ]hR]hS]hU]uhWKhC]qÆhaXDataONE Service InterfaceqÇ…qÈ}qÉ(hHh¿hIhÃubaubaubh¼)qÊ}qË(hHX Member NodesqÌhIh¶hJhKhLhÀhN}qÍ(hP]hQ]hR]hS]hU]uhWNhXhhC]qÎhe)qÏ}qÐ(hHhÌhIhÊhJhKhLhhhN}qÑ(hP]hQ]hR]hS]hU]uhWKhC]qÒhaX Member NodesqÓ…qÔ}qÕ(hHhÌhIhÏubaubaubh¼)qÖ}q×(hHXCoordinating NodesqØhIh¶hJhKhLhÀhN}qÙ(hP]hQ]hR]hS]hU]uhWNhXhhC]qÚhe)qÛ}qÜ(hHhØhIhÖhJhKhLhhhN}qÝ(hP]hQ]hR]hS]hU]uhWKhC]qÞhaXCoordinating Nodesqß…qà}qá(hHhØhIhÛubaubaubh¼)qâ}qã(hHXInvestigator Toolkit hIh¶hJhKhLhÀhN}qä(hP]hQ]hR]hS]hU]uhWNhXhhC]qåhe)qæ}qç(hHXInvestigator ToolkitqèhIhâhJhKhLhhhN}qé(hP]hQ]hR]hS]hU]uhWKhC]qêhaXInvestigator Toolkitqë…qì}qí(hHhèhIhæubaubaubeubhe)qî}qï(hHXÒMetacat implements the services needed to operate as a DataONE Member Node, as described below. The service interface then allows many different scientific software tools for data management, analysis, visualization and other parts of the scientific lifecycle to directly communicate with Metacat without being further specialized beyond the support needed for DataONE. This streamlines the process of writing scientific software both for servers and client tools.qðhIh–hJhKhLhhhN}qñ(hP]hQ]hR]hS]hU]uhWKhXhhC]qòhaXÒMetacat implements the services needed to operate as a DataONE Member Node, as described below. The service interface then allows many different scientific software tools for data management, analysis, visualization and other parts of the scientific lifecycle to directly communicate with Metacat without being further specialized beyond the support needed for DataONE. This streamlines the process of writing scientific software both for servers and client tools.qó…qô}qõ(hHhðhIhîubaubeubhE)qö}q÷(hHUhIhFhJhKhLhMhN}qø(hP]hQ]hR]hS]qùh6ahU]qúhauhWK&hXhhC]qû(hZ)qü}qý(hHXThe DataONE Service InterfaceqþhIhöhJhKhLh^hN}qÿ(hP]hQ]hR]hS]hU]uhWK&hXhhC]rhaXThe DataONE Service Interfacer…r}r(hHhþhIhüubaubhe)r}r(hHXoDataONE acheives interoperability by defining a lightweight but powerful set of REST_ web services that can be implemented by various data management software systems to allow those systems to effectively communicate with one another, exchange data, metadata, and other scientific objects. This `DataONE Service Interface`_ is an open standard that defines the communication protocols and technical expectations for software components that wish to participate in the DataONE federation. This service interface is divided into `four distinct tiers`_, with the intention that any given software system may implement only those tiers that are relevant to their repository; for example, a data aggregator might only implement the Tier 1 interfaces that provide anonymous access to public data sets, while a complete data management system like Metacat can implement all four tiers:hIhöhJhKhLhhhN}r(hP]hQ]hR]hS]hU]uhWK'hXhhC]r(haXPDataONE acheives interoperability by defining a lightweight but powerful set of r…r }r (hHXPDataONE acheives interoperability by defining a lightweight but powerful set of hIjubhk)r }r (hHXREST_hnKhIjhLhohN}r (UnameXRESThqX<http://en.wikipedia.org/wiki/Representational_state_transferrhS]hR]hP]hQ]hU]uhC]rhaXRESTr…r}r(hHUhIj ubaubhaXÓ web services that can be implemented by various data management software systems to allow those systems to effectively communicate with one another, exchange data, metadata, and other scientific objects. This r…r}r(hHXÓ web services that can be implemented by various data management software systems to allow those systems to effectively communicate with one another, exchange data, metadata, and other scientific objects. This hIjubhk)r}r(hHX`DataONE Service Interface`_hnKhIjhLhohN}r(UnameXDataONE Service InterfacehqX8http://releases.dataone.org/online/d1-architecture-1.0.0rhS]hR]hP]hQ]hU]uhC]rhaXDataONE Service Interfacer…r}r(hHUhIjubaubhaXÌ is an open standard that defines the communication protocols and technical expectations for software components that wish to participate in the DataONE federation. This service interface is divided into r…r}r (hHXÌ is an open standard that defines the communication protocols and technical expectations for software components that wish to participate in the DataONE federation. This service interface is divided into hIjubhk)r!}r"(hHX`four distinct tiers`_hnKhIjhLhohN}r#(UnameXfour distinct tiershqXHhttp://releases.dataone.org/online/d1-architecture-1.0.0/apis/index.htmlr$hS]hR]hP]hQ]hU]uhC]r%haXfour distinct tiersr&…r'}r((hHUhIj!ubaubhaXI, with the intention that any given software system may implement only those tiers that are relevant to their repository; for example, a data aggregator might only implement the Tier 1 interfaces that provide anonymous access to public data sets, while a complete data management system like Metacat can implement all four tiers:r)…r*}r+(hHXI, with the intention that any given software system may implement only those tiers that are relevant to their repository; for example, a data aggregator might only implement the Tier 1 interfaces that provide anonymous access to public data sets, while a complete data management system like Metacat can implement all four tiers:hIjubeubcdocutils.nodes enumerated_list r,)r-}r.(hHUhIhöhJhKhLUenumerated_listr/hN}r0(Usuffixr1U.hS]hR]hP]Uprefixr2UhQ]hU]Uenumtyper3Uarabicr4uhWK3hXhhC]r5(h¼)r6}r7(hHX,**Tier 1:** Read-only, anonymous data accessr8hIj-hJhKhLhÀhN}r9(hP]hQ]hR]hS]hU]uhWNhXhhC]r:he)r;}r<(hHj8hIj6hJhKhLhhhN}r=(hP]hQ]hR]hS]hU]uhWK3hC]r>(cdocutils.nodes strong r?)r@}rA(hHX **Tier 1:**hN}rB(hP]hQ]hR]hS]hU]uhIj;hC]rChaXTier 1:rD…rE}rF(hHUhIj@ubahLUstrongrGubhaX! Read-only, anonymous data accessrH…rI}rJ(hHX! Read-only, anonymous data accesshIj;ubeubaubh¼)rK}rL(hHX=**Tier 2:** Read-only, with authentication and access controlrMhIj-hJhKhLhÀhN}rN(hP]hQ]hR]hS]hU]uhWNhXhhC]rOhe)rP}rQ(hHjMhIjKhJhKhLhhhN}rR(hP]hQ]hR]hS]hU]uhWK4hC]rS(j?)rT}rU(hHX **Tier 2:**hN}rV(hP]hQ]hR]hS]hU]uhIjPhC]rWhaXTier 2:rX…rY}rZ(hHUhIjTubahLjGubhaX2 Read-only, with authentication and access controlr[…r\}r](hHX2 Read-only, with authentication and access controlhIjPubeubaubh¼)r^}r_(hHX**Tier 3:** Full Write accessr`hIj-hJhKhLhÀhN}ra(hP]hQ]hR]hS]hU]uhWNhXhhC]rbhe)rc}rd(hHj`hIj^hJhKhLhhhN}re(hP]hQ]hR]hS]hU]uhWK5hC]rf(j?)rg}rh(hHX **Tier 3:**hN}ri(hP]hQ]hR]hS]hU]uhIjchC]rjhaXTier 3:rk…rl}rm(hHUhIjgubahLjGubhaX Full Write accessrn…ro}rp(hHX Full Write accesshIjcubeubaubh¼)rq}rr(hHX(**Tier 4:** Replication target services hIj-hJhKhLhÀhN}rs(hP]hQ]hR]hS]hU]uhWNhXhhC]rthe)ru}rv(hHX'**Tier 4:** Replication target serviceshIjqhJhKhLhhhN}rw(hP]hQ]hR]hS]hU]uhWK6hC]rx(j?)ry}rz(hHX **Tier 4:**hN}r{(hP]hQ]hR]hS]hU]uhIjuhC]r|haXTier 4:r}…r~}r(hHUhIjyubahLjGubhaX Replication target servicesr€…r}r‚(hHX Replication target serviceshIjuubeubaubeubhŽ)rƒ}r„(hHXF.. _REST: http://en.wikipedia.org/wiki/Representational_state_transferh‘KhIhöhJhKhLh’hN}r…(hqjhS]r†h-ahR]hP]hQ]hU]r‡h auhWK8hXhhC]ubhŽ)rˆ}r‰(hHXW.. _DataONE Service Interface: http://releases.dataone.org/online/d1-architecture-1.0.0h‘KhIhöhJhKhLh’hN}rŠ(hqjhS]r‹h2ahR]hP]hQ]hU]rŒhauhWK:hXhhC]ubhŽ)r}rŽ(hHXa.. _four distinct tiers: http://releases.dataone.org/online/d1-architecture-1.0.0/apis/index.htmlh‘KhIhöhJhKhLh’hN}r(hqj$hS]rh)ahR]hP]hQ]hU]r‘hauhWKAggregated logging for data access across the whole federationr#hIjhJhKhLhhhN}r$(hP]hQ]hR]hS]hU]uhWK\hC]r%haX>Aggregated logging for data access across the whole federationr&…r'}r((hHj#hIj!ubaubaubeubhe)r)}r*(hHX¤Three geographically distributed Coordinating Nodes replicate these coordinating services at UC Santa Barbara, the University of New Mexico, and the Oak Ridge Campus. Coordinating Nodes are set up in a fully redundant manner, such that any of the coordinating nodes can be offline and the others will continue to provide availability of the services without interruption. The DataONE services expose their services at::hIj¨hJhKhLhhhN}r+(hP]hQ]hR]hS]hU]uhWK^hXhhC]r,haX£Three geographically distributed Coordinating Nodes replicate these coordinating services at UC Santa Barbara, the University of New Mexico, and the Oak Ridge Campus. Coordinating Nodes are set up in a fully redundant manner, such that any of the coordinating nodes can be offline and the others will continue to provide availability of the services without interruption. The DataONE services expose their services at:r-…r.}r/(hHX£Three geographically distributed Coordinating Nodes replicate these coordinating services at UC Santa Barbara, the University of New Mexico, and the Oak Ridge Campus. Coordinating Nodes are set up in a fully redundant manner, such that any of the coordinating nodes can be offline and the others will continue to provide availability of the services without interruption. The DataONE services expose their services at:hIj)ubaubcdocutils.nodes literal_block r0)r1}r2(hHXhttps://cn.dataone.org/cnhIj¨hJhKhLU literal_blockr3hN}r4(U xml:spacer5Upreserver6hS]hR]hP]hQ]hU]uhWKdhXhhC]r7haXhttps://cn.dataone.org/cnr8…r9}r:(hHUhIj1ubaubhe)r;}r<(hHX.And the DataONE search portal is available at:r=hIj¨hJhKhLhhhN}r>(hP]hQ]hR]hS]hU]uhWKfhXhhC]r?haX.And the DataONE search portal is available at:r@…rA}rB(hHj=hIj;ubaubcdocutils.nodes block_quote rC)rD}rE(hHUhIj¨hJhKhLU block_quoterFhN}rG(hP]hQ]hR]hS]hU]uhWNhXhhC]rHhe)rI}rJ(hHXhttps://cn.dataone.org/rKhIjDhJhKhLhhhN}rL(hP]hQ]hR]hS]hU]uhWKhhC]rMhk)rN}rO(hHjKhN}rP(UrefurijKhS]hR]hP]hQ]hU]uhIjIhC]rQhaXhttps://cn.dataone.org/rR…rS}rT(hHUhIjNubahLhoubaubaubhŽ)rU}rV(hHX#.. _CILogon: http://www.cilogon.orgh‘KhIj¨hJhKhLh’hN}rW(hqjéhS]rXhBahR]hP]hQ]hU]rYhauhWKjhXhhC]ubhŽ)rZ}r[(hHX!.. _InCommon: http://incommon.orgh‘KhIj¨hJhKhLh’hN}r\(hqjôhS]r]h//adminhIj}hJhKhLj3hN}r”(j5j6hS]hR]hP]hQ]hU]uhWKŠhXhhC]r•haX%http:////adminr–…r—}r˜(hHUhIj’ubaubhe)r™}rš(hHXwhere ```` represents the hostname of your webserver running metacat, and ```` is the name of the web context in which Metacat was installed. Once at the administrative utility, click on the DataONE configuration link, which should show the following screen:hIj}hJhKhLhhhN}r›(hP]hQ]hR]hS]hU]uhWKŒhXhhC]rœ(haXwhere r…rž}rŸ(hHXwhere hIj™ubcdocutils.nodes literal r )r¡}r¢(hHX````hN}r£(hP]hQ]hR]hS]hU]uhIj™hC]r¤haXr¥…r¦}r§(hHUhIj¡ubahLUliteralr¨ubhaX@ represents the hostname of your webserver running metacat, and r©…rª}r«(hHX@ represents the hostname of your webserver running metacat, and hIj™ubj )r¬}r­(hHX ````hN}r®(hP]hQ]hR]hS]hU]uhIj™hC]r¯haX r°…r±}r²(hHUhIj¬ubahLj¨ubhaX´ is the name of the web context in which Metacat was installed. Once at the administrative utility, click on the DataONE configuration link, which should show the following screen:r³…r´}rµ(hHX´ is the name of the web context in which Metacat was installed. Once at the administrative utility, click on the DataONE configuration link, which should show the following screen:hIj™ubeubcdocutils.nodes figure r¶)r·}r¸(hHUhIj}hJhKhLUfigurer¹hN}rº(Ualignr»XcenterhS]r¼Uid1r½ahR]hP]hQ]hU]uhWK”hXhhC]r¾(cdocutils.nodes image r¿)rÀ}rÁ(hHX†.. figure:: images/screenshots/image068.png :align: center The configuration screen for configuring Metacat as a DataONE node. hIj·hJhKhLUimagerÂhN}rÃ(UuriXimages/screenshots/image068.pngrÄhS]hR]hP]hQ]U candidatesrÅ}rÆU*jÄshU]uhWK”hC]ubcdocutils.nodes caption rÇ)rÈ}rÉ(hHXCThe configuration screen for configuring Metacat as a DataONE node.rÊhIj·hJhKhLUcaptionrËhN}rÌ(hP]hQ]hR]hS]hU]uhWK”hC]rÍhaXCThe configuration screen for configuring Metacat as a DataONE node.rÎ…rÏ}rÐ(hHjÊhIjÈubaubeubhe)rÑ}rÒ(hHX’To configure Metacat as a node in the DataONE network, configure the properties shown in the figure above. The Node Name should be a short name for the node that can be used in user interface displays that list the node. For example, one node in DataONE is the 'Knowledge Network for Biocomplexity'. Also provide a brief sentence or two describing the node, including its intended scope and purpose.rÓhIj}hJhKhLhhhN}rÔ(hP]hQ]hR]hS]hU]uhWK–hXhhC]rÕhaX’To configure Metacat as a node in the DataONE network, configure the properties shown in the figure above. The Node Name should be a short name for the node that can be used in user interface displays that list the node. For example, one node in DataONE is the 'Knowledge Network for Biocomplexity'. Also provide a brief sentence or two describing the node, including its intended scope and purpose.rÖ…r×}rØ(hHjÓhIjÑubaubhe)rÙ}rÚ(hHXÌThe Node Identifier field is a unique identifier assigned by DataONE to identify this node even when the node changes physical locations over time. After Metacat registers with the DataONE Coordinating Nodes (when you click 'Register' at the bottom of this form), the Node Identifier should not be changed. **It is critical that you not change the Node Identifier after registration**, as that will break the connection with the DataONE network. Changing this field should only happen in the rare case in which a new Metacat instance is being established to act as the provider for an existing DataONE Member Node, in which case the field can be edited to set it to the value of a valid, existing Node Identifier.hIj}hJhKhLhhhN}rÛ(hP]hQ]hR]hS]hU]uhWKœhXhhC]rÜ(haX5The Node Identifier field is a unique identifier assigned by DataONE to identify this node even when the node changes physical locations over time. After Metacat registers with the DataONE Coordinating Nodes (when you click 'Register' at the bottom of this form), the Node Identifier should not be changed. rÝ…rÞ}rß(hHX5The Node Identifier field is a unique identifier assigned by DataONE to identify this node even when the node changes physical locations over time. After Metacat registers with the DataONE Coordinating Nodes (when you click 'Register' at the bottom of this form), the Node Identifier should not be changed. hIjÙubj?)rà}rá(hHXM**It is critical that you not change the Node Identifier after registration**hN}râ(hP]hQ]hR]hS]hU]uhIjÙhC]rãhaXIIt is critical that you not change the Node Identifier after registrationrä…rå}ræ(hHUhIjàubahLjGubhaXJ, as that will break the connection with the DataONE network. Changing this field should only happen in the rare case in which a new Metacat instance is being established to act as the provider for an existing DataONE Member Node, in which case the field can be edited to set it to the value of a valid, existing Node Identifier.rç…rè}ré(hHXJ, as that will break the connection with the DataONE network. Changing this field should only happen in the rare case in which a new Metacat instance is being established to act as the provider for an existing DataONE Member Node, in which case the field can be edited to set it to the value of a valid, existing Node Identifier.hIjÙubeubhe)rê}rë(hHX"The Node Subject and Node Certificate Path are linked fields that are critical for proper operation of the node. To act as a Member Node in DataONE, you must obtain an X.509 certificate that can be used to identify this node and allow it to securely communicate using SSL with other nodes and client applications. This certificate can be obtained from the DataONE Certificate Authority. Once you have the certificate in hand, use a tool such as ``openssl`` to determine the exact subject distinguished name in the certificate, and use that to set the Node Subject field. Set the Node Certificate Path to the location on the system in which you stored the certificate file. Be sure to protect the certificate file, as it contains the private key that is used to authenticate this node within DataONE.hIj}hJhKhLhhhN}rì(hP]hQ]hR]hS]hU]uhWK¦hXhhC]rí(haX¿The Node Subject and Node Certificate Path are linked fields that are critical for proper operation of the node. To act as a Member Node in DataONE, you must obtain an X.509 certificate that can be used to identify this node and allow it to securely communicate using SSL with other nodes and client applications. This certificate can be obtained from the DataONE Certificate Authority. Once you have the certificate in hand, use a tool such as rî…rï}rð(hHX¿The Node Subject and Node Certificate Path are linked fields that are critical for proper operation of the node. To act as a Member Node in DataONE, you must obtain an X.509 certificate that can be used to identify this node and allow it to securely communicate using SSL with other nodes and client applications. This certificate can be obtained from the DataONE Certificate Authority. Once you have the certificate in hand, use a tool such as hIjêubj )rñ}rò(hHX ``openssl``hN}ró(hP]hQ]hR]hS]hU]uhIjêhC]rôhaXopensslrõ…rö}r÷(hHUhIjñubahLj¨ubhaXX to determine the exact subject distinguished name in the certificate, and use that to set the Node Subject field. Set the Node Certificate Path to the location on the system in which you stored the certificate file. Be sure to protect the certificate file, as it contains the private key that is used to authenticate this node within DataONE.rø…rù}rú(hHXX to determine the exact subject distinguished name in the certificate, and use that to set the Node Subject field. Set the Node Certificate Path to the location on the system in which you stored the certificate file. Be sure to protect the certificate file, as it contains the private key that is used to authenticate this node within DataONE.hIjêubeubcdocutils.nodes note rû)rü}rý(hHX´For Tier 2 deployments and above, the Metacat Member Node must have Apache configured to request client certificates. Detailed instructions are included at the end of this chapter.hIj}hJhKhLUnoterþhN}rÿ(hP]hQ]hR]hS]hU]uhWNhXhhC]rhe)r}r(hHX´For Tier 2 deployments and above, the Metacat Member Node must have Apache configured to request client certificates. Detailed instructions are included at the end of this chapter.rhIjühJhKhLhhhN}r(hP]hQ]hR]hS]hU]uhWK´hC]rhaX´For Tier 2 deployments and above, the Metacat Member Node must have Apache configured to request client certificates. Detailed instructions are included at the end of this chapter.r…r}r(hHjhIjubaubaubhe)r }r (hHX+The ``Enable DataONE Services`` checkbox allows the administrator to decide whether to turn on synchronization with the DataONE network. When this box is unchecked, the DataONE Coordinating Nodes will not attempt to synchronize at all, but when checked, then DataONE will periodically contact the node to synchronize all metadata content. To be part of the DataONE network, this box must be checked as that allows DataONE to receive a copy of the metadata associated with each object in the Metacat system. The switch is provided for those rare cases when a node needs to be disconnected from DataONE for maintenance or service outages. When the box is checked, DataONE contacts the node using the schedule provided in the ``Synchronization Schedule`` fields. The example in the dialog above has synchronization occurring once every third minutes at the 10 second mark of those minutes. The syntax for these schedules follows the Quartz Crontab Entry syntax, which provides for many flexible schedule configurations. If the administrator desires a less frequent schedule, such as daily, that can be configured by changing the ``*`` in the ``Hours`` field to be a concrete hour (such as ``11``) and the ``Minutes`` field to a concrete value like``15``, which would change the schedule to synchronize at 11:15 am daily.hIj}hJhKhLhhhN}r (hP]hQ]hR]hS]hU]uhWK·hXhhC]r (haXThe r …r}r(hHXThe hIj ubj )r}r(hHX``Enable DataONE Services``hN}r(hP]hQ]hR]hS]hU]uhIj hC]rhaXEnable DataONE Servicesr…r}r(hHUhIjubahLj¨ubhaX· checkbox allows the administrator to decide whether to turn on synchronization with the DataONE network. When this box is unchecked, the DataONE Coordinating Nodes will not attempt to synchronize at all, but when checked, then DataONE will periodically contact the node to synchronize all metadata content. To be part of the DataONE network, this box must be checked as that allows DataONE to receive a copy of the metadata associated with each object in the Metacat system. The switch is provided for those rare cases when a node needs to be disconnected from DataONE for maintenance or service outages. When the box is checked, DataONE contacts the node using the schedule provided in the r…r}r(hHX· checkbox allows the administrator to decide whether to turn on synchronization with the DataONE network. When this box is unchecked, the DataONE Coordinating Nodes will not attempt to synchronize at all, but when checked, then DataONE will periodically contact the node to synchronize all metadata content. To be part of the DataONE network, this box must be checked as that allows DataONE to receive a copy of the metadata associated with each object in the Metacat system. The switch is provided for those rare cases when a node needs to be disconnected from DataONE for maintenance or service outages. When the box is checked, DataONE contacts the node using the schedule provided in the hIj ubj )r}r(hHX``Synchronization Schedule``hN}r(hP]hQ]hR]hS]hU]uhIj hC]rhaXSynchronization Scheduler…r}r (hHUhIjubahLj¨ubhaXz fields. The example in the dialog above has synchronization occurring once every third minutes at the 10 second mark of those minutes. The syntax for these schedules follows the Quartz Crontab Entry syntax, which provides for many flexible schedule configurations. If the administrator desires a less frequent schedule, such as daily, that can be configured by changing the r!…r"}r#(hHXz fields. The example in the dialog above has synchronization occurring once every third minutes at the 10 second mark of those minutes. The syntax for these schedules follows the Quartz Crontab Entry syntax, which provides for many flexible schedule configurations. If the administrator desires a less frequent schedule, such as daily, that can be configured by changing the hIj ubj )r$}r%(hHX``*``hN}r&(hP]hQ]hR]hS]hU]uhIj hC]r'haX*…r(}r)(hHUhIj$ubahLj¨ubhaX in the r*…r+}r,(hHX in the hIj ubj )r-}r.(hHX ``Hours``hN}r/(hP]hQ]hR]hS]hU]uhIj hC]r0haXHoursr1…r2}r3(hHUhIj-ubahLj¨ubhaX& field to be a concrete hour (such as r4…r5}r6(hHX& field to be a concrete hour (such as hIj ubj )r7}r8(hHX``11``hN}r9(hP]hQ]hR]hS]hU]uhIj hC]r:haX11r;…r<}r=(hHUhIj7ubahLj¨ubhaX ) and the r>…r?}r@(hHX ) and the hIj ubj )rA}rB(hHX ``Minutes``hN}rC(hP]hQ]hR]hS]hU]uhIj hC]rDhaXMinutesrE…rF}rG(hHUhIjAubahLj¨ubhaXh field to a concrete value like``15``, which would change the schedule to synchronize at 11:15 am daily.rH…rI}rJ(hHXh field to a concrete value like``15``, which would change the schedule to synchronize at 11:15 am daily.hIj ubeubhe)rK}rL(hHXNThe Replication section is used to configure replication options for the node overall and for objects stored in Metacat. The ``Accept and Store Replicas`` checkbox is used to indicate that the administrator of this node is willing to allow replica data and metadata from other Member Nodes to be stored on this node. We encourage people to allow replication to their nodes, as this increases the scalability and flexibility of the network overall. The three "Default" fields set the default values for the replication policies for data and metadata on this node that are generated when System Metadata is not available for an object (such as when it originates from a client that is not DataONE compliant). The ``Default Number of Replicas`` determines how many replica copies of the object should be stored on other Member Nodes. A value of 0 or less indicates that no replicas should be stored. In addition, you can specify a list of nodes that are either preferred for use when choosing replica nodes, or that are blocked from use as replica nodes. This allows Member Nodes to set up bidirectional agreements with partner nodes to replicate data across their sites. The values for both ``Default Preferred Nodes`` and ``Default Blocked Nodes`` is a comma-separated list of NodeReference identifiers that were assigned to the target nodes by DataONE.hIj}hJhKhLhhhN}rM(hP]hQ]hR]hS]hU]uhWKÈhXhhC]rN(haX~The Replication section is used to configure replication options for the node overall and for objects stored in Metacat. The rO…rP}rQ(hHX~The Replication section is used to configure replication options for the node overall and for objects stored in Metacat. The hIjKubj )rR}rS(hHX``Accept and Store Replicas``hN}rT(hP]hQ]hR]hS]hU]uhIjKhC]rUhaXAccept and Store ReplicasrV…rW}rX(hHUhIjRubahLj¨ubhaX0 checkbox is used to indicate that the administrator of this node is willing to allow replica data and metadata from other Member Nodes to be stored on this node. We encourage people to allow replication to their nodes, as this increases the scalability and flexibility of the network overall. The three "Default" fields set the default values for the replication policies for data and metadata on this node that are generated when System Metadata is not available for an object (such as when it originates from a client that is not DataONE compliant). The rY…rZ}r[(hHX0 checkbox is used to indicate that the administrator of this node is willing to allow replica data and metadata from other Member Nodes to be stored on this node. We encourage people to allow replication to their nodes, as this increases the scalability and flexibility of the network overall. The three "Default" fields set the default values for the replication policies for data and metadata on this node that are generated when System Metadata is not available for an object (such as when it originates from a client that is not DataONE compliant). The hIjKubj )r\}r](hHX``Default Number of Replicas``hN}r^(hP]hQ]hR]hS]hU]uhIjKhC]r_haXDefault Number of Replicasr`…ra}rb(hHUhIj\ubahLj¨ubhaX determines how many replica copies of the object should be stored on other Member Nodes. A value of 0 or less indicates that no replicas should be stored. In addition, you can specify a list of nodes that are either preferred for use when choosing replica nodes, or that are blocked from use as replica nodes. This allows Member Nodes to set up bidirectional agreements with partner nodes to replicate data across their sites. The values for both rc…rd}re(hHX determines how many replica copies of the object should be stored on other Member Nodes. A value of 0 or less indicates that no replicas should be stored. In addition, you can specify a list of nodes that are either preferred for use when choosing replica nodes, or that are blocked from use as replica nodes. This allows Member Nodes to set up bidirectional agreements with partner nodes to replicate data across their sites. The values for both hIjKubj )rf}rg(hHX``Default Preferred Nodes``hN}rh(hP]hQ]hR]hS]hU]uhIjKhC]rihaXDefault Preferred Nodesrj…rk}rl(hHUhIjfubahLj¨ubhaX and rm…rn}ro(hHX and hIjKubj )rp}rq(hHX``Default Blocked Nodes``hN}rr(hP]hQ]hR]hS]hU]uhIjKhC]rshaXDefault Blocked Nodesrt…ru}rv(hHUhIjpubahLj¨ubhaXj is a comma-separated list of NodeReference identifiers that were assigned to the target nodes by DataONE.rw…rx}ry(hHXj is a comma-separated list of NodeReference identifiers that were assigned to the target nodes by DataONE.hIjKubeubhe)rz}r{(hHXÂOnce these parameters have been properly set, us the ``Register`` button to request to register with the DataONE Coordinating Node. This will generate a registration document describing this Metacat instance and send it to the Coordinating Node registration service. At that point, all that remains is to wait for the DataONE administrators to approve the node registration. Details of the approval process can be found on the `DataONE web site`_.hIj}hJhKhLhhhN}r|(hP]hQ]hR]hS]hU]uhWKÚhXhhC]r}(haX5Once these parameters have been properly set, us the r~…r}r€(hHX5Once these parameters have been properly set, us the hIjzubj )r}r‚(hHX ``Register``hN}rƒ(hP]hQ]hR]hS]hU]uhIjzhC]r„haXRegisterr……r†}r‡(hHUhIjubahLj¨ubhaXm button to request to register with the DataONE Coordinating Node. This will generate a registration document describing this Metacat instance and send it to the Coordinating Node registration service. At that point, all that remains is to wait for the DataONE administrators to approve the node registration. Details of the approval process can be found on the rˆ…r‰}rŠ(hHXm button to request to register with the DataONE Coordinating Node. This will generate a registration document describing this Metacat instance and send it to the Coordinating Node registration service. At that point, all that remains is to wait for the DataONE administrators to approve the node registration. Details of the approval process can be found on the hIjzubhk)r‹}rŒ(hHX`DataONE web site`_hnKhIjzhLhohN}r(UnameXDataONE web sitehqXhttp://www.dataone.orgrŽhS]hR]hP]hQ]hU]uhC]rhaXDataONE web siter…r‘}r’(hHUhIj‹ubaubhaX.…r“}r”(hHX.hIjzubeubhŽ)r•}r–(hHX,.. _DataONE web site: http://www.dataone.orgh‘KhIj}hJhKhLh’hN}r—(hqjŽhS]r˜h1ahR]hP]hQ]hU]r™hauhWKáhXhhC]ubeubhE)rš}r›(hHUhIhFhJhKhLhMhN}rœ(hP]hQ]hR]hS]rh=ahU]ržhauhWKähXhhC]rŸ(hZ)r }r¡(hHXAccess Control Policiesr¢hIjšhJhKhLh^hN}r£(hP]hQ]hR]hS]hU]uhWKähXhhC]r¤haXAccess Control Policiesr¥…r¦}r§(hHj¢hIj ubaubhe)r¨}r©(hHX}Metacat has supported fine grained access control for objects in the system since its inception. DataONE has devised a simple but effective access control system that is compatible with the prior system in Metacat. For each object in the DataONE system (including data objects, scientific metadata objects, and resource maps), a SystemMetadata_ document describes the critical metadata needed to manage that object in the system. This metadata includes a ``RightsHolder`` field and an ``AuthoritativeMemberNode`` field that are used to list the people and node that have ultimate control over the disposition of the object. In addition, a separate AccessPolicy_ can be included in the ``SystemMetadata`` for the object. This ``AccessPolicy`` consists of a set of rules that grant additional permissions to other people, groups, and systems in DataONE. For example, for one data file, two users (Alice and Bob) may be able make changes to the object, and the general public may be allowed to read the object. In the absence of explicit rules extending these permissions, Metacat enforces the rule that only the ``RightsHolder`` and ``AuthoritativeMemberNode`` have rights to the object, and that the Coordinating Node can manage ``SystemMetadata`` for the object. An example AccessPolicy that might be submitted with a dataset (giving Alice and Bob permission to read and write the object) follows:hIjšhJhKhLhhhN}rª(hP]hQ]hR]hS]hU]uhWKåhXhhC]r«(haXKMetacat has supported fine grained access control for objects in the system since its inception. DataONE has devised a simple but effective access control system that is compatible with the prior system in Metacat. For each object in the DataONE system (including data objects, scientific metadata objects, and resource maps), a r¬…r­}r®(hHXKMetacat has supported fine grained access control for objects in the system since its inception. DataONE has devised a simple but effective access control system that is compatible with the prior system in Metacat. For each object in the DataONE system (including data objects, scientific metadata objects, and resource maps), a hIj¨ubhk)r¯}r°(hHXSystemMetadata_hnKhIj¨hLhohN}r±(UnameXSystemMetadatahqX[http://releases.dataone.org/online/d1-architecture-1.0.0/apis/Types.html#Types.AccessPolicyr²hS]hR]hP]hQ]hU]uhC]r³haXSystemMetadatar´…rµ}r¶(hHUhIj¯ubaubhaXp document describes the critical metadata needed to manage that object in the system. This metadata includes a r·…r¸}r¹(hHXp document describes the critical metadata needed to manage that object in the system. This metadata includes a hIj¨ubj )rº}r»(hHX``RightsHolder``hN}r¼(hP]hQ]hR]hS]hU]uhIj¨hC]r½haX RightsHolderr¾…r¿}rÀ(hHUhIjºubahLj¨ubhaX field and an rÁ…rÂ}rÃ(hHX field and an hIj¨ubj )rÄ}rÅ(hHX``AuthoritativeMemberNode``hN}rÆ(hP]hQ]hR]hS]hU]uhIj¨hC]rÇhaXAuthoritativeMemberNoderÈ…rÉ}rÊ(hHUhIjÄubahLj¨ubhaX‰ field that are used to list the people and node that have ultimate control over the disposition of the object. In addition, a separate rË…rÌ}rÍ(hHX‰ field that are used to list the people and node that have ultimate control over the disposition of the object. In addition, a separate hIj¨ubhk)rÎ}rÏ(hHX AccessPolicy_hnKhIj¨hLhohN}rÐ(UnameX AccessPolicyhqX[http://releases.dataone.org/online/d1-architecture-1.0.0/apis/Types.html#Types.AccessPolicyrÑhS]hR]hP]hQ]hU]uhC]rÒhaX AccessPolicyrÓ…rÔ}rÕ(hHUhIjÎubaubhaX can be included in the rÖ…r×}rØ(hHX can be included in the hIj¨ubj )rÙ}rÚ(hHX``SystemMetadata``hN}rÛ(hP]hQ]hR]hS]hU]uhIj¨hC]rÜhaXSystemMetadatarÝ…rÞ}rß(hHUhIjÙubahLj¨ubhaX for the object. This rà…rá}râ(hHX for the object. This hIj¨ubj )rã}rä(hHX``AccessPolicy``hN}rå(hP]hQ]hR]hS]hU]uhIj¨hC]ræhaX AccessPolicyrç…rè}ré(hHUhIjãubahLj¨ubhaXs consists of a set of rules that grant additional permissions to other people, groups, and systems in DataONE. For example, for one data file, two users (Alice and Bob) may be able make changes to the object, and the general public may be allowed to read the object. In the absence of explicit rules extending these permissions, Metacat enforces the rule that only the rê…rë}rì(hHXs consists of a set of rules that grant additional permissions to other people, groups, and systems in DataONE. For example, for one data file, two users (Alice and Bob) may be able make changes to the object, and the general public may be allowed to read the object. In the absence of explicit rules extending these permissions, Metacat enforces the rule that only the hIj¨ubj )rí}rî(hHX``RightsHolder``hN}rï(hP]hQ]hR]hS]hU]uhIj¨hC]rðhaX RightsHolderrñ…rò}ró(hHUhIjíubahLj¨ubhaX and rô…rõ}rö(hHX and hIj¨ubj )r÷}rø(hHX``AuthoritativeMemberNode``hN}rù(hP]hQ]hR]hS]hU]uhIj¨hC]rúhaXAuthoritativeMemberNoderû…rü}rý(hHUhIj÷ubahLj¨ubhaXF have rights to the object, and that the Coordinating Node can manage rþ…rÿ}r(hHXF have rights to the object, and that the Coordinating Node can manage hIj¨ubj )r}r(hHX``SystemMetadata``hN}r(hP]hQ]hR]hS]hU]uhIj¨hC]rhaXSystemMetadatar…r}r(hHUhIjubahLj¨ubhaX˜ for the object. An example AccessPolicy that might be submitted with a dataset (giving Alice and Bob permission to read and write the object) follows:r…r }r (hHX˜ for the object. An example AccessPolicy that might be submitted with a dataset (giving Alice and Bob permission to read and write the object) follows:hIj¨ubeubj0)r }r (hHXê... /C=US/O=SomeIdP/CN=Alice /C=US/O=SomeIdP/CN=Bob read write ...hIjšhJhKhLj3hN}r (j5j6hS]hR]hP]hQ]hU]uhWKùhXhhC]rhaXê... /C=US/O=SomeIdP/CN=Alice /C=US/O=SomeIdP/CN=Bob read write ...r…r}r(hHUhIj ubaubhe)r}r(hHXòThese AccessPolicies can be embedded inside of the ``SystemMetadata`` that accompany submission of an object through the `MNStorage.create`_ and `MNStorage.update`_ services, or can be set using the `CNAuthorization.setAccessPolicy`_ service.hIjšhJhKhLhhhN}r(hP]hQ]hR]hS]hU]uhWMhXhhC]r(haX3These AccessPolicies can be embedded inside of the r…r}r(hHX3These AccessPolicies can be embedded inside of the hIjubj )r}r(hHX``SystemMetadata``hN}r(hP]hQ]hR]hS]hU]uhIjhC]rhaXSystemMetadatar…r}r(hHUhIjubahLj¨ubhaX4 that accompany submission of an object through the r …r!}r"(hHX4 that accompany submission of an object through the hIjubhk)r#}r$(hHX`MNStorage.create`_hnKhIjhLhohN}r%(UnameXMNStorage.createhqX[http://releases.dataone.org/online/d1-architecture-1.0.0/apis/MN_APIs.html#MNStorage.creater&hS]hR]hP]hQ]hU]uhC]r'haXMNStorage.creater(…r)}r*(hHUhIj#ubaubhaX and r+…r,}r-(hHX and hIjubhk)r.}r/(hHX`MNStorage.update`_hnKhIjhLhohN}r0(UnameXMNStorage.updatehqX[http://releases.dataone.org/online/d1-architecture-1.0.0/apis/MN_APIs.html#MNStorage.updater1hS]hR]hP]hQ]hU]uhC]r2haXMNStorage.updater3…r4}r5(hHUhIj.ubaubhaX# services, or can be set using the r6…r7}r8(hHX# services, or can be set using the hIjubhk)r9}r:(hHX"`CNAuthorization.setAccessPolicy`_hnKhIjhLhohN}r;(UnameXCNAuthorization.setAccessPolicyhqXjhttp://releases.dataone.org/online/d1-architecture-1.0.0/apis/CN_APIs.html#CNAuthorization.setAccessPolicyr<hS]hR]hP]hQ]hU]uhC]r=haXCNAuthorization.setAccessPolicyr>…r?}r@(hHUhIj9ubaubhaX service.rA…rB}rC(hHX service.hIjubeubhŽ)rD}rE(hHXo.. _SystemMetadata: http://releases.dataone.org/online/d1-architecture-1.0.0/apis/Types.html#Types.AccessPolicyh‘KhIjšhJhKhLh’hN}rF(hqj²hS]rGh>ahR]hP]hQ]hU]rHhauhWMhXhhC]ubhŽ)rI}rJ(hHXm.. _AccessPolicy: http://releases.dataone.org/online/d1-architecture-1.0.0/apis/Types.html#Types.AccessPolicyh‘KhIjšhJhKhLh’hN}rK(hqjÑhS]rLh.ahR]hP]hQ]hU]rMh auhWM hXhhC]ubhŽ)rN}rO(hHXq.. _MNStorage.create: http://releases.dataone.org/online/d1-architecture-1.0.0/apis/MN_APIs.html#MNStorage.createh‘KhIjšhJhKhLh’hN}rP(hqj&hS]rQh,ahR]hP]hQ]hU]rRh auhWM hXhhC]ubhŽ)rS}rT(hHXq.. _MNStorage.update: http://releases.dataone.org/online/d1-architecture-1.0.0/apis/MN_APIs.html#MNStorage.updateh‘KhIjšhJhKhLh’hN}rU(hqj1hS]rVhAahR]hP]hQ]hU]rWhauhWMhXhhC]ubhŽ)rX}rY(hHX.. _CNAuthorization.setAccessPolicy: http://releases.dataone.org/online/d1-architecture-1.0.0/apis/CN_APIs.html#CNAuthorization.setAccessPolicyh‘KhIjšhJhKhLh’hN}rZ(hqj<hS]r[h:ahR]hP]hQ]hU]r\hauhWMhXhhC]ubeubhE)r]}r^(hHUhIhFhJhKhLhMhN}r_(hP]hQ]hR]hS]r`h0ahU]rah auhWMhXhhC]rb(hZ)rc}rd(hHX%Configuration as a replication targetrehIj]hJhKhLh^hN}rf(hP]hQ]hR]hS]hU]uhWMhXhhC]rghaX%Configuration as a replication targetrh…ri}rj(hHjehIjcubaubhe)rk}rl(hHXÚDataONE is designed to enable a robust preservation environment through replication of digital objects at multiple Member Nodes. Any Member Node in DataONE that implements the Tier 4 Service interface can offer to act as a target for object replication. Currently, Metacat configuration supports turning this replication function on or off. When the 'Act as a replication target' checkbox is checked, then Metacat will notify the Coordinating Nodes in DataONE that it is available to house replicas of objects from other nodes. Shortly thereafter, the Coordinating Nodes may notify Metacat to replicate objects from throughout the system, which it will start to do. There objects will begin to be listed in the Metacat catalog.rmhIj]hJhKhLhhhN}rn(hP]hQ]hR]hS]hU]uhWMhXhhC]rohaXÚDataONE is designed to enable a robust preservation environment through replication of digital objects at multiple Member Nodes. Any Member Node in DataONE that implements the Tier 4 Service interface can offer to act as a target for object replication. Currently, Metacat configuration supports turning this replication function on or off. When the 'Act as a replication target' checkbox is checked, then Metacat will notify the Coordinating Nodes in DataONE that it is available to house replicas of objects from other nodes. Shortly thereafter, the Coordinating Nodes may notify Metacat to replicate objects from throughout the system, which it will start to do. There objects will begin to be listed in the Metacat catalog.rp…rq}rr(hHjmhIjkubaubjû)rs}rt(hHXöFuture versions of Metacat will allow finer specification of the Node Replication Policy, which determines the set of objects that it is willing to replicate, using constraints on object size, total objects, source nodes, and object format types.hIj]hJhKhLjþhN}ru(hP]hQ]hR]hS]hU]uhWNhXhhC]rvhe)rw}rx(hHXöFuture versions of Metacat will allow finer specification of the Node Replication Policy, which determines the set of objects that it is willing to replicate, using constraints on object size, total objects, source nodes, and object format types.ryhIjshJhKhLhhhN}rz(hP]hQ]hR]hS]hU]uhWM hC]r{haXöFuture versions of Metacat will allow finer specification of the Node Replication Policy, which determines the set of objects that it is willing to replicate, using constraints on object size, total objects, source nodes, and object format types.r|…r}}r~(hHjyhIjwubaubaubeubhE)r}r€(hHUhIhFhJhKhLhMhN}r(hP]hQ]hR]hS]r‚h4ahU]rƒhauhWM&hXhhC]r„(hZ)r…}r†(hHXObject Replication Policiesr‡hIjhJhKhLh^hN}rˆ(hP]hQ]hR]hS]hU]uhWM&hXhhC]r‰haXObject Replication PoliciesrŠ…r‹}rŒ(hHj‡hIj…ubaubhe)r}rŽ(hHXIn addition to access control, each object also can have a ``ReplicationPolicy`` associated with it that determines whether DataONE should attempt to replicate the object for failover and backup purposes to other Member Nodes in the federation. Both the ``RightsHolder`` and ``AuthoritativeMemberNode`` for an object can set the ``ReplicationPolicy``, which consists of fields that describe how many replicas should be maintained, and any nodes that are preferred for housing those replicas, or that should be blocked from housing replicas.hIjhJhKhLhhhN}r(hP]hQ]hR]hS]hU]uhWM'hXhhC]r(haX;In addition to access control, each object also can have a r‘…r’}r“(hHX;In addition to access control, each object also can have a hIjubj )r”}r•(hHX``ReplicationPolicy``hN}r–(hP]hQ]hR]hS]hU]uhIjhC]r—haXReplicationPolicyr˜…r™}rš(hHUhIj”ubahLj¨ubhaX® associated with it that determines whether DataONE should attempt to replicate the object for failover and backup purposes to other Member Nodes in the federation. Both the r›…rœ}r(hHX® associated with it that determines whether DataONE should attempt to replicate the object for failover and backup purposes to other Member Nodes in the federation. Both the hIjubj )rž}rŸ(hHX``RightsHolder``hN}r (hP]hQ]hR]hS]hU]uhIjhC]r¡haX RightsHolderr¢…r£}r¤(hHUhIjžubahLj¨ubhaX and r¥…r¦}r§(hHX and hIjubj )r¨}r©(hHX``AuthoritativeMemberNode``hN}rª(hP]hQ]hR]hS]hU]uhIjhC]r«haXAuthoritativeMemberNoder¬…r­}r®(hHUhIj¨ubahLj¨ubhaX for an object can set the r¯…r°}r±(hHX for an object can set the hIjubj )r²}r³(hHX``ReplicationPolicy``hN}r´(hP]hQ]hR]hS]hU]uhIjhC]rµhaXReplicationPolicyr¶…r·}r¸(hHUhIj²ubahLj¨ubhaX¾, which consists of fields that describe how many replicas should be maintained, and any nodes that are preferred for housing those replicas, or that should be blocked from housing replicas.r¹…rº}r»(hHX¾, which consists of fields that describe how many replicas should be maintained, and any nodes that are preferred for housing those replicas, or that should be blocked from housing replicas.hIjubeubhe)r¼}r½(hHXúThese ReplicationPolicies can be embedded inside of the ``SystemMetadata`` that accompany submission of an object through the `MNStorage.create`_ and `MNStorage.update`_ services, or can be set using the `CNReplication.setReplicationPolicy`_ service.hIjhJhKhLhhhN}r¾(hP]hQ]hR]hS]hU]uhWM/hXhhC]r¿(haX8These ReplicationPolicies can be embedded inside of the rÀ…rÁ}rÂ(hHX8These ReplicationPolicies can be embedded inside of the hIj¼ubj )rÃ}rÄ(hHX``SystemMetadata``hN}rÅ(hP]hQ]hR]hS]hU]uhIj¼hC]rÆhaXSystemMetadatarÇ…rÈ}rÉ(hHUhIjÃubahLj¨ubhaX4 that accompany submission of an object through the rÊ…rË}rÌ(hHX4 that accompany submission of an object through the hIj¼ubhk)rÍ}rÎ(hHX`MNStorage.create`_hnKhIj¼hLhohN}rÏ(UnameXMNStorage.createhqj&hS]hR]hP]hQ]hU]uhC]rÐhaXMNStorage.createrÑ…rÒ}rÓ(hHUhIjÍubaubhaX and rÔ…rÕ}rÖ(hHX and hIj¼ubhk)r×}rØ(hHX`MNStorage.update`_hnKhIj¼hLhohN}rÙ(UnameXMNStorage.updatehqj1hS]hR]hP]hQ]hU]uhC]rÚhaXMNStorage.updaterÛ…rÜ}rÝ(hHUhIj×ubaubhaX# services, or can be set using the rÞ…rß}rà(hHX# services, or can be set using the hIj¼ubhk)rá}râ(hHX%`CNReplication.setReplicationPolicy`_hnKhIj¼hLhohN}rã(UnameX"CNReplication.setReplicationPolicyhqXmhttp://releases.dataone.org/online/d1-architecture-1.0.0/apis/CN_APIs.html#CNReplication.setReplicationPolicyrähS]hR]hP]hQ]hU]uhC]råhaX"CNReplication.setReplicationPolicyræ…rç}rè(hHUhIjáubaubhaX service.ré…rê}rë(hHX service.hIj¼ubeubhŽ)rì}rí(hHX•.. _CNReplication.setReplicationPolicy: http://releases.dataone.org/online/d1-architecture-1.0.0/apis/CN_APIs.html#CNReplication.setReplicationPolicyh‘KhIjhJhKhLh’hN}rî(hqjähS]rïh@ahR]hP]hQ]hU]rðhauhWM3hXhhC]ubeubhE)rñ}rò(hHUhIhFhJhKhLhMhN}ró(hP]hQ]hR]hS]rôh5ahU]rõhauhWM7hXhhC]rö(hZ)r÷}rø(hHX"Generating DataONE System MetadatarùhIjñhJhKhLh^hN}rú(hP]hQ]hR]hS]hU]uhWM7hXhhC]rûhaX"Generating DataONE System Metadatarü…rý}rþ(hHjùhIj÷ubaubhe)rÿ}r(hHXWhen a Metacat instance becomes a Member Node, System Metadata must be generated for the existing content. This can be invoked in the Replication configuration screen of the Metacat administration interface. Initially, Metacat instances will only need to generate System Metadata for their local content (the ``localhost`` entry). In cases where Metacat has participated in replication with other Metacat servers, it may be useful to generate System Metadata for those replica records as well. Please consult both the replication partner's administrator and the DataONE administrators before generating System Metadata for replica content.hIjñhJhKhLhhhN}r(hP]hQ]hR]hS]hU]uhWM8hXhhC]r(haX5When a Metacat instance becomes a Member Node, System Metadata must be generated for the existing content. This can be invoked in the Replication configuration screen of the Metacat administration interface. Initially, Metacat instances will only need to generate System Metadata for their local content (the r…r}r(hHX5When a Metacat instance becomes a Member Node, System Metadata must be generated for the existing content. This can be invoked in the Replication configuration screen of the Metacat administration interface. Initially, Metacat instances will only need to generate System Metadata for their local content (the hIjÿubj )r}r(hHX ``localhost``hN}r(hP]hQ]hR]hS]hU]uhIjÿhC]r haX localhostr …r }r (hHUhIjubahLj¨ubhaX= entry). In cases where Metacat has participated in replication with other Metacat servers, it may be useful to generate System Metadata for those replica records as well. Please consult both the replication partner's administrator and the DataONE administrators before generating System Metadata for replica content.r …r}r(hHX= entry). In cases where Metacat has participated in replication with other Metacat servers, it may be useful to generate System Metadata for those replica records as well. Please consult both the replication partner's administrator and the DataONE administrators before generating System Metadata for replica content.hIjÿubeubj¶)r}r(hHUhIjñhJhKhLj¹hN}r(j»XcenterhS]rUid2rahR]hP]hQ]hU]uhWMBhXhhC]r(j¿)r}r(hHX‡.. figure:: images/screenshots/image069.png :align: center The replication configuration screen for generating System Metadata. hIjhJhKhLjÂhN}r(UuriXimages/screenshots/image069.pngrhS]hR]hP]hQ]jÅ}rU*jshU]uhWMBhC]ubjÇ)r}r(hHXDThe replication configuration screen for generating System Metadata.rhIjhJhKhLjËhN}r(hP]hQ]hR]hS]hU]uhWMBhC]rhaXDThe replication configuration screen for generating System Metadata.r …r!}r"(hHjhIjubaubeubeubhE)r#}r$(hHUhIhFhJhKhLhMhN}r%(hP]hQ]hR]hS]r&h+ahU]r'hauhWMEhXhhC]r((hZ)r)}r*(hHXApache configuration detailsr+hIj#hJhKhLh^hN}r,(hP]hQ]hR]hS]hU]uhWMEhXhhC]r-haXApache configuration detailsr.…r/}r0(hHj+hIj)ubaubhe)r1}r2(hHXTThese Apache directives are crucial for Metacat to function as a Tier 2+ Member Noder3hIj#hJhKhLhhhN}r4(hP]hQ]hR]hS]hU]uhWMFhXhhC]r5haXTThese Apache directives are crucial for Metacat to function as a Tier 2+ Member Noder6…r7}r8(hHj3hIj1ubaubj0)r9}r:(hHXœ... AllowEncodedSlashes On AcceptPathInfo On JkOptions +ForwardURICompatUnparsed SSLEngine on SSLOptions +StrictRequire +StdEnvVars +ExportCertData SSLVerifyClient optional SSLVerifyDepth 10 SSLCertificateFile /etc/ssl/certs/ SSLCertificateKeyFile /etc/ssl/private/ SSLCertificateChainFile /etc/ssl/certs/.crt SSLCACertificatePath /etc/ssl/certs/ ...hIj#hJhKhLj3hN}r;(j5j6hS]hR]hP]hQ]hU]uhWMJhXhhC]r<haXœ... AllowEncodedSlashes On AcceptPathInfo On JkOptions +ForwardURICompatUnparsed SSLEngine on SSLOptions +StrictRequire +StdEnvVars +ExportCertData SSLVerifyClient optional SSLVerifyDepth 10 SSLCertificateFile /etc/ssl/certs/ SSLCertificateKeyFile /etc/ssl/private/ SSLCertificateChainFile /etc/ssl/certs/.crt SSLCACertificatePath /etc/ssl/certs/ ...r=…r>}r?(hHUhIj9ubaubhe)r@}rA(hHX™Where ```` and ```` are the certificate/key pair used by Apache to identify the server to clients. The DataONE Certiciate Authority certificate - available from the DataONE administrators - will also need to be added to the directory specified by ``SSLCACertificatePath`` in order to validate client certificates signed by that authority. DataONE has also provided a CA chain file that may be used in lieu of directory-based CA confinguration. The `SSLCACertificateFile`` directive should be used when configuring your member node with the DataONE CA chain. When these changes have been applied, Apache should be restarted:hIj#hJhKhLhhhN}rB(hP]hQ]hR]hS]hU]uhWMXhXhhC]rC(haXWhere rD…rE}rF(hHXWhere hIj@ubj )rG}rH(hHX````hN}rI(hP]hQ]hR]hS]hU]uhIj@hC]rJhaXrK…rL}rM(hHUhIjGubahLj¨ubhaX and rN…rO}rP(hHX and hIj@ubj )rQ}rR(hHX````hN}rS(hP]hQ]hR]hS]hU]uhIj@hC]rThaXrU…rV}rW(hHUhIjQubahLj¨ubhaXä are the certificate/key pair used by Apache to identify the server to clients. The DataONE Certiciate Authority certificate - available from the DataONE administrators - will also need to be added to the directory specified by rX…rY}rZ(hHXä are the certificate/key pair used by Apache to identify the server to clients. The DataONE Certiciate Authority certificate - available from the DataONE administrators - will also need to be added to the directory specified by hIj@ubj )r[}r\(hHX``SSLCACertificatePath``hN}r](hP]hQ]hR]hS]hU]uhIj@hC]r^haXSSLCACertificatePathr_…r`}ra(hHUhIj[ubahLj¨ubhaX± in order to validate client certificates signed by that authority. DataONE has also provided a CA chain file that may be used in lieu of directory-based CA confinguration. The rb…rc}rd(hHX± in order to validate client certificates signed by that authority. DataONE has also provided a CA chain file that may be used in lieu of directory-based CA confinguration. The hIj@ubcdocutils.nodes title_reference re)rf}rg(hHX`SSLCACertificateFile``hN}rh(hP]hQ]hR]hS]hU]uhIj@hC]rihaXSSLCACertificateFile`rj…rk}rl(hHUhIjfubahLUtitle_referencermubhaX˜ directive should be used when configuring your member node with the DataONE CA chain. When these changes have been applied, Apache should be restarted:rn…ro}rp(hHX˜ directive should be used when configuring your member node with the DataONE CA chain. When these changes have been applied, Apache should be restarted:hIj@ubeubj0)rq}rr(hHX@cd /etc/ssl/certs sudo c_rehash sudo /etc/init.d/apache2 restarthIj#hJhKhLj3hN}rs(j5j6hS]hR]hP]hQ]hU]uhWMahXhhC]rthaX@cd /etc/ssl/certs sudo c_rehash sudo /etc/init.d/apache2 restartru…rv}rw(hHUhIjqubaubeubhE)rx}ry(hHUhIhFhJhKhLhMhN}rz(hP]hQ]hR]hS]r{h9ahU]r|hauhWMghXhhC]r}(hZ)r~}r(hHX-Configure Tomcat to allow DataONE identifiersr€hIjxhJhKhLh^hN}r(hP]hQ]hR]hS]hU]uhWMghXhhC]r‚haX-Configure Tomcat to allow DataONE identifiersrƒ…r„}r…(hHj€hIj~ubaubhe)r†}r‡(hHX4Edit ``/etc/tomcat/catalina.properties`` to include:rˆhIjxhJhKhLhhhN}r‰(hP]hQ]hR]hS]hU]uhWMhhXhhC]rŠ(haXEdit r‹…rŒ}r(hHXEdit hIj†ubj )rŽ}r(hHX#``/etc/tomcat/catalina.properties``hN}r(hP]hQ]hR]hS]hU]uhIj†hC]r‘haX/etc/tomcat/catalina.propertiesr’…r“}r”(hHUhIjŽubahLj¨ubhaX to include:r•…r–}r—(hHX to include:hIj†ubeubj0)r˜}r™(hHX}org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=truehIjxhJhKhLj3hN}rš(j5j6hS]hR]hP]hQ]hU]uhWMlhXhhC]r›haX}org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=truerœ…r}rž(hHUhIj˜ubaubeubeubahHUU transformerrŸNU footnote_refsr }r¡Urefnamesr¢}r£(Xfour distinct tiers]r¤j!aXmnstorage.create]r¥(j#jÍeXcnauthorization.setaccesspolicy]r¦j9aXdataone web site]r§j‹aXdataone service interface]r¨jaXincommon]r©jñaXrest]rªj aX accesspolicy]r«jÎaXsystemmetadata]r¬j¯aXdataone]r­(hlhzh„h«eX"cnreplication.setreplicationpolicy]r®jáaXmnstorage.update]r¯(j.j×eXcilogon]r°jæauUsymbol_footnotesr±]r²Uautofootnote_refsr³]r´Usymbol_footnote_refsrµ]r¶U citationsr·]r¸hXhU current_liner¹NUtransform_messagesrº]r»Ureporterr¼NUid_startr½KU autofootnotesr¾]r¿U citation_refsrÀ}rÁUindirect_targetsrÂ]rÃUsettingsrÄ(cdocutils.frontend Values rÅorÆ}rÇ(Ufootnote_backlinksrÈKUrecord_dependenciesrÉNU rfc_base_urlrÊUhttps://tools.ietf.org/html/rËU tracebackr̈Upep_referencesrÍNUstrip_commentsrÎNU toc_backlinksrÏUentryrÐU language_coderÑUenrÒU datestamprÓNU report_levelrÔKU _destinationrÕNU halt_levelrÖKU strip_classesr×Nh^NUerror_encoding_error_handlerrØUbackslashreplacerÙUdebugrÚNUembed_stylesheetrÛ‰Uoutput_encoding_error_handlerrÜUstrictrÝU sectnum_xformrÞKUdump_transformsrßNU docinfo_xformràKUwarning_streamráNUpep_file_url_templaterâUpep-%04drãUexit_status_levelräKUconfigråNUstrict_visitorræNUcloak_email_addressesrçˆUtrim_footnote_reference_spacerè‰UenvréNUdump_pseudo_xmlrêNUexpose_internalsrëNUsectsubtitle_xformrì‰U source_linkríNUrfc_referencesrîNUoutput_encodingrïUutf-8rðU source_urlrñNUinput_encodingròU utf-8-sigróU_disable_configrôNU id_prefixrõUU tab_widthröKUerror_encodingr÷UUTF-8røU_sourcerùhKUgettext_compactrúˆU generatorrûNUdump_internalsrüNU smart_quotesrý‰U pep_base_urlrþU https://www.python.org/dev/peps/rÿUsyntax_highlightrUlongrUinput_encoding_error_handlerrjÝUauto_id_prefixrUidrUdoctitle_xformr‰Ustrip_elements_with_classesrNU _config_filesr]Ufile_insertion_enabledrˆU raw_enabledr KU dump_settingsr NubUsymbol_footnote_startr KUidsr }r (h+j#h2jˆh-jƒh.jIh0j]h>jDh/h–h@jìh5jñh4jh7j}jjh*j_h=jšj½j·h8j¨h3j’h6höh)jhAjSh1j•h9jxh,jNh