Hydra was designed from the word “go” to provide multiple levels of security. Using its security features, content can be open to the world or restricted to a very few people (or even none) – and all stages in between. Not only is the content secured in this way, but Hydra provides “gated” discovery – which is to say that users searching the system will never see items that they would not, ultimately, be allowed to access.
Each digital object within Hydra has an attached rights declaration in metadata. Within this block there is a section intended to be human-readable and another intended to be machine-actionable. The machine sections lay out who (individual or group) is allowed to discover (see the metadata but not download), read (see the metadata and download) or edit the item. Other fields exist to cover such situations as embargo period and developers could extend the range of functionality. This rights information is indexed by Solr and thus allows gated discovery. Hydra users have developed a number of different strategies for determining what appropriate rights should be attached when a new digital object is created.
Hydra’s authentication has been successfully integrated with local LDAP, CAS and Shibboleth systems in production environments.