Over the last two months I've been engaged in an effort to rewrite the CollectionSpace user interface. As described in an earlier article on the rewrite, this code underlies the visible part of CollectionSpace, with which its customers directly interact when acquiring, cataloging, and moving objects, making loans, assessing object conditions, and performing other activities in support of their museums’ day-to-day business.. While this project is primarily focused on the front-end application that runs in web browsers, a significant amount of work was required on the back-end services as well.
This back-end work is now largely complete, and detailed in a post I wrote for the CollectionSpace blog. These new features have been added:
- Collections data may now be retrieved as JSON, a data interchange format commonly used to deliver data to applications running in web browsers. Previously the back-end could not produce JSON output, so a separate server-side application was required to intercept and translate communications between the back-end and the UI. It is now possible to remove this intermediate layer, making the system leaner and more reliable.
- The back-end now grants and accepts authorization tokens using the OAuth 2 protocol, which brings it in line with a widely-used standard for performing authorization on the web. This improves the security of the system. Once a user’s password is exchanged for an access token, subsequent requests are authorized with the token, not the password. An access token expires automatically after a short time, which mitigates the risk if one is stolen or accidentally exposed.
- Cross-domain requests are now supported by the back-end, so a front-end application may be hosted on a server in a different domain than the CollectionSpace server it accesses. This provides additional flexibility in how we deploy CollectionSpace. For example, a museum might choose to customize the CollectionSpace UI and deliver the customized application from their own servers, while Research IT continues to host the CollectionSpace back-end servers. Or, a museum may write their own applications using CollectionSpace data, without needing to coordinate with RIT to host those applications on our servers.
These new features set the stage for the new CollectionSpace UI, which may now be built on a simpler, more secure, and more flexible back-end.