On Mon, March 12, 2007 00:11, Arnulf Christl wrote: > > On Sun, March 4, 2007 00:26, Cameron Shorter wrote: >> Arnulf, >> You mention in this email thread that you are considering addressing >> security. >> We want to provide a secure mechanism for AJAX clients to access Web >> Services and I'm interested to know if you have already, or are >> intending to address this issue. >> We have written the problem statement here: >> http://tools.assembla.com/ajaxtrust > > Hi, > thanks for the link, I am very interested in joining forces. I am on my > way to FOSSGIS conference in Berlin so my time is somewhat limited and I > am not paying enough attention.
...you find the code in the Mapbender repo: http://trac.osgeo.org/mapbender/browser/trunk/mapbender/owsproxy/http it uses Apache redirectmatch to extract the hashed session id from the URL path: http://www.mapbender.org/index.php/Owsproxy#Apache_Konfiguration and the German lang docs here (they wont translate by themselves, no matter how often I ask them to): http://www.mapbender.org/index.php/Mapbender_Security_Proxy http://www.mapbender.org/index.php/Owsproxy Best regards, > The solution we implemented is pretty straightforward and involves that > all web service requests must be routed through one single server side > script - the OWS proxy. So instead of getting the servcies from their > respective remote locations they all have ot come through one policy > enforcement point which has priorily verified the autheticity and > authorization of the caller. First thing that the caller needs to do is > log which creates a sessions-ID this session ID then becomes part of the > Online resource URL - but before (ante) the request parameters. To > non-secure clients this looks like a standard WMS call but actually the > ase URL contains a dynamic section which is the session ID. Every call is > verified against the user id that ceraed the session id, is it still > valid, is the request authorized, etc. can obviously also be used for > billing. Hope this makes sense, as I did not get around to translate the > more detailed description from German to English. > > As I said, I will come back at this when FOSSGIS is over and life turns > back normal. > > And then we will finally also start using the demo host at telascience > which should makeit possible to connect ot LDAP so that anyone with an > OSGeo account can secure theri service or access secured servcies. With > OSGeo Single Sign On. Wanted to show that off at FOSS4G but what the heck > lets do it now. :-) > > Best regards, > Arnulf. > >> Arnulf Christl wrote: >>> Bob Basques wrote: >>>> All, >>>> >>>> >>>> The MOOSE project has been working with essentially the same >>>> philosophy, with regards to normalizing the code into distinct >>>> Chunks, which make the mixing and matching very easy. Integrating >>>> services into it are very easy for example. >>>> >>>> I think our coding style is very much aligned with other groups, more >>>> actually than I thought a few weeks ago. >>>> >>>> This is a very thought provoking conversation for me too. It's >>>> getting me thinking about how to describe the MOOSE project a bit >>>> better and describe it's strengths. >>>> >>>> bobb >>> >>> Hi Bobb, >>> just because it has not been mentioned yet, talking of diversity... >>> The project Mapbender is a managed web mapping application framework - >>> it is a server to create clients, think of a CMS for spatial data >>> services. >>> The scope of Mapbender is to manage hundreds of WMS layers and dozens >>> of WFS-t features. Many spatial data infrastructures in European >>> public administrations are managed (or "orchestrated" as OGC would >>> say) with Mapbender. This includes building a Capabilities cache, auto >>> update functionality for meta data, user and permission management, >>> toolbars, digitizing functionality and all kinds of things you need >>> for web mapping. >>> The long term goal of Mapbedner development is to include or connect >>> to other OSGeo projects like OpenLayers that will be the map "control" >>> of Mapbender. Through OGC interfaces there already is a lot of >>> meta-level interaction with MapServer, GeoServer, PostGIS - all at >>> different levels of involvement with OSGeo. Mapbender will probably >>> develop more in direction of security and management as that is >>> something we are still missing completely in the OSGeo stack and OGC >>> does not address it either (except from the limited DRM perspective). >>> I checked the demo link you sent around. If those maps were published >>> as a WMS service (maybe they are, have a link?) I could whip up a demo >>> site within minutes so that you can have a look around. I guess we >>> will be doing this kind of thing on a big scale at FOSS4G. Might be >>> interesting for you to find out where MOOSE would fit in to >>> potentially "fill a hole". >>> http://wiki.osgeo.org/index.php/FOSS4G2007_IntegrationShowcase >>> >>> Best regards, Arnulf. >>>> **************** You can't be late until you show up. >>>> *************** >>>> ************ You never learn anything by doing it right. >>>> ************ >>>> *** War doesn't determine who's right. War determines who's left. >>>> *** >>>> >>>> >>> Schuyler Erle <[EMAIL PROTECTED]> wrote: >>>> * On 1-Mar-2007 at 2:11AM PST, Cameron Shorter said: >>>> > >>>> > As Chris noted, Mapbuilder is in the process of merging OpenLayers >>>> into >>>> > its codebase. This involves throwing away a lot of our original >>>> code, >>>> > but at the same time, makes Mapbuilder a more robust product >>>> because we >>>> > can focus on other areas. >>>> >>>> And by that same token, we've tried very hard to make it possible to >>>> separate out only the pieces of OpenLayers you want, and leave out the >>>> parts you don't. >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> Discuss mailing list >>>> [email protected] >>>> http://lists.osgeo.org/mailman/listinfo/discuss >>> >>> _______________________________________________ >>> Discuss mailing list >>> [email protected] >>> http://lists.osgeo.org/mailman/listinfo/discuss >>> >> >> >> -- >> Cameron Shorter >> Systems Architect, http://lisasoft.com.au >> Tel: +61 (0)2 8570 5011 >> Mob: +61 (0)419 142 254 >> >> _______________________________________________ >> Discuss mailing list >> [email protected] >> http://lists.osgeo.org/mailman/listinfo/discuss >> > > > -- > Arnulf Christl > http://www.wheregroup.com > -- Arnulf Christl http://www.wheregroup.com _______________________________________________ Discuss mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/discuss
