Renamed the tests, anything works fine.
Btw, I included also the offical XACML test set, but disabled the tests. I
will only need them if have to fix something in suns xacml implementation.
-----------
Of course I looked at gt-xsd module, but I decided to do an own
implementation, studying the code from Justin to avoid errors. The reasons
are
1) I only need a subset of gml2 and gml3 (only geometries)
2) The GeoXACML specifications says that within a policy, one SHOULD decide
between GML2 or GML2.
I implemented an approach looking into the GML DOM and decide on the fly
which GML version to use.
3) I solved the LAT/LON problem of the CRS definitions with
CRS.decode("..",true) for any needed CRS
(I asked today on the mailing list). At the moment, all GML coords within a
policy have to be LON/LAT,
perhaps I think about a possibility to allow LAT/LON, which should be
possible. The "crs" Method of the GML2Util class uses CRS.decode("...").
----------
Yes, point 3 on the wiki page is about the PEPs, and I left it open where
and how to integrate them into GeoServer.
That is a decision for the core geoserver developers.
The java code is easy as you can see here
http://sunxacml.sourceforge.net/guide.html#using-pep
---------------------------------------
I took a quick look at the policy editor. This is an universal editor which
is driven bei the xml schema.
But you have to fill in the attribute Values for yourself and that is a
challenge.
The data type attribute for a geometry is
"urn:ogc:def:dataType:geoxacml:1.0:geometry", the functionid attribute for
the "area" is "urn:ogc:def:function:geoxacml:1.0:geometry-area". No user
will do that.
XACML functions are typed like in java, so the starting point of a Condition
element can only be a function which returns a boolean. Based on the type
system, the names of possible functions and the xml schema, one could build
a comfortable wizzard. A Web based editor in geoserver would be the best,
but that is a not a small project.
I am not really good in designing web pages, I simple do not like it. But I
could implement the base functionality.
----------------------------------------
The next logical step would be
1) Implement a PolicFinderModule for GeoServer. I need some place in the
GEOSERVER_DATA_DIR. Give me a directory.
I will open a second module "web-geoxacml", the geoxacml module should be
moved to geotools
2) Trying to have the same functionality as
http://geoserver.org/display/GEOSDOC/2.6+Security+subsystem
I have to implement the XACML RBAC to support roles (including
hierarchies), and we must implement a PEP.
------------------------------------------
So far, I invested 4 weeks. At the moment I am working on my master thesis
"Securing spatial data with GeoXACML in a J2ee container" and I want to get
finished with my study. That is the reason for the GeoXACML boost.
christian
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
