Christian Müller ha scritto: > Hmmm, because of my work of implementing and integrating GeoXACML into > geoserver, I had to dig into the spring security concept and > how geoserver uses it. > > Your proposal here is about authentication (which has nothing to do with > GeoXACML) and is handled in the user properties file. > This file is also the base for role assignment. I feel not comfortable by > offering a possibility that anybody can get an account. And if we offer this > possibility, it will not be easy to revoke it later.
I think you and Chris are seeing GeoServer from two very different perspectives, both valid. You see GS as a tool in a closed organisation where someone manages the full access to the server in a centralized way. Chris sees is as a collaboration tool the same way a wiki or a CMS platform is. In both the ability to register and get a set of rights is very important, none of these platforms would manage to live long if everybody needing access had to go and ask permissions to some admin. I don't agree that offering this possibility will make it hard to revoke later thought. We just need to make it a configuration so that the administrator can turn it on and off. As for having groups between users and roles, yeah, I agree it's a good idea. When the user management was first created we had very minimal needs and even shorter time allowed for a container independent implementation. However, for the future I would like to make things pluggable also on the authentication front, which will open possibilities to other ways of managing users. Cheers Andrea -- Andrea Aime OpenGeo - http://opengeo.org Expert service straight from the developers. ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
