Andrea Aime wrote: > Christian Müller ha scritto: >> Hmmm, because of my work of implementing and integrating GeoXACML into >> geoserver, I had to dig into the spring security concept and >> how geoserver uses it. >> >> Your proposal here is about authentication (which has nothing to do with >> GeoXACML) and is handled in the user properties file. >> This file is also the base for role assignment. I feel not comfortable by >> offering a possibility that anybody can get an account. And if we offer this >> possibility, it will not be easy to revoke it later. > > I think you and Chris are seeing GeoServer from two very different > perspectives, both valid. > > You see GS as a tool in a closed organisation where someone manages > the full access to the server in a centralized way. > > Chris sees is as a collaboration tool the same way a wiki or a CMS > platform is. In both the ability to register and get a set of rights > is very important, none of these platforms would manage to live long > if everybody needing access had to go and ask permissions to some > admin. > > I don't agree that offering this possibility will make it hard > to revoke later thought. We just need to make it a configuration > so that the administrator can turn it on and off. > > As for having groups between users and roles, yeah, I agree it's > a good idea. When the user management was first created we had > very minimal needs and even shorter time allowed for a > container independent implementation. > > However, for the future I would like to make things pluggable > also on the authentication front, which will open possibilities > to other ways of managing users. >
+1, I think you hit the nail on the head Andrea. I certainly don't want to say that anyone will always be able to sign up for an account. It should definitely be an option the admin controls. Making things pluggable on the authentication front is key, and indeed we're likely going to write some code at some point in the future that manages users in Django, but has GeoServer use those same roles. So new users will sign up through Django. Perhaps those types of use will be the dominant use case. But as I see things right now it seems like it be nice if GeoServer helped out and had a default for people who don't want to muck with other systems. But I agree the big potential for our security system is to integrate in all kinds of different ways with other systems. And I think the GeoXACML stuff is great, and that it should perhaps migrate to be the default way of doing things. And +1 on user groups. Chris > Cheers > Andrea > > -- Chris Holmes OpenGeo - http://opengeo.org Expert service straight from the developers. ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
