On Mon, Oct 4, 2010 at 11:55 AM, <[email protected]> wrote: > Hi all, I have to write a Master Thesis for my study "Applied IT > Security" at the university of Bochum, Germany. > > I convinced my mentors to have a topic about security of geodata > infrastructures. The title will be something like > > "Building a secure GDI using Geoserver,Spring Security,SAML and GeoXACML" > > The thesis has 3 main parts. > > 1) Integration of Spring Security 3.0 into geoserver. This gives us > the possibility to offer a lot of authentication mechanisms including > customized plugins. > http://static.springsource.org/spring-security/site/docs/3.0.x/reference/introduction.html#what-is-acegi-security > There are also nice possibilities for access control like a new > expression syntax.
Sounds good (as long as, as you say, it does not break existing functionality :-p ) However I'm wondering, would this require an upgrade of the whole project to Spring 3? Did you assess what kind of changes would be needed to do that? > 2) Examine how to integrate the geoxacml community module as spring > access plugin into geoserver. Sounds good as well. Also see the work done by Lennart at: http://jira.codehaus.org/browse/GEOS-4049 http://jira.codehaus.org/browse/GEOS-4045 > 3) Take a deeper look into SAML ( "Single Sign On" would be a nice thing). Don't know much about this. The SSO I hear people talking about the most is CAS. > The first part has top priority. The existing file based access > control system should be refactored to fit into Spring 3.0. No user > action should be necessary. I do not want to break existing security > deployments. > > It is also possible to write the thesis in English. The idea is to > have about 60 pages as documentation, the rest of the work is > coding/integrating. Since I am not a native English speaker, is there > anybody who can read my thesis and correct my mistakes ? I can have a look if you give me some time so that I can fit it into empty spaces in the weekends, but I'm not a native speaker either. Some actual native speaker would be better: take my offer as a backup plan :-) Cheers Andrea ----------------------------------------------------- Ing. Andrea Aime Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584962313 fax: +39 0584962313 http://www.geo-solutions.it http://geo-solutions.blogspot.com/ http://www.linkedin.com/in/andreaaime http://twitter.com/geowolf ----------------------------------------------------- ------------------------------------------------------------------------------ Virtualization is moving to the mainstream and overtaking non-virtualized environment for deploying applications. Does it make network security easier or more difficult to achieve? Read this whitepaper to separate the two and get a better understanding. http://p.sf.net/sfu/hp-phase2-d2d _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
