Hi Niels
Beyond combining layer and services there are additional wishes &
requirements. A customer of me wants to restrict access to formats, e. g.
prohibit getMap requests using SVG.
I would vote for a powerful access control engine like (GEO) XACML. Some
years ago I did a summer of code project mentored by Andrea concerning
GEOXACML integration but due to lack of time, we did not finish. (The code
is still a community module).
XACML is quite powerful and it is a standard. As a first step, I would
prefer to switch from our property files to one XACML file without changing
the current functionality. After this, we could enhance access control.
Anyways, this is quite an effort and I hope to find somebody funding this
work.
Cheers
Christian
2013/6/11 Niels Charlier <[email protected]>
> Hello everyone,
>
> I am currently having a look at what needs to happen to implement some
> additional features and improvements in the security system.
>
> The first thing is making rules that combine layers and services, which
> is now impossible.
> This seems like a pretty straight-forward improvement to me, but it will
> require quite some changes in the main module. A discussion with the
> people involved is going to be necessary. I was wondering though if
> there are any unexpected issues or loopholes about this I should be
> aware of? Perhaps a reason why people chose not to implement it earlier?
>
> The other thing is that apparently there is a security leak through the
> GeoWebCache. An integration of geoserver security with GWC is needed.
> There is already a JIRA issue about this:
> http://jira.codehaus.org/browse/GEOS-4217
> It seems that people might have worked on this already or looked in to
> it in the past, so I would like to get in touch with these people, or
> any other people who need to be involved, if possible.
>
> Kind Regards
> Niels
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
