On Wed, Jun 12, 2013 at 10:21 AM, Christian Mueller <
[email protected]> wrote:
> Hi Niels
>
> Beyond combining layer and services there are additional wishes &
> requirements. A customer of me wants to restrict access to formats, e. g.
> prohibit getMap requests using SVG.
>
> I would vote for a powerful access control engine like (GEO) XACML. Some
> years ago I did a summer of code project mentored by Andrea concerning
> GEOXACML integration but due to lack of time, we did not finish. (The code
> is still a community module).
>
> XACML is quite powerful and it is a standard. As a first step, I would
> prefer to switch from our property files to one XACML file without changing
> the current functionality. After this, we could enhance access control.
>
While I'm not opposed to XACML per se, I'm rather worried about it's
complexity, a 3 lines property file equates to 100-200 loc of XACML, so any
movement in that direction should be followed by a proper GUI development
hiding the XACML complexity to the user, otherwise we'll end up with a
situation similar to app-schema, powerful but people often just end up
pulling hairs and looking for alternatives because they cannot get its
configuration right.
Cheers
Andrea
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
