Lennart Jütte ha scritto: > Hi Michale, > > have a look at http://jira.codehaus.org/browse/GEOS-4049 > > The patches are based on Christian's code and allow you to enable > XACML in GeoServer. I used a slightly different approach, but it's > quite easy to disable my changes and re-enable Christian's code. > > I can't give you a lot support right now. I'm wrapping up my diploma > thesis until August 31, then vacation and a new job after that. Send > an email (CC to the list) if you need help, but i can't promise i'll > have the time to answer in detail.
The integration of GeoXACML will require time and effort. The various GEOXACML efforts are not pluggable, and until they become something we can swap in/out it's almost certain they won't get into any GeoServer release. GEOXACML configuration is flexible, but extremely complex, and none of the efforts provides a GUI (so, so far it goes squarely against the GS ideal of being easy to use, or at least easier to use than other open source alternatives). Long story short, it cannot be the one and only authorization subsystem for GeoServer (besides, we already have people using the current DataAccessManager plugin to enforce their own custom security, pluggability is good for integration in larger systems) Lennart effort is a single handed one that had no community review, there has been no official proposal. I have had no time to look into it (and I'm not sure if/when I'll have time) but it looks like the effort is geared towards making Geoxacml the new, one and only security subsystem for GS (please correct me if I'm wrong). If so, that is not acceptable. So the way to move forward is to look into how to make the authorization subsystem pluggable enough to allow GEOXACML to work as a plugin, then make a formal proposal for that along with a patch that creates the necessary plugin system. Once that is ready we can have a GEOXCAML community module that starts building in nightly builds, and if there is enough interest and a stable maintainer, it will make its way into the released extensions. From how things look now all the above effort will be on the shoulders of whoever wants to have a working GEOXACML plugin into a release: it's not something I can look over in my spare time (too big of a set of changes) and I've seen no sponsoring in that direction (making the security system more pluggable would be nice, but it's no piece of cake, and I'm already dedicating all my spare time to WPS). Cheers Andrea -- Andrea Aime OpenGeo - http://opengeo.org Expert service straight from the developers. ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
