Re: [Geoserver-devel] Security improvements

Hello Andrea, That actually seems to be what they are looking for, filter based security was another thing they are interested in. How would this plugin integrate with GeoWebCache? Cheers Niels On 14/06/13 10:44, Andrea Aime wrote: On Wed, Jun 12, 2013 at 11:49 PM, Niels Charlier

Re: [Geoserver-devel] Security improvements

On Fri, Jun 14, 2013 at 2:45 PM, Niels Charlier wrote: > Hello Andrea, > > That actually seems to be what they are looking for, filter based security > was another thing they are interested in. > > How would this plugin integrate with GeoWebCache? > It would not, the plugin just uses the GeoSer

Re: [Geoserver-devel] Security improvements

On Wed, Jun 12, 2013 at 11:49 PM, Niels Charlier wrote: > With all these things in mind, what do you think is the best approach > here. > How does everyone think of the idea of extending the current security > system with this feature ? Would such a proposal pass? Are there any other > concerns

Re: [Geoserver-devel] Security improvements

All right. Thanks for the advice. For now I'm trying to estimate what is needed for just the upgrades I mentioned earlier. The client is initially interested in having the ability to specify rules on layers with services combined. I don't think if changing the whole system first is an option he

Re: [Geoserver-devel] Security improvements

Two topics here :-) About access control. I worked with SUNs XACML implementation and it has a very good Java API. It is not necessary to bother about the XML stuff, the library does it behind the scenes. The only thing I wanted to point out is that if we add access control features we should disc

Re: [Geoserver-devel] Security improvements

On Wed, Jun 12, 2013 at 4:37 PM, Justin Deoliveira wrote: > I agree with Andrea that i would be weary of complexity here, even if we > do try to hide it from users. We took this approach with the authentication > changes and imo it is not all that user friendly compared to other systems > that off

Re: [Geoserver-devel] Security improvements

I agree with Andrea that i would be weary of complexity here, even if we do try to hide it from users. We took this approach with the authentication changes and imo it is not all that user friendly compared to other systems that offer similar authentication options. Unless you spend a lot of time

Re: [Geoserver-devel] Security improvements

The idea is to have an XACML engine for the developers, not for the users. The user never should configure XACML directly (I am not an enemy of my own). Christian 2013/6/12 Andrea Aime > On Wed, Jun 12, 2013 at 10:21 AM, Christian Mueller < > [email protected]> wrote: > >> Hi N

Re: [Geoserver-devel] Security improvements

On Wed, Jun 12, 2013 at 10:21 AM, Christian Mueller < [email protected]> wrote: > Hi Niels > > Beyond combining layer and services there are additional wishes & > requirements. A customer of me wants to restrict access to formats, e. g. > prohibit getMap requests using SVG. > > I w

Re: [Geoserver-devel] Security improvements

Hi Niels Beyond combining layer and services there are additional wishes & requirements. A customer of me wants to restrict access to formats, e. g. prohibit getMap requests using SVG. I would vote for a powerful access control engine like (GEO) XACML. Some years ago I did a summer of code projec

[Geoserver-devel] Security improvements

Hello everyone, I am currently having a look at what needs to happen to implement some additional features and improvements in the security system. The first thing is making rules that combine layers and services, which is now impossible. This seems like a pretty straight-forward improvement to