Re: [Geoserver-devel] proposal: Layer with Service Security

2015-02-10 Thread Niels Charlier
Hello Andrea, Your proposal is interesting. We are currently investigating. The concerns that have been raised though is whether the time frame of this work will fit it with the time frame of the client and what the implications are for my work planning. When do you estimate will geofence be

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-02-09 Thread Andrea Aime
Hi Niels, during the meeting we discussed a possible way out, that is, have GeoSolutions help with the GeoFence integration and thus share the load. The current main issue with GeoFence is that the user database is tightly integrated with the rules engine, making plugging it into GeoServer as a GW

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-02-03 Thread Phil Scadden
This is an interesting discussion as layer security is an issue with us. One fundamental issue for us is the question of whether a requester is from an IP within our organisation, or from outside. We prefer not to have user login and instead just look at IP. Internal applications use a java lib

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-02-03 Thread Niels Charlier
Hi Jody, That is fine by me. Unfortunately I can't make it to the meeting tonight if this is the time: http://www.timeanddate.com/worldclock/meetingdetails.html?year=2015&month=2&day=3&hour=17&min=30&sec=0&p1=256&p2=215&p3=101&p4=952 because I have to be somewhere else. I could if it was a few

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-02-02 Thread Jody Garnett
Niels are you available for the geoserver meeting tomorrow? I managed to catch up with the email thread. While I like the idea of extending the text-file approach (and you have been clever in figuring out a format) the result is quite confusing. I would also like to look at what is needed for Geo

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-28 Thread Niels Charlier
the reasoning is 1/ Redesigning security from start is an exercise that has already been done. Geofence is a more advanced and flexible security system. It would indeed make no sense to redesign the default security to bring it to the same level. 2/ The design is therefore not completely reverse

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-28 Thread Andrea Aime
On Wed, Jan 28, 2015 at 2:44 AM, Jody Garnett wrote: > Thanks for the context Andrea. > > So if I understand the proposal we are looking for a way to reverse that > design decision. > It looks that way, with the requirement that Niels added during the conversation (control services at the worksp

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-27 Thread Jody Garnett
Thanks for the context Andrea. So if I understand the proposal we are looking for a way to reverse that design decision. Another question, this proposal is focused on fine control service / layer accessibility. Do we have any interest in capturing control at the workspace level (assuming that the

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-24 Thread Niels Charlier
On 24-01-15 18:08, Andrea Aime wrote: On Sat, Jan 24, 2015 at 3:50 PM, Niels Charlier > wrote: I don't think it is reasonable to object against an advancement on the ground that users prefer simplicity of use above increased flexibility; if the flexibility is

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-24 Thread Andrea Aime
On Sat, Jan 24, 2015 at 3:50 PM, Niels Charlier wrote: > I don't think it is reasonable to object against an advancement on the > ground that users prefer simplicity of use above increased flexibility; if > the flexibility is entirely optional and the simpler and less flexible way > of doing thi

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-24 Thread Niels Charlier
On 24-01-15 15:17, Andrea Aime wrote: On Sat, Jan 24, 2015 at 1:51 PM, Niels Charlier > wrote: On 23-01-15 19:15, Andrea Aime wrote: Either that, or you'll end up having to expand all possibilities and maintain that expansion over time as layers

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-24 Thread Andrea Aime
On Sat, Jan 24, 2015 at 1:51 PM, Niels Charlier wrote: > On 23-01-15 19:15, Andrea Aime wrote: > >> Either that, or you'll end up having to expand all possibilities and >> maintain that expansion over time as layers >> get added removed, with catalogs that have hundreds of thousands of items >> i

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-24 Thread Niels Charlier
On 23-01-15 19:15, Andrea Aime wrote: > Either that, or you'll end up having to expand all possibilities and > maintain that expansion over time as layers > get added removed, with catalogs that have hundreds of thousands of > items it will simply become un-manageable, > meaning the security subs

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Andrea Aime
On Fri, Jan 23, 2015 at 7:07 PM, Niels Charlier wrote: > Well I just had the idea that there could be a shortcut for specifying > different rules for each layer in that workspace. > To avoid confusion, we could have a separate symbol for this wildcard. For > example: > > topp.%.wms.*.r= > > woul

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Niels Charlier
On 23-01-15 19:01, Andrea Aime wrote: On Fri, Jan 23, 2015 at 6:54 PM, Niels Charlier > wrote: On 23-01-15 14:21, Andrea Aime wrote: On Fri, Jan 23, 2015 at 2:11 PM, Niels Charlier mailto:ni...@scitus.be>> wrote: The proposal has now been changed. Please

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Andrea Aime
On Fri, Jan 23, 2015 at 6:54 PM, Niels Charlier wrote: > On 23-01-15 14:21, Andrea Aime wrote: > > On Fri, Jan 23, 2015 at 2:11 PM, Niels Charlier wrote: > >> The proposal has now been changed. Please re-read it and place your >> comments! >> > > And oh, also, I'd say it's important to clarif

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Niels Charlier
On 23-01-15 14:21, Andrea Aime wrote: On Fri, Jan 23, 2015 at 2:11 PM, Niels Charlier > wrote: The proposal has now been changed. Please re-read it and place your comments! And oh, also, I'd say it's important to clarify that a potentially common request, to ap

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Niels Charlier
I added it. On 23-01-15 15:50, Andrea Aime wrote: On Fri, Jan 23, 2015 at 3:47 PM, Niels Charlier > wrote: On 23-01-15 14:19, Andrea Aime wrote: Hi Niels, still does not say anything about UI security changes? Sorry, it sounds as if you are refe

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Niels Charlier
Hi Christian, I see the rules are encoded as string that is parsed by the same parser as the text files (correct if I am wrong?) so I should not be making your job any harder. Regards Niels On 23-01-15 16:11, Christian Mueller wrote: Hi Niels Is there a relationship to https://github.com/

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Christian Mueller
Hi Niels Is there a relationship to https://github.com/geoserver/geoserver/wiki/GSIP-120 I am still working on it. Christian On Fri, Jan 23, 2015 at 3:50 PM, Andrea Aime wrote: > On Fri, Jan 23, 2015 at 3:47 PM, Niels Charlier wrote: > >> On 23-01-15 14:19, Andrea Aime wrote: >> >>> Hi Niels

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Andrea Aime
On Fri, Jan 23, 2015 at 3:47 PM, Niels Charlier wrote: > On 23-01-15 14:19, Andrea Aime wrote: > >> Hi Niels, >> still does not say anything about UI security changes? >> >> Sorry, it sounds as if you are referring to something that was mentioned > before but I cannot find this. > If you mean th

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Niels Charlier
On 23-01-15 14:19, Andrea Aime wrote: > Hi Niels, > still does not say anything about UI security changes? > Sorry, it sounds as if you are referring to something that was mentioned before but I cannot find this. If you mean the geoserver admin UI, indeed it would have to be updated accordingly.

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Niels Charlier
done On 23-01-15 14:21, Andrea Aime wrote: On Fri, Jan 23, 2015 at 2:11 PM, Niels Charlier > wrote: The proposal has now been changed. Please re-read it and place your comments! And oh, also, I'd say it's important to clarify that a potentially common request,

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Andrea Aime
On Fri, Jan 23, 2015 at 2:11 PM, Niels Charlier wrote: > The proposal has now been changed. Please re-read it and place your > comments! > And oh, also, I'd say it's important to clarify that a potentially common request, to apply service specific rules on a per workspace basis, is going to be i

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Andrea Aime
Hi Niels, still does not say anything about UI security changes? Cheers Andrea On Fri, Jan 23, 2015 at 2:11 PM, Niels Charlier wrote: > The proposal has now been changed. Please re-read it and place your > comments! > > On 20-01-15 15:53, Niels Charlier wrote: > > Hello Group, > > > > There has

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Niels Charlier
The proposal has now been changed. Please re-read it and place your comments! On 20-01-15 15:53, Niels Charlier wrote: > Hello Group, > > There has been a request to allow a basic combination of layer and > service security in the integrated geoserver security subsystem. > I have made a proposal

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Niels Charlier
Hello Andrea, I completely agree with your counterproposal. It solves some practical problems for me and makes it easier to understand for users. My mistake was that I saw service security as something completely separate from r/w/a security, but it is not. I will modify the proposal. Thank

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-23 Thread Niels Charlier
Hello Simone, Some responses to your concerns. I agree that the term "third party" is not applicable any longer to geofence, so I will change the text to more appropriately mention geofence as a proper extension that can be used as alternative. I think geofence has a lot of value as a geoserve

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-22 Thread Andrea Aime
On Tue, Jan 20, 2015 at 3:53 PM, Niels Charlier wrote: > Hello Group, > > There has been a request to allow a basic combination of layer and > service security in the integrated geoserver security subsystem. > I have made a proposal to that end: > > > https://github.com/geoserver/geoserver/wiki/G

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-22 Thread Andrea Aime
On Wed, Jan 21, 2015 at 10:41 PM, Jody Garnett wrote: > > This is interesting Niels - it has been a trouble in each training course > I have done (communicating why security is split across service and layer). > As a curiosity, the implemention is done like this because of the requirements we got

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-21 Thread Jody Garnett
This is interesting Niels - it has been a trouble in each training course I have done (communicating why security is split across service and layer). I will read the proposal and get back to the list (I have been focused on the beta release). On Tue, Jan 20, 2015 at 6:53 AM, Niels Charlier wrote:

Re: [Geoserver-devel] proposal: Layer with Service Security

2015-01-21 Thread Simone Giannecchini
Ciao Niels, we discussed this a little bit and there is some feedback I would like to report fro me: - In the motivation section you mention "It is currently possible to accomplish this using a third party security subsystem". Well, we contributed GeoFence to the GeoServer codebase hence is not re