[OSGeo-Discuss] AJAX Trust and security
Arnulf Christl
arnulf.christl at wheregroup.com
Sun Mar 11 16:11:27 PDT 2007
On Sun, March 4, 2007 00:26, Cameron Shorter wrote:
> Arnulf,
> You mention in this email thread that you are considering addressing
> security.
> We want to provide a secure mechanism for AJAX clients to access Web
> Services and I'm interested to know if you have already, or are
> intending to address this issue.
> We have written the problem statement here:
> http://tools.assembla.com/ajaxtrust
Hi,
thanks for the link, I am very interested in joining forces. I am on my
way to FOSSGIS conference in Berlin so my time is somewhat limited and I
am not paying enough attention.
The solution we implemented is pretty straightforward and involves that
all web service requests must be routed through one single server side
script - the OWS proxy. So instead of getting the servcies from their
respective remote locations they all have ot come through one policy
enforcement point which has priorily verified the autheticity and
authorization of the caller. First thing that the caller needs to do is
log which creates a sessions-ID this session ID then becomes part of the
Online resource URL - but before (ante) the request parameters. To
non-secure clients this looks like a standard WMS call but actually the
ase URL contains a dynamic section which is the session ID. Every call is
verified against the user id that ceraed the session id, is it still
valid, is the request authorized, etc. can obviously also be used for
billing. Hope this makes sense, as I did not get around to translate the
more detailed description from German to English.
As I said, I will come back at this when FOSSGIS is over and life turns
back normal.
And then we will finally also start using the demo host at telascience
which should makeit possible to connect ot LDAP so that anyone with an
OSGeo account can secure theri service or access secured servcies. With
OSGeo Single Sign On. Wanted to show that off at FOSS4G but what the heck
lets do it now. :-)
Best regards,
Arnulf.
> Arnulf Christl wrote:
>> Bob Basques wrote:
>>> All,
>>>
>>>
>>> The MOOSE project has been working with essentially the same
>>> philosophy, with regards to normalizing the code into distinct
>>> Chunks, which make the mixing and matching very easy. Integrating
>>> services into it are very easy for example.
>>>
>>> I think our coding style is very much aligned with other groups, more
>>> actually than I thought a few weeks ago.
>>>
>>> This is a very thought provoking conversation for me too. It's
>>> getting me thinking about how to describe the MOOSE project a bit
>>> better and describe it's strengths.
>>>
>>> bobb
>>
>> Hi Bobb,
>> just because it has not been mentioned yet, talking of diversity...
>> The project Mapbender is a managed web mapping application framework -
>> it is a server to create clients, think of a CMS for spatial data
>> services.
>> The scope of Mapbender is to manage hundreds of WMS layers and dozens
>> of WFS-t features. Many spatial data infrastructures in European
>> public administrations are managed (or "orchestrated" as OGC would
>> say) with Mapbender. This includes building a Capabilities cache, auto
>> update functionality for meta data, user and permission management,
>> toolbars, digitizing functionality and all kinds of things you need
>> for web mapping.
>> The long term goal of Mapbedner development is to include or connect
>> to other OSGeo projects like OpenLayers that will be the map "control"
>> of Mapbender. Through OGC interfaces there already is a lot of
>> meta-level interaction with MapServer, GeoServer, PostGIS - all at
>> different levels of involvement with OSGeo. Mapbender will probably
>> develop more in direction of security and management as that is
>> something we are still missing completely in the OSGeo stack and OGC
>> does not address it either (except from the limited DRM perspective).
>> I checked the demo link you sent around. If those maps were published
>> as a WMS service (maybe they are, have a link?) I could whip up a demo
>> site within minutes so that you can have a look around. I guess we
>> will be doing this kind of thing on a big scale at FOSS4G. Might be
>> interesting for you to find out where MOOSE would fit in to
>> potentially "fill a hole".
>> http://wiki.osgeo.org/index.php/FOSS4G2007_IntegrationShowcase
>>
>> Best regards, Arnulf.
>>> **************** You can't be late until you show up. ***************
>>> ************ You never learn anything by doing it right. ************
>>> *** War doesn't determine who's right. War determines who's left. ***
>>>
>>> >>> Schuyler Erle <schuyler at nocat.net> wrote:
>>> * On 1-Mar-2007 at 2:11AM PST, Cameron Shorter said:
>>> >
>>> > As Chris noted, Mapbuilder is in the process of merging OpenLayers
>>> into
>>> > its codebase. This involves throwing away a lot of our original
>>> code,
>>> > but at the same time, makes Mapbuilder a more robust product
>>> because we
>>> > can focus on other areas.
>>>
>>> And by that same token, we've tried very hard to make it possible to
>>> separate out only the pieces of OpenLayers you want, and leave out the
>>> parts you don't.
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/discuss
>>
>> _______________________________________________
>> Discuss mailing list
>> Discuss at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/discuss
>>
>
>
> --
> Cameron Shorter
> Systems Architect, http://lisasoft.com.au
> Tel: +61 (0)2 8570 5011
> Mob: +61 (0)419 142 254
>
> _______________________________________________
> Discuss mailing list
> Discuss at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/discuss
>
--
Arnulf Christl
http://www.wheregroup.com
More information about the Discuss
mailing list