[OSGeo-Discuss] AJAX Trust and security
arnulf.christl at wheregroup.com
Sun Mar 11 16:20:13 PDT 2007
On Mon, March 12, 2007 00:11, Arnulf Christl wrote:
> On Sun, March 4, 2007 00:26, Cameron Shorter wrote:
>> You mention in this email thread that you are considering addressing
>> We want to provide a secure mechanism for AJAX clients to access Web
>> Services and I'm interested to know if you have already, or are
>> intending to address this issue.
>> We have written the problem statement here:
> thanks for the link, I am very interested in joining forces. I am on my
> way to FOSSGIS conference in Berlin so my time is somewhat limited and I
> am not paying enough attention.
...you find the code in the Mapbender repo:
it uses Apache redirectmatch to extract the hashed session id from the URL
and the German lang docs here (they wont translate by themselves, no
matter how often I ask them to):
> The solution we implemented is pretty straightforward and involves that
> all web service requests must be routed through one single server side
> script - the OWS proxy. So instead of getting the servcies from their
> respective remote locations they all have ot come through one policy
> enforcement point which has priorily verified the autheticity and
> authorization of the caller. First thing that the caller needs to do is
> log which creates a sessions-ID this session ID then becomes part of the
> Online resource URL - but before (ante) the request parameters. To
> non-secure clients this looks like a standard WMS call but actually the
> ase URL contains a dynamic section which is the session ID. Every call is
> verified against the user id that ceraed the session id, is it still
> valid, is the request authorized, etc. can obviously also be used for
> billing. Hope this makes sense, as I did not get around to translate the
> more detailed description from German to English.
> As I said, I will come back at this when FOSSGIS is over and life turns
> back normal.
> And then we will finally also start using the demo host at telascience
> which should makeit possible to connect ot LDAP so that anyone with an
> OSGeo account can secure theri service or access secured servcies. With
> OSGeo Single Sign On. Wanted to show that off at FOSS4G but what the heck
> lets do it now. :-)
> Best regards,
>> Arnulf Christl wrote:
>>> Bob Basques wrote:
>>>> The MOOSE project has been working with essentially the same
>>>> philosophy, with regards to normalizing the code into distinct
>>>> Chunks, which make the mixing and matching very easy. Integrating
>>>> services into it are very easy for example.
>>>> I think our coding style is very much aligned with other groups, more
>>>> actually than I thought a few weeks ago.
>>>> This is a very thought provoking conversation for me too. It's
>>>> getting me thinking about how to describe the MOOSE project a bit
>>>> better and describe it's strengths.
>>> Hi Bobb,
>>> just because it has not been mentioned yet, talking of diversity...
>>> The project Mapbender is a managed web mapping application framework -
>>> it is a server to create clients, think of a CMS for spatial data
>>> The scope of Mapbender is to manage hundreds of WMS layers and dozens
>>> of WFS-t features. Many spatial data infrastructures in European
>>> public administrations are managed (or "orchestrated" as OGC would
>>> say) with Mapbender. This includes building a Capabilities cache, auto
>>> update functionality for meta data, user and permission management,
>>> toolbars, digitizing functionality and all kinds of things you need
>>> for web mapping.
>>> The long term goal of Mapbedner development is to include or connect
>>> to other OSGeo projects like OpenLayers that will be the map "control"
>>> of Mapbender. Through OGC interfaces there already is a lot of
>>> meta-level interaction with MapServer, GeoServer, PostGIS - all at
>>> different levels of involvement with OSGeo. Mapbender will probably
>>> develop more in direction of security and management as that is
>>> something we are still missing completely in the OSGeo stack and OGC
>>> does not address it either (except from the limited DRM perspective).
>>> I checked the demo link you sent around. If those maps were published
>>> as a WMS service (maybe they are, have a link?) I could whip up a demo
>>> site within minutes so that you can have a look around. I guess we
>>> will be doing this kind of thing on a big scale at FOSS4G. Might be
>>> interesting for you to find out where MOOSE would fit in to
>>> potentially "fill a hole".
>>> Best regards, Arnulf.
>>>> **************** You can't be late until you show up.
>>>> ************ You never learn anything by doing it right.
>>>> *** War doesn't determine who's right. War determines who's left.
>>>> >>> Schuyler Erle <schuyler at nocat.net> wrote:
>>>> * On 1-Mar-2007 at 2:11AM PST, Cameron Shorter said:
>>>> > As Chris noted, Mapbuilder is in the process of merging OpenLayers
>>>> > its codebase. This involves throwing away a lot of our original
>>>> > but at the same time, makes Mapbuilder a more robust product
>>>> because we
>>>> > can focus on other areas.
>>>> And by that same token, we've tried very hard to make it possible to
>>>> separate out only the pieces of OpenLayers you want, and leave out the
>>>> parts you don't.
>>>> Discuss mailing list
>>>> Discuss at lists.osgeo.org
>>> Discuss mailing list
>>> Discuss at lists.osgeo.org
>> Cameron Shorter
>> Systems Architect, http://lisasoft.com.au
>> Tel: +61 (0)2 8570 5011
>> Mob: +61 (0)419 142 254
>> Discuss mailing list
>> Discuss at lists.osgeo.org
> Arnulf Christl
More information about the Discuss