[Mapbender-dev] Re: [OSGeo-Discuss] AJAX Trust and security

Arnulf Christl arnulf.christl at wheregroup.com
Sun Mar 11 19:20:13 EDT 2007


On Mon, March 12, 2007 00:11, Arnulf Christl wrote:
>
> On Sun, March 4, 2007 00:26, Cameron Shorter wrote:
>> Arnulf,
>> You mention in this email thread that you are considering addressing
>> security.
>> We want to provide a secure mechanism for AJAX clients to access Web
>> Services and I'm interested to know if you have already, or are
>> intending to address this issue.
>> We have written the problem statement here:
>> http://tools.assembla.com/ajaxtrust
>
> Hi,
> thanks for the link, I am very interested in joining forces. I am on my
> way to FOSSGIS conference in Berlin so my time is somewhat limited and I
> am not paying enough attention.

...you find the code in the Mapbender repo:
http://trac.osgeo.org/mapbender/browser/trunk/mapbender/owsproxy/http
it uses Apache redirectmatch to extract the hashed session id from the URL
path:
http://www.mapbender.org/index.php/Owsproxy#Apache_Konfiguration

and the German lang docs here (they wont translate by themselves, no
matter how often I ask them to):
http://www.mapbender.org/index.php/Mapbender_Security_Proxy
http://www.mapbender.org/index.php/Owsproxy

Best regards,

> The solution we implemented is pretty straightforward and involves that
> all web service requests must be routed through one single server side
> script - the OWS proxy. So instead of getting the servcies from their
> respective remote locations they all have ot come through one policy
> enforcement point which has priorily verified the autheticity and
> authorization of the caller. First thing that the caller needs to do is
> log which creates a sessions-ID this session ID then becomes part of the
> Online resource URL - but before (ante) the request parameters. To
> non-secure clients this looks like a standard WMS call but actually the
> ase URL contains a dynamic section which is the session ID. Every call is
> verified against the user id that ceraed the session id, is it still
> valid, is the request authorized, etc. can obviously also be used for
> billing. Hope this makes sense, as I did not get around to translate the
> more detailed description from German to English.
>
> As I said, I will come back at this when FOSSGIS is over and life turns
> back normal.
>
> And then we will finally also start using the demo host at telascience
> which should makeit possible to connect ot LDAP so that anyone with an
> OSGeo account can secure theri service or access secured servcies. With
> OSGeo Single Sign On. Wanted to show that off at FOSS4G but what the heck
> lets do it now. :-)
>
> Best regards,
> Arnulf.
>
>> Arnulf Christl wrote:
>>> Bob Basques wrote:
>>>> All,
>>>>
>>>>
>>>> The MOOSE project has been working with essentially the same
>>>> philosophy, with regards to normalizing the code into distinct
>>>> Chunks, which make the mixing and matching very easy.  Integrating
>>>> services into it are very easy for example.
>>>>
>>>> I think our coding style is very much aligned with other groups, more
>>>> actually than I thought a few weeks ago.
>>>>
>>>> This is a very thought provoking conversation for me too.  It's
>>>> getting me thinking about how to describe the MOOSE project a bit
>>>> better and describe it's strengths.
>>>>
>>>> bobb
>>>
>>> Hi Bobb,
>>> just because it has not been mentioned yet, talking of diversity...
>>> The project Mapbender is a managed web mapping application framework -
>>> it is a server to create clients, think of a CMS for spatial data
>>> services.
>>> The scope of Mapbender is to manage hundreds of WMS layers and dozens
>>> of WFS-t features. Many spatial data infrastructures in European
>>> public administrations are managed (or "orchestrated" as OGC would
>>> say) with Mapbender. This includes building a Capabilities cache, auto
>>> update functionality for meta data, user and permission management,
>>> toolbars, digitizing functionality and all kinds of things you need
>>> for web mapping.
>>> The long term goal of Mapbedner development is to include or connect
>>> to other OSGeo projects like OpenLayers that will be the map "control"
>>> of Mapbender. Through OGC interfaces there already is a lot of
>>> meta-level interaction with MapServer, GeoServer, PostGIS - all at
>>> different levels of involvement with OSGeo. Mapbender will probably
>>> develop more in direction of security and management as that is
>>> something we are still missing completely in the OSGeo stack and OGC
>>> does not address it either (except from the limited DRM perspective).
>>> I checked the demo link you sent around. If those maps were published
>>> as a WMS service (maybe they are, have a link?) I could whip up a demo
>>> site within minutes so that you can have a look around. I guess we
>>> will be doing this kind of thing on a big scale at FOSS4G. Might be
>>> interesting for you to find out where MOOSE would fit in to
>>> potentially "fill a hole".
>>> http://wiki.osgeo.org/index.php/FOSS4G2007_IntegrationShowcase
>>>
>>> Best regards, Arnulf.
>>>> ****************  You can't be late until you show up.
>>>> ***************
>>>> ************  You never learn anything by doing it right.
>>>> ************
>>>> ***  War doesn't determine who's right. War determines who's left.
>>>> ***
>>>>
>>>>  >>> Schuyler Erle <schuyler at nocat.net> wrote:
>>>> * On  1-Mar-2007 at  2:11AM PST, Cameron Shorter said:
>>>>  >
>>>>  > As Chris noted, Mapbuilder is in the process of merging OpenLayers
>>>> into
>>>>  > its codebase. This involves throwing away a lot of our original
>>>> code,
>>>>  > but at the same time, makes Mapbuilder a more robust product
>>>> because we
>>>>  > can focus on other areas.
>>>>
>>>> And by that same token, we've tried very hard to make it possible to
>>>> separate out only the pieces of OpenLayers you want, and leave out the
>>>> parts you don't.
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Discuss mailing list
>>>> Discuss at lists.osgeo.org
>>>> http://lists.osgeo.org/mailman/listinfo/discuss
>>>
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/discuss
>>>
>>
>>
>> --
>> Cameron Shorter
>> Systems Architect, http://lisasoft.com.au
>> Tel: +61 (0)2 8570 5011
>> Mob: +61 (0)419 142 254
>>
>> _______________________________________________
>> Discuss mailing list
>> Discuss at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/discuss
>>
>
>
> --
> Arnulf Christl
> http://www.wheregroup.com
>


-- 
Arnulf Christl
http://www.wheregroup.com



More information about the Mapbender_dev mailing list