[Mapbender-dev] Re: [OSGeo-Discuss] AJAX Trust and security
Christoph Baudson (WhereGroup)
christoph.baudson at wheregroup.com
Mon Mar 12 04:14:50 EDT 2007
I thought OpenLayers was already doing this.
http://trac.openlayers.org/wiki/FrequentlyAskedQuestions#ProxyHost
But I may have missed the point.
Arnulf Christl schrieb:
> On Mon, March 12, 2007 00:11, Arnulf Christl wrote:
>> On Sun, March 4, 2007 00:26, Cameron Shorter wrote:
>>> Arnulf,
>>> You mention in this email thread that you are considering addressing
>>> security.
>>> We want to provide a secure mechanism for AJAX clients to access Web
>>> Services and I'm interested to know if you have already, or are
>>> intending to address this issue.
>>> We have written the problem statement here:
>>> http://tools.assembla.com/ajaxtrust
>> Hi,
>> thanks for the link, I am very interested in joining forces. I am on my
>> way to FOSSGIS conference in Berlin so my time is somewhat limited and I
>> am not paying enough attention.
>
> ...you find the code in the Mapbender repo:
> http://trac.osgeo.org/mapbender/browser/trunk/mapbender/owsproxy/http
> it uses Apache redirectmatch to extract the hashed session id from the URL
> path:
> http://www.mapbender.org/index.php/Owsproxy#Apache_Konfiguration
>
> and the German lang docs here (they wont translate by themselves, no
> matter how often I ask them to):
> http://www.mapbender.org/index.php/Mapbender_Security_Proxy
> http://www.mapbender.org/index.php/Owsproxy
>
> Best regards,
>
>> The solution we implemented is pretty straightforward and involves that
>> all web service requests must be routed through one single server side
>> script - the OWS proxy. So instead of getting the servcies from their
>> respective remote locations they all have ot come through one policy
>> enforcement point which has priorily verified the autheticity and
>> authorization of the caller. First thing that the caller needs to do is
>> log which creates a sessions-ID this session ID then becomes part of the
>> Online resource URL - but before (ante) the request parameters. To
>> non-secure clients this looks like a standard WMS call but actually the
>> ase URL contains a dynamic section which is the session ID. Every call is
>> verified against the user id that ceraed the session id, is it still
>> valid, is the request authorized, etc. can obviously also be used for
>> billing. Hope this makes sense, as I did not get around to translate the
>> more detailed description from German to English.
>>
>> As I said, I will come back at this when FOSSGIS is over and life turns
>> back normal.
>>
>> And then we will finally also start using the demo host at telascience
>> which should makeit possible to connect ot LDAP so that anyone with an
>> OSGeo account can secure theri service or access secured servcies. With
>> OSGeo Single Sign On. Wanted to show that off at FOSS4G but what the heck
>> lets do it now. :-)
>>
>> Best regards,
>> Arnulf.
>>
>>> Arnulf Christl wrote:
>>>> Bob Basques wrote:
>>>>> All,
>>>>>
>>>>>
>>>>> The MOOSE project has been working with essentially the same
>>>>> philosophy, with regards to normalizing the code into distinct
>>>>> Chunks, which make the mixing and matching very easy. Integrating
>>>>> services into it are very easy for example.
>>>>>
>>>>> I think our coding style is very much aligned with other groups, more
>>>>> actually than I thought a few weeks ago.
>>>>>
>>>>> This is a very thought provoking conversation for me too. It's
>>>>> getting me thinking about how to describe the MOOSE project a bit
>>>>> better and describe it's strengths.
>>>>>
>>>>> bobb
>>>> Hi Bobb,
>>>> just because it has not been mentioned yet, talking of diversity...
>>>> The project Mapbender is a managed web mapping application framework -
>>>> it is a server to create clients, think of a CMS for spatial data
>>>> services.
>>>> The scope of Mapbender is to manage hundreds of WMS layers and dozens
>>>> of WFS-t features. Many spatial data infrastructures in European
>>>> public administrations are managed (or "orchestrated" as OGC would
>>>> say) with Mapbender. This includes building a Capabilities cache, auto
>>>> update functionality for meta data, user and permission management,
>>>> toolbars, digitizing functionality and all kinds of things you need
>>>> for web mapping.
>>>> The long term goal of Mapbedner development is to include or connect
>>>> to other OSGeo projects like OpenLayers that will be the map "control"
>>>> of Mapbender. Through OGC interfaces there already is a lot of
>>>> meta-level interaction with MapServer, GeoServer, PostGIS - all at
>>>> different levels of involvement with OSGeo. Mapbender will probably
>>>> develop more in direction of security and management as that is
>>>> something we are still missing completely in the OSGeo stack and OGC
>>>> does not address it either (except from the limited DRM perspective).
>>>> I checked the demo link you sent around. If those maps were published
>>>> as a WMS service (maybe they are, have a link?) I could whip up a demo
>>>> site within minutes so that you can have a look around. I guess we
>>>> will be doing this kind of thing on a big scale at FOSS4G. Might be
>>>> interesting for you to find out where MOOSE would fit in to
>>>> potentially "fill a hole".
>>>> http://wiki.osgeo.org/index.php/FOSS4G2007_IntegrationShowcase
>>>>
>>>> Best regards, Arnulf.
>>>>> **************** You can't be late until you show up.
>>>>> ***************
>>>>> ************ You never learn anything by doing it right.
>>>>> ************
>>>>> *** War doesn't determine who's right. War determines who's left.
>>>>> ***
>>>>>
>>>>> >>> Schuyler Erle <schuyler at nocat.net> wrote:
>>>>> * On 1-Mar-2007 at 2:11AM PST, Cameron Shorter said:
>>>>> >
>>>>> > As Chris noted, Mapbuilder is in the process of merging OpenLayers
>>>>> into
>>>>> > its codebase. This involves throwing away a lot of our original
>>>>> code,
>>>>> > but at the same time, makes Mapbuilder a more robust product
>>>>> because we
>>>>> > can focus on other areas.
>>>>>
>>>>> And by that same token, we've tried very hard to make it possible to
>>>>> separate out only the pieces of OpenLayers you want, and leave out the
>>>>> parts you don't.
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> _______________________________________________
>>>>> Discuss mailing list
>>>>> Discuss at lists.osgeo.org
>>>>> http://lists.osgeo.org/mailman/listinfo/discuss
>>>> _______________________________________________
>>>> Discuss mailing list
>>>> Discuss at lists.osgeo.org
>>>> http://lists.osgeo.org/mailman/listinfo/discuss
>>>>
>>>
>>> --
>>> Cameron Shorter
>>> Systems Architect, http://lisasoft.com.au
>>> Tel: +61 (0)2 8570 5011
>>> Mob: +61 (0)419 142 254
>>>
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/discuss
>>>
>>
>> --
>> Arnulf Christl
>> http://www.wheregroup.com
>>
>
>
--
---------------------------------------
WhereGroup GmbH & Co. KG
Siemensstraße 8
53121 Bonn
-------------------------------
Fon: +49 (0)228 / 90 90 38 - 17
Fax: +49 (0)228 / 90 90 38 - 11
-------------------------------
mailto:info at wheregroup.com
http://www.wheregroup.com
-------------------------------
Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch:
Arnulf Christl, Olaf Knopp, Peter Stamm
Amtsgericht Bonn, HRB 9885
---------------------------------------
--
Baudson Christoph
http://www.wheregroup.com
More information about the Mapbender_dev
mailing list