Authentication (Re: Feature polls...)
steve.lime at DNR.STATE.MN.US
Wed Jan 18 22:45:22 EST 2006
We'll hold you to Monday- only 4 days left. ;-)
Are you or someone else willing to do a bit of research on the subject and possibly author an RFC?
>>> Philip Mark Donaghy <philip.donaghy at GMAIL.COM> 01/17/06 6:55 PM >>>
This is a very interesting topic. I have some experience working with
application servers and web application frameworks at Apache
Jakarta(yes this is java but the theory is the same for any language).
Application servers define realms that are configured and made
available to the applications running in it. The realm is an
abstraction of the user, group, and role authentication mechanism
backed by any number of storage mechanisms (db, ldap, xml file). The
realm must define at least one critical function, isUserInRole(user,
roles). Applications are then configured to accept or deny resources
based on the current users roles.
What is important here is the authorization mechanism is simply
delegated to a third party tool. MapServer needs the ability to
configure different kinds of realms and apply authorization model to
any type of layer or feature. MapServer users can then configure roles
for layers or features(or rules applied to attributes of features).
So all this has to be used in conjunction with authentication so that
map server knows who is the current user making the request.
I'll have this done by monday :)
On 1/16/06, Mark MacLennan <maclenna at visi.com> wrote:
> At 10:39 PM 1/15/2006 -0500, Kralidis,Tom [Burlington] wrote:
> >Has anyone checked out DACS (http://dacs.sourceforge.net/)? They have a
> C/C++ toolkit/API in which one can build modules to stuff like do per layer
> authorization, etc.
> >I've seen this successfully integrated with CubeWerx WMS/WFS. Would be
> neat to see as a pluggable Apache module for use w/ MapServer.
> Very interesting! I had not come across DACS and it is exactly the
> functionality I had in mind :-)
> A related project I was aware of, although I am not sure how it might apply
> to MapServer per se, is GeoXACML (http://www.geoxacml.org/). A demonstraton
> has been implemented for a OGC Web Map Service. An OGC discussion paper for
> GeoXACML also exists
> related to the topic of authorization for digital rights management in the
> geospatial domain.
Office: +33 5 56 60 88 02
Mobile: +33 6 20 83 22 62
More information about the mapserver-dev