[mapserver-dev] MS RFC 90: Enable/Disable Layers in OGC Web Services by IP Lists - Call For Vote

Tamas Szekeres szekerest at gmail.com
Fri Mar 1 10:18:22 PST 2013

Hi Daniel,

As I've mentioned before assuming the planned enhancement will provide the
same functionality, we won't object deprecating the metadata itself. This
will probably mentioned in the migration guide to make sure how to transfer
the existing configuration to the new environment.

Best regards,


2013/3/1 Daniel Morissette <dmorissette at mapgears.com>

> On 13-02-28 8:39 AM, Tamas Szekeres wrote:
>> 2013/2/28 thomas bonfort <thomas.bonfort at gmail.com
>> <mailto:thomas.bonfort at gmail.**com <thomas.bonfort at gmail.com>>>
>>     I agree that this is a complex area that in some case will need to be
>>     handled by application specific methods. My point is that limiting by
>>     ip only covers a tiny fraction of the AA
>>     (authentication/authorization) scenarios, and that we will have to be
>>     backwards compatible with it in the long run the day we have the
>>     funds/needs for a full fledged AA component.
>> We don't necessarily required to be backward between major version
>> changes. Users should update their mapfiles so they could migrate their
>> IP lists to some other places if required (Assuming we remain function
>> compatible)
> Thomas, Tamas,
> For my part, I already tought about this issue and think that in a future
> iteration of AA support we would likely end up deprecating the new metadata
> introduced by RFC 90 and replace them with a more complete system.
> At Mapgars we have worked on the GeoPrisma project in the last few years (
> http://geoprisma.org/) and learned a lot about access control mechanism
> use cases around geospatial services. The project is mostly dormant now but
> the lessons learned are still in our mind. I also believe that a future
> iteration of GeoPrisma would look very different from what it is today.
> However before this happens we need to have the time/resources/funding so
> don't expect to see this happen in the short term.
> I think what we'd need is a C lib/module (call it libgeoprisma or
> whatever) that can be plugged into MapServer or other geospatial services
> (TinyOWS, MapCache, etc.) to provide spatially-aware access control
> services around a commoon set of config directives (configured only once
> for all services). If MapServer was built with this extension then it would
> make some extra checks to control access to data at various levels of
> granularity, etc.
> I do not have a clear picture yet of what this beast would be like in the
> end, but it is clear to me that this approach would involve deprecating
> what was introduced in RFC-90, which means that as much as I usually care a
> lot about backwards compatibility, in this specific case it is probably not
> that big a deal.
> My 0.02$
> --
> Daniel Morissette
> http://www.mapgears.com/
> Provider of Professional MapServer Support since 2000
> ______________________________**_________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> http://lists.osgeo.org/**mailman/listinfo/mapserver-dev<http://lists.osgeo.org/mailman/listinfo/mapserver-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20130301/91aa6c76/attachment.html>

More information about the mapserver-dev mailing list