Hi Christian, OrBAC and the extensions described in the references I mentioned are not OGC standards, I am aware of that. I am trying to implement OrBAC with the extensions. The initial goal was to make a prototype, a proof of concept.
I have read this document [http://demo.geo-solutions.it/share/securing_geoserver.pdf] and I tried to understand the work done on the GeoXACML community module because what I'm trying to do is the same workflow. I failed for the reasons I mentioned earlier. I would like to know how to implement a custom access control model. I am struggling with the code. On Wed, Aug 21, 2013 at 3:47 AM, Christian Mueller <[email protected]> wrote: > Hi Firas > > GeoServer tries to implement OGC standards, GeoXacml is such a standard, > look here > http://www.opengeospatial.org/standards/geoxacml > > > The current GeoXacml module is not up to date. > > Personally, I have no idea about OrBAC. > > I like the idea of enhancing access control but this will need a broader > discussion. > > Concerning GeoXacml: > Quite powerful but complex. The problem is how to hide the complexity from > the users. > > Cheers > Christian > > > > > > > > > > On Wed, Aug 21, 2013 at 1:56 AM, Firas Al Khalil <[email protected]> > wrote: >> >> Hi, >> >> I will present myself: my name is Firas Al Khalil. I am a PhD >> candidate in computer science at the university of French Polynesia, >> Tahiti. I work on security, more specifically on geographic data >> security. >> >> In the course of my work, I plan to implement an access control model >> for GIS. It is an extension of an access control model called OrBAC. >> This extension has been developed here at our lab. (see references >> below). >> >> What I'm trying to do is an implementation of an architecture very >> similar to GeoXACML's architecture presented here >> [http://geoserver.org/display/GEOS/GeoXACML-Integration]. The image >> depicts a workflow with WMS. I intend to do the same for WMS and WFS. >> >> I downloaded GeoServer's source code, and tried to figure out how I >> can implement it but I was not successful (I am on the 2.4 branch). I >> tried to look at the GeoXACML module and instructions but I >> encountered several issues. It seems to be that they're talking about >> things that doesn't exist in GeoServer anymore, AND they are >> implementing deprecated classes. >> >> I contacted Jody Garnett on IRC, and he redirected me to this mailing >> list, and said that I can propose a community module, where I can get >> help from the experts on the subject. >> >> He also proposed that maybe I can help update GeoXACML's >> implementation, and will gladly help doing it. >> >> I contacted my advisor, since he's the main author of the OrBAC >> geographical extension, and he was OK to develop the open source >> module with the community, on a condition that "he get contacted by >> whoever is responsible" before the actual development takes place, so >> it could be somehow a "formal" collaboration. >> >> So here, I emptied my bag. I hope this can move forward. >> >> Thank you. >> >> *References* >> [1] Capolsini, P., Gabillon, A.: Security policies for the >> Visualization of Geo Data. Proceedings of the 2nd SIGSPATIAL ACM GIS >> 2009 International Workshop on Security and Privacy in GIS and LBS. >> (2009). >> [2] Gabillon, A., Capolsini, P.: Rule-based Policy Enforcement Point >> for Map Services. Proceedings of the 3rd ACM SIGSPATIAL International >> Workshop on Security and Privacy in GIS and LBS. (2010). >> [3] Gabillon, A., Capolsini, P.: Dynamic Security Rules for Geo Data. >> Data Privacy >> Management and Autonomous Spontaneous Security, Springer. (2010). >> [4] Gabillon, A., Capolsini, P.: Enforcing protection mechanisms for >> geographic data. In Proceedings of the 11th international conference >> on Web and Wireless Geographical Information Systems (W2GIS'12). >> Springer-Verlag, Berlin, Heidelberg, 185-202. (2012). >> >> -- >> Firas Al Khalil >> Ph.D. Candidate in Computer Science >> GePaSUD Laboratory >> University of French Polynesia >> Tahiti, French Polynesia >> Tel: +689 836 532 (GMT -10) >> Mobile: +689 273 196 (GMT -10) >> email: [email protected] >> >> >> ------------------------------------------------------------------------------ >> Introducing Performance Central, a new site from SourceForge and >> AppDynamics. Performance Central is your source for news, insights, >> analysis and resources for efficient Application Performance Management. >> Visit us today! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >> _______________________________________________ >> Geoserver-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/geoserver-users > > > > > -- > DI Christian Mueller MSc (GIS), MSc (IT-Security) > OSS Open Source Solutions GmbH > -- Firas Al Khalil Ph.D. Candidate in Computer Science GePaSUD Laboratory University of French Polynesia Tahiti, French Polynesia Tel: +689 836 532 (GMT -10) Mobile: +689 273 196 (GMT -10) email: [email protected] ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
