By the way, I do have a prototype of the extension based on the reference OrBAC implementation [http://motorbac.sourceforge.net/] (It has been a year since I last worked on it, and it's not anything near production quality, as always we were doing prototypes).
Now all I need to do is to "plug it" in GeoServer. On Wed, Aug 21, 2013 at 9:31 AM, Firas Al Khalil <[email protected]> wrote: > Hi Christian, > > OrBAC and the extensions described in the references I mentioned are > not OGC standards, I am aware of that. I am trying to implement OrBAC > with the extensions. The initial goal was to make a prototype, a proof > of concept. > > I have read this document > [http://demo.geo-solutions.it/share/securing_geoserver.pdf] and I > tried to understand the work done on the GeoXACML community module > because what I'm trying to do is the same workflow. I failed for the > reasons I mentioned earlier. > > I would like to know how to implement a custom access control model. I > am struggling with the code. > > On Wed, Aug 21, 2013 at 3:47 AM, Christian Mueller > <[email protected]> wrote: >> Hi Firas >> >> GeoServer tries to implement OGC standards, GeoXacml is such a standard, >> look here >> http://www.opengeospatial.org/standards/geoxacml >> >> >> The current GeoXacml module is not up to date. >> >> Personally, I have no idea about OrBAC. >> >> I like the idea of enhancing access control but this will need a broader >> discussion. >> >> Concerning GeoXacml: >> Quite powerful but complex. The problem is how to hide the complexity from >> the users. >> >> Cheers >> Christian >> >> >> >> >> >> >> >> >> >> On Wed, Aug 21, 2013 at 1:56 AM, Firas Al Khalil <[email protected]> >> wrote: >>> >>> Hi, >>> >>> I will present myself: my name is Firas Al Khalil. I am a PhD >>> candidate in computer science at the university of French Polynesia, >>> Tahiti. I work on security, more specifically on geographic data >>> security. >>> >>> In the course of my work, I plan to implement an access control model >>> for GIS. It is an extension of an access control model called OrBAC. >>> This extension has been developed here at our lab. (see references >>> below). >>> >>> What I'm trying to do is an implementation of an architecture very >>> similar to GeoXACML's architecture presented here >>> [http://geoserver.org/display/GEOS/GeoXACML-Integration]. The image >>> depicts a workflow with WMS. I intend to do the same for WMS and WFS. >>> >>> I downloaded GeoServer's source code, and tried to figure out how I >>> can implement it but I was not successful (I am on the 2.4 branch). I >>> tried to look at the GeoXACML module and instructions but I >>> encountered several issues. It seems to be that they're talking about >>> things that doesn't exist in GeoServer anymore, AND they are >>> implementing deprecated classes. >>> >>> I contacted Jody Garnett on IRC, and he redirected me to this mailing >>> list, and said that I can propose a community module, where I can get >>> help from the experts on the subject. >>> >>> He also proposed that maybe I can help update GeoXACML's >>> implementation, and will gladly help doing it. >>> >>> I contacted my advisor, since he's the main author of the OrBAC >>> geographical extension, and he was OK to develop the open source >>> module with the community, on a condition that "he get contacted by >>> whoever is responsible" before the actual development takes place, so >>> it could be somehow a "formal" collaboration. >>> >>> So here, I emptied my bag. I hope this can move forward. >>> >>> Thank you. >>> >>> *References* >>> [1] Capolsini, P., Gabillon, A.: Security policies for the >>> Visualization of Geo Data. Proceedings of the 2nd SIGSPATIAL ACM GIS >>> 2009 International Workshop on Security and Privacy in GIS and LBS. >>> (2009). >>> [2] Gabillon, A., Capolsini, P.: Rule-based Policy Enforcement Point >>> for Map Services. Proceedings of the 3rd ACM SIGSPATIAL International >>> Workshop on Security and Privacy in GIS and LBS. (2010). >>> [3] Gabillon, A., Capolsini, P.: Dynamic Security Rules for Geo Data. >>> Data Privacy >>> Management and Autonomous Spontaneous Security, Springer. (2010). >>> [4] Gabillon, A., Capolsini, P.: Enforcing protection mechanisms for >>> geographic data. In Proceedings of the 11th international conference >>> on Web and Wireless Geographical Information Systems (W2GIS'12). >>> Springer-Verlag, Berlin, Heidelberg, 185-202. (2012). >>> >>> -- >>> Firas Al Khalil >>> Ph.D. Candidate in Computer Science >>> GePaSUD Laboratory >>> University of French Polynesia >>> Tahiti, French Polynesia >>> Tel: +689 836 532 (GMT -10) >>> Mobile: +689 273 196 (GMT -10) >>> email: [email protected] >>> >>> >>> ------------------------------------------------------------------------------ >>> Introducing Performance Central, a new site from SourceForge and >>> AppDynamics. Performance Central is your source for news, insights, >>> analysis and resources for efficient Application Performance Management. >>> Visit us today! >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> Geoserver-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/geoserver-users >> >> >> >> >> -- >> DI Christian Mueller MSc (GIS), MSc (IT-Security) >> OSS Open Source Solutions GmbH >> > > > > -- > Firas Al Khalil > Ph.D. Candidate in Computer Science > GePaSUD Laboratory > University of French Polynesia > Tahiti, French Polynesia > Tel: +689 836 532 (GMT -10) > Mobile: +689 273 196 (GMT -10) > email: [email protected] -- Firas Al Khalil Ph.D. Candidate in Computer Science GePaSUD Laboratory University of French Polynesia Tahiti, French Polynesia Tel: +689 836 532 (GMT -10) Mobile: +689 273 196 (GMT -10) email: [email protected] ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
