[Geoserver-devel] Implementin an Access Control model

Hi,

My name is Firas El Khalil, I'm a PhD candidate at the University of
French Polynesia, and currently working on geographic inforlation
security.

Excuse me if I'm posting at the wrong mailing list, but I really
couldn't find any other place to interact with developers. If there
exists another place to address my problem please point me to it :slight_smile:

I am going for a fast implementation of an access control model for
geographic information (and that's something that I didn't personally
worked on, but we need a prototype in the lab asap), but the problem is
I can't get to understand how would I implement it with geoserver. The
documentation didn't help me a lot.

So first of all, let me explain what I have in mind:
-I want to use OpenLayers to access my geroserver (server, hereafter).
-The request should be
  -intercepted by my module
  -forwarded for the server
-The server's response is intercepted by my module
-My module will:
  -apply various access control policies on data intercepted from the
request interception phase
  -the identify identify actions to be taken on data returned by the
response interception phase
  -apply modifications
  -return the result to OpenLayers

I will be working mainly on vector data.

Maybe what I have is completely inefficient or maybe unattainable with
geoserver. I hope you've got the idea.

Keep in mind that it's a prototype and not an integration solution, so
I'm looking for something relatively simple. Anyhow, I'm open to all
suggestions.

Thank you in advance.
--
Firas Al Khalil
Doctorant en Informatique
Laboratoire GePaSUD
Université de la Polynésie Française
email: firas.khalil@anonymised.com

On Thu, Mar 22, 2012 at 2:34 AM, Firas El Khalil <firas.khalil@anonymised.com> wrote:

Hi,

My name is Firas El Khalil, I’m a PhD candidate at the University of
French Polynesia, and currently working on geographic inforlation
security.

Excuse me if I’m posting at the wrong mailing list, but I really
couldn’t find any other place to interact with developers. If there
exists another place to address my problem please point me to it :slight_smile:

I am going for a fast implementation of an access control model for
geographic information (and that’s something that I didn’t personally
worked on, but we need a prototype in the lab asap), but the problem is
I can’t get to understand how would I implement it with geoserver. The
documentation didn’t help me a lot.

So first of all, let me explain what I have in mind:
-I want to use OpenLayers to access my geroserver (server, hereafter).
-The request should be
-intercepted by my module
-forwarded for the server
-The server’s response is intercepted by my module
-My module will:
-apply various access control policies on data intercepted from the
request interception phase
-the identify identify actions to be taken on data returned by the
response interception phase
-apply modifications
-return the result to OpenLayers

I will be working mainly on vector data.

Maybe what I have is completely inefficient or maybe unattainable with
geoserver. I hope you’ve got the idea.

Keep in mind that it’s a prototype and not an integration solution, so
I’m looking for something relatively simple. Anyhow, I’m open to all
suggestions.

You should probably look at this paper:
http://demo.geo-solutions.it/share/securing_geoserver.pdf

and I guess what you are trying to do is already available as open source
(both in the proxy version and the integrated version, if you get the source
version, the released version I think it’s just a proxy):

http://istgeo.ist.supsi.ch/site/projects/geoshield

Here you can find a description of a bit more sophisticated integrated security
subsystem too, whose sources are not available though:

http://geo-solutions.blogspot.it/2011/05/preview-georepository-advanced.html

Cheers
Andrea

–

Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead

Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy

phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549

http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf


On Sun, 2012-03-25 at 10:06 +0200, Andrea Aime wrote:

On Thu, Mar 22, 2012 at 2:34 AM, Firas El Khalil <firas.khalil@anonymised.com>
wrote:
        Hi,
        
        My name is Firas El Khalil, I'm a PhD candidate at the
        University of
        French Polynesia, and currently working on geographic
        inforlation
        security.
        
        Excuse me if I'm posting at the wrong mailing list, but I
        really
        couldn't find any other place to interact with developers. If
        there
        exists another place to address my problem please point me to
        it :slight_smile:
        
        I am going for a fast implementation of an access control
        model for
        geographic information (and that's something that I didn't
        personally
        worked on, but we need a prototype in the lab asap), but the
        problem is
        I can't get to understand how would I implement it with
        geoserver. The
        documentation didn't help me a lot.
        
        So first of all, let me explain what I have in mind:
        -I want to use OpenLayers to access my geroserver (server,
        hereafter).
        -The request should be
               -intercepted by my module
               -forwarded for the server
        -The server's response is intercepted by my module
        -My module will:
               -apply various access control policies on data
        intercepted from the
        request interception phase
               -the identify identify actions to be taken on data
        returned by the
        response interception phase
               -apply modifications
               -return the result to OpenLayers
        
        I will be working mainly on vector data.
        
        Maybe what I have is completely inefficient or maybe
        unattainable with
        geoserver. I hope you've got the idea.
        
        Keep in mind that it's a prototype and not an integration
        solution, so
        I'm looking for something relatively simple. Anyhow, I'm open
        to all
        suggestions.

You should probably look at this paper:
http://demo.geo-solutions.it/share/securing_geoserver.pdf

and I guess what you are trying to do is already available as open
source
(both in the proxy version and the integrated version, if you get the
source
version, the released version I think it's just a proxy):

http://istgeo.ist.supsi.ch/site/projects/geoshield

Here you can find a description of a bit more sophisticated integrated
security
subsystem too, whose sources are not available though:

http://geo-solutions.blogspot.it/2011/05/preview-georepository-advanced.html

Cheers
Andrea

--
-------------------------------------------------------
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead

Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy

phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549

http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf

-------------------------------------------------------

Thanks a lot.

The thing is we're implementing a new access control model, you can
think about it as RBAC on steroids :slight_smile:

Hoping that your sources could help me.

cheers,

--
Firas Al Khalil
Doctorant en Informatique
Laboratoire GePaSUD
Université de la Polynésie Française
email: firas.khalil@anonymised.com