Skip to content

GSIP 16

Jody Garnett edited this page Jul 12, 2017 · 1 revision

GSIP 16 - Security subsystem

Overview

Add a security subsystem to Geoserver, to allow for multiple users authentication, role based level access, service and data access restrictions.

Proposed By

Andrea Aime

Proposal Type

Change to various existing modules

Assigned to release

1.6.0

State

({color:gray} being discussed, in progress, {color} complete, {color:gray} rejected, deferred {color})

Email discussion/Other wiki discussions

http://www.nabble.com/GSIP-16%2C-Geoserver-security.-Feedback-required-tf3679752.html#a10283409 http://www.nabble.com/GSIP-16%2C-security-framework.-Call-for-vote-tf3753211.html

Voting History

Chris Holmes +1 Andrea Aime +1 Justin Deoliveira +1 Alessio Fabiani +1

Motivations

Geoserver needs a well integrated security framework that allows for multiple users authentication, various access levels, both service and data security. This is especially important for WFS-T, since it allows for changing data, but useful in general when data access must be limited to certain user categories, or when some data access trail must be stored for forensic analysis.

Assumptions

None?

Proposal

Have a simple user, role, service and data access configuration, still making it possible for people developing on Geoserver to change them and decide for other authentication mechanisms and backends.

Implementation

Integrate Acegi security into Geoserver, plugging into the web filters for service and web console authentication, and into the dispatch and data subsystems, for configuration, service and data lock down. For more informations, see the research and prototype pages in the links section.

Backwards compatibility issues

None significant. Of course, servers adding access limitations will break existing clients until they add credential providing feautures (see for example uDig).

Risks

Acegi is a powerful but relatively complex framework. This is mitigated by good documentation and vital support forum. General Geoserver architecture will be barely touched thanks to Acegi “aspect” oriented approach to security management.

Participants

Andrea Aime

Clone this wiki locally