Add a security subsystem to Geoserver, to allow for multiple users authentication, role based level access, service and data access restrictions.

Andrea Aime

Change to various existing modules

1.6.0

({color:gray} being discussed, in progress, {color} complete, {color:gray} rejected, deferred {color})

http://www.nabble.com/GSIP-16%2C-Geoserver-security.-Feedback-required-tf3679752.html#a10283409 http://www.nabble.com/GSIP-16%2C-security-framework.-Call-for-vote-tf3753211.html

Chris Holmes +1 Andrea Aime +1 Justin Deoliveira +1 Alessio Fabiani +1

Geoserver needs a well integrated security framework that allows for multiple users authentication, various access levels, both service and data security. This is especially important for WFS-T, since it allows for changing data, but useful in general when data access must be limited to certain user categories, or when some data access trail must be stored for forensic analysis.

None?

Have a simple user, role, service and data access configuration, still making it possible for people developing on Geoserver to change them and decide for other authentication mechanisms and backends.

Integrate Acegi security into Geoserver, plugging into the web filters for service and web console authentication, and into the dispatch and data subsystems, for configuration, service and data lock down. For more informations, see the research and prototype pages in the links section.

None significant. Of course, servers adding access limitations will break existing clients until they add credential providing feautures (see for example uDig).

Acegi is a powerful but relatively complex framework. This is mitigated by good documentation and vital support forum. General Geoserver architecture will be barely touched thanks to Acegi “aspect” oriented approach to security management.

Andrea Aime