Version 2 (modified by lawrence, 11 years ago) (diff)



Being the NDG3 security activities. More generic NDG security activities can be found here?.


October 1, 2008

The issue is that we need to link NDG security to the OWS client and server stacks (and ideally PyDAP too).

All these actions to be carried out by Phil in the Nov-Jan time frame.

This can be achieved in the server by using WSGI middleware that can be configured using (for example) a regular expression which identifies the resource identifier in any HTTP GET URLS (and presumably POST), and then does a call out to the rest of the NDG security infrastructure. This middleware will be a policy enforcement point and could redirect for authentication and authorisation.

We need an NDG gatekeeper piece of code which can respond to requests matching user credentials to resource URIs to make policy decisions.

We need to address the client side. While using cookies for the browser would seem straightforward, how would the owslib client do the security? How would openlayers (or any embedded javascript) respect the browser cookie security environment.

NDG3: Capability?, Discovery?, Vocab?, Software?, MOLES?, Security?, Community?, Roadmap?