Version 6 (modified by pjkersha, 11 years ago) (diff)



Being the NDG3 security activities. More generic NDG security activities can be found here?.


October 1, 2008

The issue is that we need to link NDG security to the OWS client and server stacks (and ideally PyDAP too).

All these actions to be carried out by Phil in the Nov-Jan time frame.

This can be achieved in the server by using WSGI middleware that can be configured using (for example) a regular expression which identifies the resource identifier in any HTTP GET URLS (and presumably POST), and then does a call out to the rest of the NDG security infrastructure. This middleware will be a policy enforcement point and could redirect for authentication and authorisation.

We need an NDG gatekeeper piece of code which can respond to requests matching user credentials to resource URIs to make policy decisions.

We need to address the client side. While using cookies for the browser would seem straightforward, how would the owslib client do the security? How would openlayers (or any embedded javascript) respect the browser cookie security environment.


The overall objective is security enable OWS services. We want to do this in a way that has minimal impact on the services they protect and on clients such as OpenLayers making requests.

  1. Write a security filter to filter requests to OWS services permitting access to a secured resource only to authenticated and authorized users. (Tickets #1004, #1005, #1006)
  2. Apply the same or a similar filter to an  OPeNDAP service. The OPeNDAP server would be based on the Python implementation of OPeNDAP, pyDAP. This task is of secondary importance to 1) (Ticket #1007)
  3. Write security client code to enable a client application written in Python to access a secured OWS service. (Ticket #1008)

NDG3 Security Tickets

These break down the tasks into more detail:

[S] Python OWS Client Security
[S] Authkit cookie sets user's OpenID in plain text

NDG3: Capability?, Discovery?, Vocab?, Software?, MOLES?, Security?, Community?, Roadmap?