[eoxserver-dev] Implementing Access Control into the EOXServer

[Bonitz Arndt]

Dear all,

Today, Stefan and I met and talked about a possible integration of a  security layer into the EOX Server with the Shibboleth framework. Authentication will be handled by the Shibbboleth IdP and ServiceProvider. The plan is to add an additional handler (or extending the OWSCommonHandler) which can access the user attributes provided by the Shibboleth SP and can perform an authorization request at the PDP. In case of a positive authz. decision the hander could forward the request to the next handler, if negative the service would return an error message.

I would like to hear your opinions and comments to this proposal.

Best regards,
Arndt

Arndt F. Bonitz
Department Safety & Security

AIT Austrian Institute of Technology GmbH
2444 Seibersdorf | Austria
Tel.: +43(0) 50550-3169
arndt.bonitz at ait.ac.at<mailto:arndt.bonitz at ait.ac.at>  |  http://www.ait.ac.at<http://www.ait.ac.at/>

FN: 115980 i HG Wien  |  UID: ATU14703506
This email and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient, please notify the sender by return e-mail or by telephone and delete this message from your system and any printout thereof. Any unauthorized use, reproduction, or dissemination of this message is strictly prohibited. Please note that e-mails are susceptible to change. AIT Austrian Institute of Technology GmbH shall not be liable for the improper or incomplete transmission of the information contained in this communication, nor shall it be liable for any delay in its receipt.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://eoxserver.org/pipermail/dev/attachments/20111004/189996bb/attachment.html>