Gabriel Roldan (
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A54db8b09-1e64-436a-adac-248049585cee
) *created* an issue
GeoServer (
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiM2I5MmQ3NTVmYTIwNDk3NWEyMjQwNDg3NzRhNWJmNTciLCJwIjoiaiJ9
) / New Feature (
https://osgeo-org.atlassian.net/browse/GEOS-10913?atlOrigin=eyJpIjoiM2I5MmQ3NTVmYTIwNDk3NWEyMjQwNDg3NzRhNWJmNTciLCJwIjoiaiJ9
) GEOS-10913 (
https://osgeo-org.atlassian.net/browse/GEOS-10913?atlOrigin=eyJpIjoiM2I5MmQ3NTVmYTIwNDk3NWEyMjQwNDg3NzRhNWJmNTciLCJwIjoiaiJ9
) [GSIP 217] GeoServer ACL project (
https://osgeo-org.atlassian.net/browse/GEOS-10913?atlOrigin=eyJpIjoiM2I5MmQ3NTVmYTIwNDk3NWEyMjQwNDg3NzRhNWJmNTciLCJwIjoiaiJ9
)
Issue Type: New Feature Assignee: Gabriel Roldan (
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A54db8b09-1e64-436a-adac-248049585cee
) Created: 29/Mar/23 6:16 PM Priority: Medium Reporter: Gabriel Roldan (
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A54db8b09-1e64-436a-adac-248049585cee
)
Proposal: https://github.com/geoserver/geoserver/wiki/GSIP-217
GeoServer ACL is an advanced authorization system for GeoServer (
https://geoserver.org/ ).
It consists of an independent application service that manages access rules,
and a GeoServer plugin that requests authorization limits on a per-request
basis.
As an administrator you'll use GeoServer ACL to define rules that grant or deny
access to published resources based on service request properties such user
credentials, the type of OWS service, and layers being requested.
These rules can be as open as to grant or deny access to whole GeoServer
workspaces, or as granular as to specify which geographical areas and layer
attributes to allow a specific user or user group to see.
As a user you'll perform requests to GeoServer such as WMS GetMap or WFS
GetFeatures, and the ACL-based authorization engine will limit the visibility
of the resources and contents of the responses to those matching the rules that
apply to the request properties and the authenticated user credentials.
GeoServer ACL is not an authentication provider. It's an authorization manager
that will use the authenticated user credentials, whether they come from Basic
HTTP, OAuth2/OpenID Connect, or whatever authentication mechanism GeoServer is
using, to resolve the access rules that apply to each particular request.
GeoServer ACL is Open Source, born as a fork (
https://en.wikipedia.org/wiki/Fork_%28software_development%29 ) of GeoFence (
https://github.com/geoserver/geofence ). As such, it follows the same logic to
define data access and administrative access rules. So if you're familiar with
GeoFence, it'll be easy to reason about GeoServer ACL.
(
https://osgeo-org.atlassian.net/browse/GEOS-10913#add-comment?atlOrigin=eyJpIjoiM2I5MmQ3NTVmYTIwNDk3NWEyMjQwNDg3NzRhNWJmNTciLCJwIjoiaiJ9
) Add Comment (
https://osgeo-org.atlassian.net/browse/GEOS-10913#add-comment?atlOrigin=eyJpIjoiM2I5MmQ3NTVmYTIwNDk3NWEyMjQwNDg3NzRhNWJmNTciLCJwIjoiaiJ9
)
Get Jira notifications on your phone! Download the Jira Cloud app for Android (
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
) or iOS (
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100219-
sha1:6a6077b )
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
