Minutes

Security & GeoRM Regular Contributor's Meeting

August 11, 2009, 10:00 am CEST

1. SOS Interceptor

Thorsten finished the implementation/integration of Oliver Meyer's Sensor Oberservation Service Interceptor and added some documentation. The code is committed to the API's trunk. The interceptor is implemented to work with the FilePermissionPDP. The FilePermissionPDP requires a different resource/action encoding than the new and more flexible "Simple Permissions" policy file format, which will be regarded as the new standard way to define policies in 52n. Thorsten will start changing the SOS interceptor to work with the Simple Permission format at the middle of the next week.

References

• SVN https://52north.org/svn/security/52n-security-api/trunk/52n-security-enforcement/src/main/java/org/n52/security/enforcement/interceptors/sos/

2. Licensing Workflow

After finishing the SOS interceptor Thorsten will write a small concept on how to implement a simple click-through use case with 52N Security Services. The idea is to compare a simple architecture, where the License itself is expressed as a precondition published by a gatekeeper, against a more complex architecture, where the precondition only defines the link to a license broker requiring a dedicated license manager service etc. To keep things simple in the beginning, implementation will most likely only cover the simple architecture.

3. OWS-6 Documentation

Martin will complete the sequence diagram and key distribution document showing the interaction of the OWS-6 components. The diagram is supposed to help people understanding the information flow and use of standards in our OWS-6 implementation.

References

• Sequence Diagram https://52north.org/twiki/bin/view/Security/CurrentWorkflowOWS6

4. WPS Interceptor

Martin has already started -- and after the OWS-6 documentation is finished will proceed with -- the implementation of a basic WPS interceptor that allows to protect access to certain WPS "functions". He will provide a small document describing the planned capabilities of the interceptor (which resources/actions can be protected) in the TWiki.

5. Simple Permissions policy file format / XACML PDP

Jan finished implementation of the Simple Permissions policy file format, that allows to define policies for more than one protected service in a single policy file. The policy file can be linked to the new XACML PDP component (that can be used either in-process or via SOAP) using the SimplePermissionsPolicyFinderModule.

References

• SVN https://52north.org/svn/security/52n-security-api/branches/2.0/52n-security-service/src/main/java/org/n52/security/service/pdp/simplepermission/

6. Recent/Upcoming Releases

• Security API 2.0.4 was released. Announcement's still pending.

• WSS 2.1 is already released, but not announced. Announcement will follow as soon as 2.1.0-1 was released that optimizes configuration for instant use and uses an updated Security API. Jan will complete documentation (especially multi-WSS config) in the next days.

References

• API http://52north.org/maven/project-sites/security/api/common/release_notes.html
• WSS http://52north.org/maven/project-sites/security/wss/2.1/index.html.