From MapbenderWiki

Contents 1 Demand for a central public user in mapbender 2 Lessons learned in the project geoportal.rlp (http://www.geoportal.rlp.de) 2.1 Demand for Public User(*) 2.1.1 Use Cases for Public User 2.2 Demand for Public Group 2.2.1 Use Cases for Public Group 2.3 Implementation Specification 2.4 Special Cases

Demand for a central public user in mapbender

Most mapbender applications have one public user. This applications are open for public and are often started with parameters name and password (maybe demo, demo). This behavior is not good. Like Christoph posted on the dev list in june 2009 (http://lists.osgeo.org/pipermail/mapbender_dev/2009-June/001580.html) we have to find a solution for this problem.

Lessons learned in the project geoportal.rlp (http://www.geoportal.rlp.de)

In our project, mapbender is used as a central service registry for all OGC OWS in Rhineland-Palatinate. The concept is that authorized users can publish their web services by loading them into the Mapbender database. Mapbender is used as a centralized authorisation platform. The decentralized owners of OWS can allow users access secured services by using the mapbender ows-proxy module.

Demand for Public User(*)

The portal is open for public access. Therefore we need one public user who does not have to log in. The anonymous session is automatically created when someone opens the portal. This is the thing which was described above. The solution from our view is to define a parameter in mapbender.conf or geoportal.conf. This parameter can be ANONYMOUS_USER which sets the user_id of the table mb_user.

Use Cases for Public User

1. Login
2. Search Metadata: The restrictions of resources must be shown
3. Show Metadata: Some functionality is only available if someone is known by his email (authentication)

Demand for Public Group

To allow the clearance of some OWS resources to public there must be a group which defines the publicity. This group is the central anonymous group which has to be defined in the central configuration of mapbender: ANONYMOUS_GROUP

Use Cases for Public Group

1. Allow all users to access an OWS resource
2. Using clients that do not have session information - like exporting Mapbender OGC WMC documents as simple OpenLayers clients which can easily be integrated in external web pages where there is no need to control the access to the used OWS.

Implementation Specification

1. Every session that is not tied to a named user (name and password) is an ANONYMOUS_USER.
2. All users which are registred in Mapbender are automatically added to the group ANONYMOUS_GROUP

Special Cases

1. The possibility to register ows in the mapbender registry is a special functionallity which can be handled through defining a mapbender group which allow to use some admin modules. But here is another problem:

The Monitoring should only apply to those services which are registrated to publish them. Therefor the monitoring should be bounded to those services of one special group which is the registrating group. Maybe we should define a parameter REGISTRATING_GROUP which could be the mb_group_id of mapbenders mb_group table.

I do not understand this?! --Arnulf 11:29, 27 July 2009 (UTC)

1. The persons who register ows in a central database mostly a real world persons. The belong to a organisation (group) for which they work and publish services. It is better to handle the organisations which are responsible for this publishing (Metadata!) as mb_group. Then many different people in a big organisation can publish their services. There is only the demand to store the address information at at mb_user level but on mb_group level and there must be a special column in mb_user_mb_group which maybe called mb_user_mb_group_type and is a integer value. Herein maybe 1 define the origintaing group for a special user which can publish services.

I do not understand this?! --Arnulf 11:29, 27 July 2009 (UTC)

(*) The public user is a 'central anonymous user' that can use Mapbender applications without having to enter a user name and password.