Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Dec 11 2020 17:26
    ghobona closed #1
  • Dec 11 2020 17:25
    ghobona transferred #19
  • Dec 11 2020 17:25
    ghobona transferred #18
  • Dec 11 2020 17:24
    ghobona transferred #17
  • Dec 11 2020 17:23
    ghobona transferred #11
  • Dec 11 2020 17:23
    ghobona transferred #12
  • Dec 11 2020 17:23
    ghobona transferred #16
  • Dec 11 2020 17:21
    ghobona transferred #15
  • Dec 11 2020 17:20
    ghobona transferred #14
  • Dec 11 2020 17:20
    ghobona transferred #13
  • Dec 11 2020 17:18
    ghobona transferred #10
  • Dec 11 2020 17:18
    ghobona transferred #9
  • Dec 11 2020 17:17
    ghobona transferred #8
  • Dec 11 2020 17:16
    ghobona transferred #7
  • Dec 11 2020 17:15
    ghobona transferred #6
  • Dec 11 2020 17:14
    ghobona transferred #5
  • Dec 11 2020 17:11
    ghobona transferred #2
  • Dec 11 2020 17:11
    ghobona transferred #3
  • Dec 11 2020 17:09
    ghobona transferred #4
  • Dec 11 2020 17:08
    ghobona labeled #2
Jerome St-Louis
@jerstlouis
@ghobona i'll be there in 3 minutes
Andreas is giving me great intro to security :P
ghobona
@ghobona
@jerstlouis Ok, speak to you in 3 mins.
dstenger
@dstenger
@pvretano Are there any results regarding the abstract test(s) so far? I am ready to start implementing an executable test.
ghobona
@ghobona
All, we will reconvene at 15:30 EDT today in the main Gotomeeting room to discuss any issues and concerns.
Keith Pomakis
@pomakis

FYI, CubeWerx has set up two OGC API servers, one that requires OpenID Connect authentication through "https://www.authenix.eu" to perform transactions:

https://pvretano.com/cubewerx/cubeserv/secure/ogcapi/zoomstack

and one that allows the general public to perform transactions:

https://pvretano.com/cubewerx/cubeserv/default/ogcapi/zoomstack

Have at 'er.

ghobona
@ghobona
Thank you @pomakis and @pvretano !
ghobona
@ghobona
Jerome St-Louis
@jerstlouis
@pvretano question -- does the specs cover using an ID in the incoming feature for a newly posted resource, vs. assigning a new one (e.g. if the server backend only supports numeric ID)? I'm seeing that the Location header in the response identifies where the resource ends up. This could either be based on the id of the feature being added, or it could be newly assigned? I don't see a Location in response to UPDATE, is it possible that updating a feature and its ID moves it to another items/{itemId} end-point?
ghobona
@ghobona
We reconvene in 5 minutes, at 15:30 EDT, in the main Gotomeeting room (579-185-901).
Message from @pvretano "For anyone interested ... a very 'exciting' curl demo of Delta Updates from TB15. https://eratosthenes.pvretano.com/Projects/tb15/Videos/CubeWerx_DU_Demo_Video_TB15_DEC2019.mp4"
JPPauly
@JPPauly
@pomakis @pvretano Thank you for providing your OGC API servers. But we have a problem with requesting a single item by its featureid from the server. It always reports an internal server error. Example URL: https://pvretano.com/cubewerx/cubeserv/default/ogcapi/zoomstack/collections/railway_stations/items/CWFID.RAILWAY_STATIONS.0.0.7AEBAD4FD06E908A1F20020000
Andreas Matheus
@securedimensions
@pomakis You are correct with the OpenAPI configuration using OpenIdConnect: https://swagger.io/docs/specification/authentication/openid-connect-discovery/ We are doing OpenIdConnect here but only for validating the bearer token...
1 reply
Panagiotis (Peter) A. Vretanos
@pvretano
@JPPauly can you try with f=json? If you are trying this in your browser you are negotiating to HTML and my server does not yet support HTML for a single feature . https://pvretano.com/cubewerx/cubeserv/default/ogcapi/zoomstack/collections/railway_stations/items/CWFID.RAILWAY_STATIONS.0.0.7AEBAD4FD06E908A1F20020000?f=json
Jerome St-Louis
@jerstlouis
@pomakis is the server having some issues ? https://pvretano.com/cubewerx/cubeserv/default/ogcapi/zoomstack/collections/names takes a long time
2 replies
Keith Pomakis
@pomakis
@securedimensions, could you provide me with a reference to the RFC that specifies what a web service should return if it receives a request with an invalid Bearer token in its Authorization header?
16 replies
Haoliang Yu
@haoliangyu
Hello, I am building a JavaScript client for both browser and server (nodejs) https://github.com/haoliangyu/ogcapi-js
Jerome St-Louis
@jerstlouis
@pvretano @pomakis feedback on HTML representation of the features ( e.g. https://pvretano.com/cubewerx/cubeserv/default/ogcapi/zoomstack/collections/names/items/ ), it's really not obvious that the actual feature ID to use at /items/{itemId} is gml:id (need to look at the JSON representation to realize that)
Also, GET on /items/{itemId} gives 500 :)
Andreas Matheus
@securedimensions
@pomakis Regarding the responses for an API endpoint, where the OpenAPI description includes a standardized "security scheme" (as here https://swagger.io/docs/specification/authentication/) I would return the response HTTP status code + the information in the response body along the requirements outlined in OpenAPI:
JPPauly
@JPPauly
@pvretano Thanks for the hint that only html is not working. We got it running know in our client which is requesting the json representation.
Andreas Matheus
@securedimensions
Andreas Matheus
@securedimensions
  • scheme: "OpenIDConnect" (https://swagger.io/docs/specification/authentication/openid-connect-discovery/) is a specialization to the OAuth2 scheme that expects the use of user information. Basically, the use of OpenID Connect Discovery is activated so that the application (or a developer) can bootstrap the application based on the information exposed via the .well-known/openid-configuration URL. But still, an OpenID Connect compliant Authorization Server implements - of course - OAuth2. That said, the application would use RFC 6750 to present the Bearer Token to the API endpoint. Therefore, I'd again expect RFC 6750 to be followed.
Andreas Matheus
@securedimensions
Additional comment: I think that we should not mix the need to know with the use of a security scheme. In the intelligence world you ma perhaps want to hide that an endpoint is protected and you perhaps do not want to expose any requirements - or clues - about it. But for Web APIs - described in OpenAPI - there is the expectation - I guess - that it's more about commercial intentions to protect an endpoint: "please have your gold credit card ready for purchasing access". And, because a security scheme outlined in the OpenAPI document explicitly tells the application to use a Bearer Token, the arrow code for a "broken" access token MUST be 401. This signals the application to ultimately fetch a new fresh token! With a simple 400, you cannot convey that requirement. In case of the generic "bearer" scheme, the response could also outline some additional information in the error details, e.g. as outlined in RFC 6750: HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="example",
error="invalid_token",
error_description="The access token expired"
Andreas Matheus
@securedimensions
For all of you interested in the security aspects of the sprint, I've uploaded V3 of the PPT (https://github.com/opengeospatial/OGC-API-Sprint-September-2020/blob/master/Presentations/Webinar_Presentation_2020_OGCAPI_September_Sprint_Security.pptx) to clarify the protocols used on different connections. There also is a PDF summarizing the architecture for this sprint: https://github.com/opengeospatial/OGC-API-Sprint-September-2020/blob/master/Presentations/Security%20Architecture.pdf
JPPauly
@JPPauly

@pvretano We are now trying to implement a post request but are only getting a CubeWerx_Error:

  • "raised in fsProcess_REST_HttpPostOrPutRequest() in file "wfsHttpMethods.c" line 1763"

we used this CURL request and similar requests in our client application:

ghobona
@ghobona
@haoliangyu I have listed your implementation on the GitHub Sprint repo
1 reply
Panagiotis (Peter) A. Vretanos
@pvretano
@JJPauly I think the issue is that me server is expecting the MIME type for GeoJSON to be application/geo+json and not application/json. application/geo+json is defined in RFC 7946, Clause 12. Do you think that our server should be more "forgiving" about the MIME type for GeoJSON?
1 reply
ghobona
@ghobona
@pandeazucar Please note that @NazihFino has successfully deployed GeoServer + OGC API extensions.
Balthasar Teuscher
@b4l
I have an issue with the test suit, somehow this url gets generated http://192.168.1.218:8484/%2F%2Fconformance
They were working a while back.
ghobona
@ghobona
@b4l I think @dstenger is still working on the test suite.
Panagiotis (Peter) A. Vretanos
@pvretano
All, I have created the following directory ... https://eratosthenes.pvretano.com/Projects/sept2020_code_sprint/ it contains shell scripts using cURL that shows how to insert, update and delete features from the server.
ghobona
@ghobona
We reconvene at 12:30pm EDT in the Gotomeeting room.
ghobona
@ghobona
We'll reconvene for the final demonstrations at 3:30pm EDT in the Gotomeeting room.
Panagiotis (Peter) A. Vretanos
@pvretano
@JPPauly the insert issues I was having before were due to using the wrong endpoint with the wrong data. I have resolved everything now and everything (i.e. insert, update and delete) seem to be working fine. Please look into https://eratosthenes.pvretano.com/Projects/sept2020_code_sprint/. The file RAILWAY_STATIONS_01.json it the insert you gave me. I ws aable to insert, update and delete without issue.
ghobona
@ghobona
Posting the Security Scheme description example for future reference. Copied from the secured server and then converted to YAML.

securitySchemes:
  openIdConnectExt1:
    type: openIdConnect
    openIdConnectUrl: https://www.authenix.eu/.well-known/openid-configuration
  cwApiKeyQuery:
    type: apiKey
    name: apiKey
    in: query
  cwApiKeyHeader:
    type: apiKey
    name: CubeWerx-API-Key
    in: header
security:
- openIdConnectExt1: []
- cwApiKeyQuery: []
- cwApiKeyHeader: []
dstenger
@dstenger
@b4l Do you have a publicly available test service? Then I can check your issue with the test suite. Which test is failing exactly?
dstenger
@dstenger
@pvretano Currently I am getting a 500 when trying to insert a feature to https://eratosthenes.pvretano.com/cubewerx/cubeserv/default/ogcapi/zoomstack/collections/names/items. Is there an issue with the server?
Balthasar Teuscher
@b4l
@dstenger unfortunately i have no publicly available service. I think the test suite does some strange url concatenation like host/ + /(root) + /conformance resulting in http://192.168.1.218:8484/%2F%2Fconformance.
dstenger
@dstenger
What is the name of the class?
Can you please also create an issue here? https://github.com/opengeospatial/ets-ogcapi-features10/issues
Balthasar Teuscher
@b4l
Don't really know what class you mean, maybe this: validateConformanceOperationAndResponse13
ghobona
@ghobona
All, thanks for participating in the Code Sprint and thanks to @OrdnanceSurvey for sponsoring the event. We have had a very productive 2-days. We recorded several issues for the SWGs' consideration and identified several lessons as well. We also made suggestions for future work in both the Innovation Program and the Standards Program.
Panagiotis (Peter) A. Vretanos
@pvretano
@dstenger I think I may have been recompiling the source tree at that time and you happened to make the request when the server was being rebuilt. It this is still an issue I'd be interested to know so that I can look into the issue.
ghobona
@ghobona
All, the screenshots have been uploaded to the GitHub repo. If you would like to replace your screenshot(s), please create a Pull Request and we'll replace the it.
NazihFino
@NazihFino
@ghobona, I added updated screenshots.
ghobona
@ghobona
Thanks @NazihFino .
NazihFino
@NazihFino
@ghobona Just to let you know I pull a second request. Thank you
ghobona
@ghobona
Thanks @NazihFino . I have merged the Pull Request.
ghobona
@ghobona
All, registration for the next OGC Code Sprint has been opened. The OGC invites software developers to the May 2021 OGC API Virtual Code Sprint, to be held from May 26th to May 28th, 2021. The Code Sprint will focus on the following draft OGC API specifications: