Securing GIS data by Joachim Van der Auwera
<ul><li>Secure </li></ul><ul><li>Authentication </li><ul><li>Support strong credentials : certificates, eID, biometric </l...
No data leakage </li></ul>
Web server Data source Data source Browser view Filter & display data Get application (cred) Get data (cred) Get data (cre...
<ul>Geomajas </ul><ul><li>GIS application framework for the web
Integrate GIS data sources
Make data available on the web (view / edit)
Secure
Fast
Powerful
Java : Spring, Hibernate,
GWT, GeoTools </li></ul>
Geomajas Data source Data source Browser view Display data View source / firebug internet Wms?token=xyz Filtered data Get ...
Upcoming SlideShare
Loading in...5
×

Securing GIS data

1,979

Published on

How to secure GIS data. Using some examples of good and bad. Uses Geomajas as reference for a secure GIS data integration server.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,979
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Securing GIS data

  1. 1. Securing GIS data by Joachim Van der Auwera
  2. 2. <ul><li>Secure </li></ul><ul><li>Authentication </li><ul><li>Support strong credentials : certificates, eID, biometric </li></ul><li>Authorization </li><ul><li>Powerful and fine grained </li></ul><li>No credential leakage
  3. 3. No data leakage </li></ul>
  4. 4. Web server Data source Data source Browser view Filter & display data Get application (cred) Get data (cred) Get data (cred) View source / firebug Wms?user=bla&password=alb Unfiltered data internet <ul>The bad </ul>Web client
  5. 5. <ul>Geomajas </ul><ul><li>GIS application framework for the web
  6. 6. Integrate GIS data sources
  7. 7. Make data available on the web (view / edit)
  8. 8. Secure
  9. 9. Fast
  10. 10. Powerful
  11. 11. Java : Spring, Hibernate,
  12. 12. GWT, GeoTools </li></ul>
  13. 13. Geomajas Data source Data source Browser view Display data View source / firebug internet Wms?token=xyz Filtered data Get application (token) DMZ LAN/WAN Get data (token) <ul>Architecture </ul>Web client
  14. 14. <ul>Policies </ul><ul><li>Application access
  15. 15. Layer access (CRUD)
  16. 16. Command access (execute)
  17. 17. Tool access (execute) </li></ul>
  18. 18. <ul>Layer Policies </ul><ul><li>Search
  19. 19. Area (CRUD) </li><ul><li>What with overlap, partly in area </li></ul><li>Individual features (CRUD)
  20. 20. Individual feature attributes (CRUD)
  21. 21. Custom application policies (extend security context) </li></ul>
  22. 22. Geomajas Data source Browser view Display data Get data (token) Get data (cred) View source / firebug Wms?token=xyz Filtered data filter ¶ · ¸ ¹ º » <ul>Security proxy </ul>Web client
  23. 23. <ul>Login – Single Sign On </ul><ul><li>Login is external
  24. 24. Application does not know credentials </li></ul>
  25. 25. <ul>Security context </ul><ul><li>Based on token
  26. 26. Allows access to policies </li></ul>
  27. 27. <ul>Snooping </ul><ul><li>Should all communication be encrypted?
  28. 28. Login credentials : yes
  29. 29. Token : no (only valid for a while)
  30. 30. Data : once transmitted it can be stolen </li><ul><li>Always at the client
  31. 31. In transit when not encrypted </li></ul></ul>
  32. 32. <ul>Conclusions </ul><ul><li>Geomajas allows you to build highly secure GIS system supporting </li><ul><li>Single sign-on
  33. 33. Highly secure credentials (optional)
  34. 34. Fine grained policies
  35. 35. No credential leaking
  36. 36. No leakage of unauthorized data </li></ul></ul>
  37. 37. <ul>Questions? Thanks! </ul>Contact me : Mail : [email_address] Blog : http://blog.progs.be/ Twitter : @joachimvda http:// www.geomajas.org http:// www.geosparc.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×