Securing GIS data

Securing GIS data by Joachim Van der Auwera

Secure
Authentication
Support strong credentials : certificates, eID, biometric
Authorization
Powerful and fine grained
No credential leakage
No data leakage

Web server Data source Data source Browser view Filter & display data Get application (cred) Get data (cred) Get data (cred) View source / firebug Wms?user=bla&password=alb Unfiltered data internet
The bad
Web client

Geomajas
GIS application framework for the web
Integrate GIS data sources
Make data available on the web (view / edit)
Secure
Fast
Powerful
Java : Spring, Hibernate,
GWT, GeoTools

Geomajas Data source Data source Browser view Display data View source / firebug internet Wms?token=xyz Filtered data Get application (token) DMZ LAN/WAN Get data (token)
Architecture
Web client

Policies
Application access
Layer access (CRUD)
Command access (execute)
Tool access (execute)

Layer Policies
Search
Area (CRUD)
What with overlap, partly in area
Individual features (CRUD)
Individual feature attributes (CRUD)
Custom application policies (extend security context)

Geomajas Data source Browser view Display data Get data (token) Get data (cred) View source / firebug Wms?token=xyz Filtered data filter ¶ · ¸ ¹ º »
Security proxy
Web client

Login – Single Sign On
Login is external
Application does not know credentials

Security context
Based on token
Allows access to policies

Snooping
Should all communication be encrypted?
Login credentials : yes
Token : no (only valid for a while)
Data : once transmitted it can be stolen
Always at the client
In transit when not encrypted

Conclusions
Geomajas allows you to build highly secure GIS system supporting
Single sign-on
Highly secure credentials (optional)
Fine grained policies
No credential leaking
No leakage of unauthorized data

Questions? Thanks!
Contact me : Mail : [email_address] Blog : http://blog.progs.be/ Twitter : @joachimvda http:// www.geomajas.org http:// www.geosparc.com

Securing GIS data

by Joachim Van der Auwera on Sep 14, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

2 Embeds 196

Statistics

Securing GIS data — Webinar Transcript

http://blog.progs.be	194
http://translate.googleusercontent.com	2