Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Securing GIS data

2,826 views

Published on

How to secure GIS data. Using some examples of good and bad. Uses Geomajas as reference for a secure GIS data integration server.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Securing GIS data

  1. 1. Securing GIS data by Joachim Van der Auwera
  2. 2. <ul><li>Secure </li></ul><ul><li>Authentication </li><ul><li>Support strong credentials : certificates, eID, biometric </li></ul><li>Authorization </li><ul><li>Powerful and fine grained </li></ul><li>No credential leakage
  3. 3. No data leakage </li></ul>
  4. 4. Web server Data source Data source Browser view Filter & display data Get application (cred) Get data (cred) Get data (cred) View source / firebug Wms?user=bla&password=alb Unfiltered data internet <ul>The bad </ul>Web client
  5. 5. <ul>Geomajas </ul><ul><li>GIS application framework for the web
  6. 6. Integrate GIS data sources
  7. 7. Make data available on the web (view / edit)
  8. 8. Secure
  9. 9. Fast
  10. 10. Powerful
  11. 11. Java : Spring, Hibernate,
  12. 12. GWT, GeoTools </li></ul>
  13. 13. Geomajas Data source Data source Browser view Display data View source / firebug internet Wms?token=xyz Filtered data Get application (token) DMZ LAN/WAN Get data (token) <ul>Architecture </ul>Web client
  14. 14. <ul>Policies </ul><ul><li>Application access
  15. 15. Layer access (CRUD)
  16. 16. Command access (execute)
  17. 17. Tool access (execute) </li></ul>
  18. 18. <ul>Layer Policies </ul><ul><li>Search
  19. 19. Area (CRUD) </li><ul><li>What with overlap, partly in area </li></ul><li>Individual features (CRUD)
  20. 20. Individual feature attributes (CRUD)
  21. 21. Custom application policies (extend security context) </li></ul>
  22. 22. Geomajas Data source Browser view Display data Get data (token) Get data (cred) View source / firebug Wms?token=xyz Filtered data filter ¶ · ¸ ¹ º » <ul>Security proxy </ul>Web client
  23. 23. <ul>Login – Single Sign On </ul><ul><li>Login is external
  24. 24. Application does not know credentials </li></ul>
  25. 25. <ul>Security context </ul><ul><li>Based on token
  26. 26. Allows access to policies </li></ul>
  27. 27. <ul>Snooping </ul><ul><li>Should all communication be encrypted?
  28. 28. Login credentials : yes
  29. 29. Token : no (only valid for a while)
  30. 30. Data : once transmitted it can be stolen </li><ul><li>Always at the client
  31. 31. In transit when not encrypted </li></ul></ul>
  32. 32. <ul>Conclusions </ul><ul><li>Geomajas allows you to build highly secure GIS system supporting </li><ul><li>Single sign-on
  33. 33. Highly secure credentials (optional)
  34. 34. Fine grained policies
  35. 35. No credential leaking
  36. 36. No leakage of unauthorized data </li></ul></ul>
  37. 37. <ul>Questions? Thanks! </ul>Contact me : Mail : [email_address] Blog : http://blog.progs.be/ Twitter : @joachimvda http:// www.geomajas.org http:// www.geosparc.com

×