About Geosparc
Securing GIS data
by Joachim Van der Auwera
Secure
AuthenticationSupport strong credentials : certificates, eID, biometric
AuthorizationPowerful and fine grained
No credential leakage
No data leakage
The bad
Web client
Web server
Data source
Data source
Browser view
Filter & display data
Get application (cred)
Get data (cred)
Get data (cred)
View source / firebug
Wms?user=bla&password=albUnfiltered data
internet
Geomajas
GIS application framework for the web
Integrate GIS data sources
Make data available on the web (view / edit)
Secure
Fast
Powerful
Java : Spring, Hibernate, GWT, GeoTools
Architecture
Web clientGeomajas
Data source
Data source
Browser view
Display data
View source / firebug
internet
Wms?token=xyzFiltered data
Get application (token)
DMZ
LAN/WAN
Get data (token)
Policies
Application access
Layer access (CRUD)
Command access (execute)
Tool access (execute)
Layer Policies
Search
Area (CRUD)What with overlap, partly in area
Individual features (CRUD)
Individual feature attributes (CRUD)
Custom application policies (extend security context)
Security proxy
Web clientGeomajas
Data source
Browser view
Display data
Get data (token)
Get data (cred)
View source / firebug
Wms?token=xyzFiltered data
filter
Login Single Sign On
Login is external
Application does not know credentials
Security context
Based on token
Allows access to policies
Snooping
Should all communication be encrypted?
Login credentials : yes
Token : no (only valid for a while)
Data : once transmitted it can be stolenAlways at the client
In transit when not encrypted
Conclusions
Geomajas allows you to build highly secure GIS system supportingSingle sign-on
Highly secure credentials (optional)
Fine grained policies
No credential leaking
No leakage of unauthorized data
Questions?Thanks!
Contact me :
Mail : [email protected] : http://blog.progs.be/Twitter : @joachimvda
http://www.geomajas.orghttp://www.geosparc.com