L-16: Deegree iGeoSecurity – Access Control for OGC Web Services
deegree iGeoSecurity is the Java/JSP-based security framework of the deegree project. Its area of use is controlling access to OGC Web Services (OWS) like Web Map Service (WMS), Web Feature Service (WFS) and Catalogue Service (CSW-W).
The central component is the OWSproxy masking "normal" OWS. Based on different credentials like username/password or session IDs, the OWSproxy can detect the end-user and check her rights against a security repository. The database driven repository manages user, groups and rights. Rights can control access for use cases like:
- John is allowed to see the entire WMS layer for endangered species
- Laura can just access the map layer for endangered species within a buffer of 2 km around the lake
- Hillary is allowed to insert new endangered species via the WFS; John and Laura are not allowed to.
In order to get more familiar with the use cases, concepts and software, the participants will use Apache Tomcat to deploy:
- a Web Map Service providing different map layers like topography, endangered species etc.
- a transactional Web Feature Service for maintaining the vector data
- a OWSproxy masking Web Map and Web Feature Service and controlling access based on user's credentials
- a Web Authentication Service for managing session IDs
- iGeoPortal standard editon as WMS Client supporting user credentials
- U3R as client for managing user, rights, roles and resources
Based on these applications participants get an profound understanding of the security mechanisms within this spatial data infrastructure.
Hans Plum is a Consultant with lat/lon GmbH for more than three years. His main work areas are consulting, integration of solutions for Spatial Data Infrastuctures and web-based geospatial systems. He is an expert regarding geoportals and security mechanisms for geospatial web services.