The goal of the OSS Initiative 52°North's Working Group Security is to develop an
access control system for spatial data infrastructures. This system allows data
providers to regulate access to non-public data and services without changing the
standardized service interfaces or client applications. It may be used to customize
service supply, for example provide different views of the same service or data
depending on the user.
The Web Authentication Service (WAS) makes up the first part of access control to GI
services. Upon successful authentication, a WAS issues a ticket to the user which
verifies his or her identity during the interaction with a secured OGC Web Service.
Such an authentication may take place using different authentication methods, like
for instance the password based authentication.
The Web Security Service (WSS) constitutes the heart of our security infrastructure.
This web service acts as a gateway to an access protected OGC Web Service (OWS), e.g.
Web Mapping Service. The WSS prompts a user to authenticate before any request is
analyzed and forwarded to the OWS. If the user provides a valid ticket from a trusted
Web Authentication Service, the WSS checks whether or nor a request is an authorized
request by querying the appropriate user rights. If a request is authorized, the WSS
forwards it to the secured OWS and returns the respective response to the user.
Access to controlled services via arbitrary desktop applications which support access
to Web Mapping Services (e.g. ESRI ArcMap) is provided for by a Web Security Client
The 52°North Web Security System may be used to customize service supply, for example
provide different views of the same service or data depending on the user.
This presentation will give an overview of the access control system's software
components which are being developed within 52°North's Working Group Security. In
addition to presenting the current state of the software developments, the
presentation will outline the Working Group's future plans and report on the first
lessons learned as a relatively young open source software engineering unit.