[OSGeo-Discuss] AJAX Trust and security
Jan-Oliver Wagner
jan-oliver.wagner at intevation.de
Mon Mar 12 14:47:47 PDT 2007
On Monday 12 March 2007 01:16, Cameron Shorter wrote:
> Simon Green is currently researching our alternatives and it would be
> good if we can align our solution with yours.
I've researched this topic a bit recently and also will give a presentation
about how to secure GDI with Free Software on FOSSGIS this week in Berlin.
In short: there are currently 2.5 Free Software solutions available:
deegree, 52N, MapBender.
Apart from solving the authentication and authorization at server
side, you need a clever helper-tool on the client side to filter
unsecure requests into secure requests.
This is because virtually no OWS client knows about SSL or authentication (how
could they, there is no standard yet ;-).
There are two solutions for the client available, WSC of 52N (Java)
and InteProxy[1] (Python). The latter is what we are developing ourselves
for securing the GDI of lower saxony and another state of Germany.
On the server side solutions range from simple authentication methods
to complex ticketing-based ones. While the future belongs to the latter,
today they are expensive and lower service availability (more points of
failure). At least if done right -- only few people seem to know how
complicated using/mainting a PKI can get.
There are also differences in the authorization granularity, naturally.
One observation of mine so far (also at FOSS4G Lausanne) is that
with regard to PKI people (if at all) take efford to ensure the guy requesting
OWS is the guy he should be. Neglected is to check wether the OWS service
is the one it should be (this type problem got some press with the term
"Phishing"). Apart from getting interesting data from the user, I see
especially problems for the military sector. Providing wrong maps for
planning is surely a clever idea.
All the best
Jan
[1] http://wald.intevation.org/projects/inteproxy/
--
Dr. Jan-Oliver Wagner Intevation GmbH
Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Discuss
mailing list