[OpenLayers-Users] secure WMS and WFS

Jon Blower jdb at mail.nerc-essc.ac.uk
Wed Feb 14 05:51:32 EST 2007


Hi Eric,

I haven't actually done this myself, but I've looked at a few options.
 Not all of these will be relevant to you but here goes:

1) The option you mentioned - google maps-type authentication, which
just makes sure that the website hosting the Google Map is entitled to
run the javascript code.  This doesn't authenticate individual users
of the website or the imagery though.

2) If you want to authenticate individual users, you can set up an
HTTP(S) login page, which creates a long key that is tied to the
user's IP address and is time-limited.  The user is then forwarded to
a plain HTTP website.  Every subsequent request to the WMS/WFS server
contains the key in the URL and is checked against the IP address.
This is (roughly) how Google Mail is secured.

3) A variant of (2) would be to use the Central Authentication Service
(CAS), which allows the users of several websites to authenticate
against a central server, effectively allowing single sign-on across
those websites (http://www.ja-sig.org/products/cas/).

4) Secure the WMS/WFS with HTTPS and use client-side certificates to
authenticate individual users for each request to the server.  Has the
advantage that you don't have to change your WMS/WFS implementation
(except by putting it on an HTTPS server) but has the considerable
disadvantage that you need to distribute certificates to your users -
not normally acceptable except in high-security situations.  Also, all
traffic will be encrypted on the wire.

There are also many variants of the above using browser cookies and so forth.

Hope this is helpful,
Jon

On 2/14/07, Eric Lemoine <eric.lemoine at gmail.com> wrote:
> Hi there!
>
> Does anyone have experience with securing access to WMS and WFS
> layers? Say, in the same way it's done in google maps, with a key
> associated with some directory of one's website.
>
> Thanks,
>
> --
> Eric
> _______________________________________________
> Users mailing list
> Users at openlayers.org
> http://openlayers.org/mailman/listinfo/users
>


-- 
--------------------------------------------------------------
Dr Jon Blower              Tel: +44 118 378 5213 (direct line)
Technical Director         Tel: +44 118 378 8741 (ESSC)
Reading e-Science Centre   Fax: +44 118 378 6413
ESSC                       Email: jdb at mail.nerc-essc.ac.uk
University of Reading
3 Earley Gate
Reading RG6 6AL, UK
--------------------------------------------------------------



More information about the Users mailing list