- Galdos Systems Inc. - https://www.galdosinc.com -

Authentication and Access Control

The GeoWeb will not succeed in the near term without a broadly accepted standard for authenticaton and access control.  While in some parts of the world geographic information is free and open, different cultural norms, business models and views on security will ensure that not all information will be freely available to all people.  This is of course already true of the Internet in general, whether we are talking about defense information or medical diganostics.

By Authentication, I mean the ability of a web service to 1) determine information about an authenticated individual or organization and 2) to pass this information in a secure manner from one web service to another. 

By Access Control, I mean the ability to regulate access (read or write – and write will be increasingly important in the GeoWeb) to geographic information based on who the user is, what they want to do, and on which geographic resources they wish to operate.  Not everyone in a flood should be able to mark that a bridge is out — but everyone should be able to report the observation that this is the case.

Fortunately specifications for these purposes DO NOT need to be invented for the geospatial world. The OASIS organization has already created specifications for transporting authentication requests and responses, called SAML (Security Assertion Markup Language) and for transporting access control requests and responses – AND for the expression of Access Control Policies (XACML).  While there may be some need to provide spatial extensions to XACML (this is a matter of dispute) the bulk of the work is already done.

The key thing then is to get the spatial community to adopt these standards for Authentication and Access Control and I believe we will see this happen with the next year.  Geographic data servers (WFS) supporting SAML already exist (e.g. Galdos Cartalinea) and we expect others to follow suit in the near future.