Access Control for OpenGIS® Web
Services
Access
Control for an OpenGIS® Web
Service based Spatial Data Infrastructure
is one of the relevant pre-conditions to provide high quality geographic
information. Basically, access to the services has to be protected by an
appropriate Access Control System that realizes (at least) the following
requirements:
- It must be
possible to declare access rights for particular
data types of geographic information objects. When protecting access
to the Web Map Service (WMS), a data type can be a layer, provided by the
WMS. For a Web Feature Service (WFS) a data type can be a feature type.
- It must be
possible to declare access rights for particular
instances of geographic information objects. For protecting access to a WFS, this allows to associate access rights to
individual features or a group of features.
- It must be
possible to declare access rights for particular
geographic areas (regions). For protecting a WMS, this allows to
restrict access for maps to particular areas of interest. For protecting a WFS, this allows to minimize the area, for which
features can be requests, created, modified or deleted.
- Requesting maps
in a binary format (e.g. gif, jpeg, etc.) it must be possible to declare
access rights based on the resolution
of the map.
- It must be
possible to declare access rights for requests, issued by clients with a
particular IP-address or
computer name.
- It must be
possible to declare access rights for particular time windows.
- It must be
possible to combine different
types of access rights and manage access
rights for roles.
These
(and more) requirements are supported by the Geospatial eXtensible
Access Control Markup Language, short GeoXACML. It
defines a geo-specific extension to the eXtensible
Access Control Markup Language, short XACML which is a standard from OASIS. More
information on GeoXACML can be obtained from the
homepage.
GeoXACML is currently an OGC
Draft Implementation Specification.