Next year at the beginning of March, I will be organizing a 4 hour seminar that will be part of the 30th Annual GITA Conference
(Thank You GITA! for asking me to organize it) . The seminar
is entitled "Security for GeoWeb Services: From Problem Statement to Implementation
". Please check the website! I'm really enthusiastic about it, I'm definitively sure that it will be a good one!
Yesterday I finished an overview of the tutorial and thought it might be a good idea to post this here. I'm really happy with how it came out. Do feel free to give me feedback on this!
When it comes to security a lot of people have misconceptions about it. For example, a popular one is that the only goal of computer security is secrecy – keeping the names of the secret agents away from the enemy. In the case of Web services, the emphasis is on sharing and interoperability – which is totally the opposite of secrecy. So, how could this be? Is it actually possible to have secure Web services?
Security in different flavors
The tutorial starts by introducing the different aspects of security: computer security, communications security, physical security. In a Service Oriented world, communications security is important, and this is the type of security that this tutorial focuses on. Because too often it happens that people think that security and access control are one and the same, we continue the by presenting the different challenges that security has to deal with: (1) Authentication – Who the user is?, (2) Authorization (also known as Access Control) – What the user is allowed to do?, (3) Integrity – Ensuring that exchanged data is safe while in transit, (4) Confidentiality – Ensuring that data is not eavesdropped while in transit, (5) Non-Repudiation - Ensuring that a transferred message has been sent / received by the parties claiming to have sent / received the message. Furthermore, in some cases a successful security implementation also needs to deal with the following issues: Identity Management, Delegation, Privacy, Availability and Accounting.
To illustrate all these problems and show how they relate to the geospatial world and geospatial Web services, we developed a scenario (see fig. 1) which is based on real-world applications. In this scenario we introduced four businesses offering services to two clients. The businesses are: a Surveying Agency offering base maps (for profit), an Environment Protection Agency serving maps with different ecological maps (for free), an Electricity Company serving maps with its cable network and a Cadastre Agency serving cadastre information. There are two clients: the (Dumb) Citizen that has different needs and requires data the first three businesses and a Public Notary that requires data from the Cadastre Agency. As it will be seen there are different security requirements for each of the businesses which are driven by various factors such as business model, legislation, etc.
Fig. 1 – Scenario inspired from real-world applications
Security and the existing IT standards & technologies
The second part of the tutorial will be oriented on more technical aspects and will show how the exiting mainstream solutions from the general IT industry can be used to solve some of the requirements identified in the first part of our tutorial. For this part we will focus on securing Web services described by the Open Geospatial Consortium (such as WMS, WFS, WCS, CSW, etc.).
The starting point for this part of the tutorial is the remark that in many aspects geospatial Web services are just like other Web services, and therefore security technologies and standards from organizations such as W3C, IETF and OASIS that are used in the broader IT industry can be successfully applied to the geospatial world. Although there are plenty of standards to choose form, sometimes it is not possible to simply use an existing standard. In order to accommodate the geospatial dimension, sometimes existing standards need to be extended / profiled. We will show existing approaches for this.
As a guide to securing geospatial Web services, we will use the OSI stack (see picture). We will start from the Psychical Layer and go all the way up to the Application Layer and SOAP messaging showing how existing protocols can be leveraged to fulfill security requirements without modifying the protocols specified by the OGC. The following technologies will be showed in practice: SSL/TLS, VPN, Firewalls, HTTP Authentication, Cookies, SOAP and WS-Security, XML Encryption, XML Digital Signature, SAML, XACML / GeoXACML. For each of the presented technologies we will explain which of the requirements identified in the first part it addresses and which of the four businesses from our scenario can make use of it.
Figure 2 – The OSI Protocol Stack
Figure 3 – Security Standards: Plenty to choose from!
Security and the OGC
Within the OGC, security was not an issue until April 2004 when the GeoDRM (Geospatial Digital Rights Management) Working Group was formed. The main achievement of the group is the “Geospatial Digital Rights Management Reference Model (GeoDRM-RM)” which currently awaits approval to become an OGC Abstract Specification in early 2007. It gives the ground for the upcoming activities of the group, which will focus on Implementation Specifications.
Upon maturing concepts for putting together the GeoDRM-RM, it was realized that it is essential to have a strong security system in place that supports the DRM system. So, in June 2006 the Security Working Group was formed. The mission of the WG is to provide a security system for the OGC Reference Architecture, which includes the support for the DRM system, by using existing standards wherever possible.
To support the GeoDRM-RM, two different OGC Web Services Initiatives have been completed: in OWS-3 (2005), the objective was to develop a click-through mechanism for OGC Web Services. Following this initiative, OWS-4 (finished in December 2006) focused on a variety of aspects: from License negotiation to using End-User-Licenses for performing transactions on a Web Feature Service in order to manipulate stored features.
Both initiatives completed the mission under the motto “change OGC specifications as little as possible” and used existing (IT-) standards wherever possible. A lot of the standards described in the second section of the tutorial (WS-Security, WS-Trust, WS-Policy, SAML, XACML) have been used to provide to enhance OGC services with authentication and authorization.
This seminar will introduce the subject of security on the Web including spatial data infrastructure, security requirements for geospatial Web services, communications security and standards, data integrity, and confidentiality. Many facets of the behind-the-scenes activities that exist and function on the Web will be examined. This presentation will take this potentially technical and complex arena and demystify and describe it for all audience levels. Participants will come away with a newfound understanding and an increased comfort level of using Web-based applications.