Sunday, November 05, 2006

Trend Analysis INTERGEO 2006

At the beginning of October, Munich hosted this year's INTERGEO fair (see www.intergeo.de). This is probably the most important fair in Germany where technologies related to the geospatial world are presented. I visited the fair and I was asked to write a "trend analysis" for security (I wrote a similar one last year together with my colleague Andreas). Since I spent a couple of hours writing it I thought this is an interesting thing to post. Please feel free to give me feedback!

-----

In the last years security has grown in importance and this can be seen in both the general IT industry and the Geospatial industry. The first one is demonstrated by the fact that the SYSTEMS fair which shortly followed INTERGEO at the Fair Center Munich (23 -27 October) dedicated one of the six exhibition halls to security. The latter can be seen by the increase in the security-related activities within the Open Geospatial Consortium: in May this year the OGC published for review and comments the GeoDRM Abstract Model which is meant to provide guidance for further Digital Rights Management implementations; the Abstract Model has been approved and will be published as a new topic in the OGC abstract specification. Furthermore, at the OGC Meeting in June in Edinburgh two new working groups have been created: The Security Working Group which will address issues such as Authentication, Authorization, Digital Signature and Encryption and the Ordering Working Group which will focus on the more business related aspects. Finally, this year, one of the 7 threads of the OWS4 initiative (OGC Web Services Test Bed 4) is GeoDRM, where several participants are working together to address issues such as authentication, authorization and licensing.

As part of the trend analysis we asked both the product development companies as well as the data providers. The following five questions were asked: Is security of Geospatial Applications an important aspect for your company? Which security aspects do you think are important? Are you already using / developing products that implement security features? Do you have any future plans for this? Do you think that security is more important this year than it was in the past?

To the first question most of the interviewed persons answered that security is of medium importance for their company. To the second question a lot of the interviewed persons answered yes. However, as in the last year, the lack of security standards in the geospatial industry could be remarked. Because little guidance is available for how security should be applied to geospatial applications most of the interviewed companies said that they use either Intranet applications or Portal solutions, where interoperability at the security layer is not a requirement. Furthermore there were companies that presented security solutions for services; however these services showed no interoperability with one another. When asked about the future, the answers varied: some of the interviewed persons expect more guidance from standards organizations such as OGC, so that issues such as authentication, authorization and digital signature can be addressed in an interoperable way, other hope that not-technical aspects such as pricing models will evolve in the future, while others were simply hoping that security would not be too much of an overhead for their company.

To summarize, security has gained more terrain in the geospatial world, but this is still just the beginning. There is still a long way to go until security will be ubiquitous. And, to cite one of the interviewed persons, we should not forget that security is only one of the many requirements that customers have, and therefore it shouldn’t be either expensive to implement nor complicated to use / deploy.

0 Comments:

Post a Comment

<< Home