This site will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device.

CGDI online training

This online course is designed to introduce you to the various components of the Canadian Geospatial Data Infrastructure, their functionality, and the standards and specifications necessary to implement them.

more

Resources & Tools

Web Security

Under investigation
Description
 

What is Web Security:

  1. A mechanism for implementing and deploying a secure CGDI service;
  2. A mechanism to quickly establish access control rules for OGC services and their data content in response to a more dynamic business environment; and
  3. A secure Web environment allowing any CGDI participant to support their own Identity Systems (the ability to authenticate their own users) and still participate into a federated CGDI environment where each organization (data or service provider) can control their own resources.

The proposed security mechanism for CGDI supports a federated architecture of web resources and moves away from the traditional centralized Identity Systems. Until now, service providers have been at the center of Identity Systems, requesting identity information (through a registration process) from each user prior to providing a Web service. Web services like those implemented through the Canadian Geospatial Data Infrastructure (CGDI) have been designed to support robust, flexible, and scalable distributed geo-processing capabilities and evolve in response to the dynamic nature of communities of practice requirements. A federated security mechanism is needed to support such living services and requirements for loosely coupled and organic CGDI implementations. This is a departure from the paradigm of rigid architecture and hard-wired systems.

 
Implementation Specification
 
Version
Date
Location

1.0  

2007.08.  

GeoConnections
Security Strategy in the context of CGDI
Status
 

Proposed security mechanisms not yet Endorsed by the GeoConnections CGDI Architecture Advisory Committee

Other Info
 

CGDI implementation components such as the GeoConnections GeoPortal and other applications to be developed by CGDI participants will have to support and integrate well with emerging security models and more specifically Identity Systems implemented using a user-centric model. During the next few years, CGDI participants will need to investigate the use of emerging secure-enabled Identity Systems when implementing their CGDI components. This implies investigating the use of user-centric Identity Systems such as CardSpace and SAML. These Identity systems are based on open specifications from OASIS and implementations already exist. For example, the Oracle Identity Federation solution (part of Oracle Portal Application server) already support SAML v2.0 and the use of X.509 certificates.

For GeoConnections and CGDI participants this implies implementing new software applications accepting identity information such as identity attributes from third party Identity Providers without having to register all users connecting to an application or a service. This further implies a strategy and investigation effort of how best to integrate CardSpace, SAML and the current Distributed Access Control System (DACS) in used by some federated systems like NFIS.