Knowing your Role when defining Best Practices for SDI Access Control
To address this challenge a collaborative group including CubeWerx, The Carbon Project and others have been working on Best Practices for Role-based Access Control to help organizations deploying OGC Spatial Data Infrastructure (SDI) services. The approach is based on a set of simple Access Control Rules that can be used to make sure the right geospatial information goes to the right people. But behind the scenes there are IT industry-wide efforts working on “Identity Metasystems” to provide an interoperable architecture for digital identity, OASIS security standards for Information Cards, Authentication discussions on "Identity Provider" and "Relying Party" – all built on top of the Web Services Protocol Stack that includes WS-Security, WS-Trust, WS-MetadataExchange and WS-SecurityPolicy. In other words, an incredible amount of effort IT industry-wide on Authentication.
So in the Best Practices for Role-based Access Control we adopted the philosophy that says, “Use Authentication methods defined by IT industry-wide efforts ” - we'll focus on defining simple, reusable SDI Access Control Rules (SACR) for granting access to OGC services by role, geographic extent, feature and SDI operations. This approach adds significant new capability for deploying SDI by allowing organizations to optimize data services and reduce costs. Over the next weeks we'll be talking more about these Best Practices, examples, and the associated 2008 NSDI Cooperative Agreements Program (CAP) project.