Friday, March 05, 2010

More people choosing Gaia to access secure WMS/WFS

We're finding more and more people are choosing Gaia to access WMS/WFS protected by simple HTTP Authentication. We've all used this before (perhaps not recognizing it). The basic method provides a simple challenge-response used by a server to challenge a client request, and by a client to provide authentication information.

For example, a test WMS with HTTP Authentication provided by CubeWerx is at:

It is protected by HTTP basic authentication. You can log in as Username: jeff and Password: carbon in the free Gaia application from The Carbon Project. The basic process is to click "Add new service to the list" in the "Add layer to map" dialog of the Gaia application - and complete the Authentication section. If you do not complete this, you will not be able to access the WMS.

Users may also exercise the CubeWerx service protected by HTTP basic authentication in a browser by clicking this link.

The Carbon Project has successfully used this "basic" authentication scheme for OGC WMS/WFS provided by many vendors, including DigitalGlobe and others.

The basic authentication scheme is a non-secure method of filtering unauthorized access to resources on an HTTP server. It is based on the assumption that the connection between the client and the server can be regarded as a trusted carrier. As this is not generally true on an open network, the basic authentication scheme should be used accordingly. In future CarbonCloud articles we'll discuss how HTTPS and other methods can help deal with this.

Of course, there are more advanced methods of securing OGC services that provide fine-grained access control rules and feature-level security - and many customers may want to implement these as well.

- Jeff


Post a Comment

<< Home