Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität.

Similar presentations


Presentation on theme: "Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität."— Presentation transcript:

1 Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität München Munich, Germany

2 How does it fit into DRM? DRM is about licensed use of an existing content Content provider encrypts the content User can use the content on- or offline User requires the decryption key, which distribution is controlled by provider according to users license Information based access control Regulates the creation/use of a content in the first place Handles decryption key distribution, based on the information of an existing content

3 Motivation: Restrict the use of geospatial features Based on the features accessed For Write, Delete and Create access, constraints must be enforced for the service input For Read access, constraints must be enforced for the service output Based on the spatial characteristics of the features (spatial features) Location (where is that feature) Geometry (which extend does the feature have)

4 XACML based infrastructure

5 Functions of the PEP and PDP Policy Enforcement Point Provide Web Service interfaces Analyze the service request/response Isolate information from the request/response: User, Operation and Resource Form a decision request message, including the request content to be send to the PDP Accept or reject the service invocation request based on the response of PDP Policy Decision Point Has access to the policies in the policy repository Accept decision requests from PEP and return Deny, Permit, NotApplicable or Indeterminate

6 Associating access restrictions to features and feature types A type-based restriction is linked to a feature type; it is to be enforced for all instances of that type A instance-based restriction is linked to an individual feature; it is to be enforced for this feature only Examples Type-based restriction Bob can read and write features of type BuildingType Instance-based restriction Bob can not write the feature The White House

7 The decision request message The decision request from the PEP to the PDP contains an XML encoding of the resources that the subject likes to access (ResourceContent element) and the subject identity, the requested operation (R, W, C, D) PDP returns access decision based on the policies from the policy repository, the information from the decision request and optional environmental information

8 The ResourceContent element This element of the decision request is filled by the PEP It contains the resources, the subject likes to access The information is critical, because miss-structuring can cause the PDP to return a wrong decision The XML encoded information, hold by the ResourceContent must be valid Schema defines the feature types and defines the structure of the feature instances

9 An example result of a WFS 0 0 4 4 The White House 1 0 An example feature collection

10 A decision request example Bob read …

11 A decision request example … 0 0 4 4 The White House 1 0 An example city model …

12 A decision request example … http://mySchema#CityModel

13 Example policies based on Xpath Type-based example Instance-based example

14 Inconsistency Two or more policies match for the same resources (features) but declare inverse access restrictions For the previous example Bob can write Building The White House from the type- based policy Bob can not write the Building The White House from the instance-based policy Is it an inconsistency or intended exceptional restriction?

15 Inconsistency If these restrictions are declared in independent policies, its probably an inconsistency If these restrictions are declared in a linked fashion, its probably an intended situation Type-based restriction represents the general case Instance-based restriction represents the specific case Quintessence: A mechanism must be in place that deals with this

16 How to deal with NotApplicable and Indeterminate decisions? Policies express explicit restrictions/allowances Requests, not matching the explicit policies result in a PDP NotApplicable result How shall the PEP treat these decisions? Minimum allowed: Deny the request Maximum allowed: Permit the request It must be certain that a NotApplicable decision is always mend to be Permit or Deny, but never both Indeterminate is always handled as a Deny The PEP may return extra information to the user about what went wrong

17 Spatial access restrictions Feature based restrictions give the ability Spatial access restrictions can be applied to an area, the restriction area primitive area with no holes complex area with holes Applicable to spatial features in the resource content, based on their location geometry Policy must link an area with spatial property

18 Extending the access control triplet Subject, Operation as usual Object = Xpath to the XML elements (spatial features) Condition = Boolean expression using spatial relation functions Within Intersects Outside Touches Equals etc.

19 Spatial restriction example Spatial example Bob can read all spatial features of type BuildingType that reside inside the RestrictedArea 0,0 0,2 2,2 2,0 0,0

20 Spatial policies and XACML XACML does not provide the required language constructs => GeoXACML GeoXACML requirements geometry types based on gml:Point gml:Polygon gml:Box functions for checking spatial relation based on Java Topology Suite (JTS) Equals, Disjoint, Intersects, Touches, Crosses, Within, Contains, Overlaps Combination algorithm that take care of specific spatial situations

21 Spatial inconsistency Spatial restriction examples Bob can read and write spatial features, located inside restricted area 1 Bob can not write spatial features located inside restricted area 2 How to encode this? Meta information required Two independent policies: inconsistency Two linked policies: indented situation Quintessence: Deal with spatial inconsistencies (0,0) (1,1) (3,3) (2,2)

22 Upcoming work in this field of research Implement the GeoXACML extensions Geospatial attributes Spatial relation functions Combination algorithms Prepare a set of XACML policies Type-based policies Instance-based policies Spatial policies Run test requests on the set of policies Produce lessons learned Produce guide

23 Conclusion Feature based restrictions give the ability to restrict access/use of a particular content Spatial based restrictions gives the ability to restrict access/use of a particular content for a particular area XACML is a promising specification to be extended This type of restriction can be used for controlling the creation of a feature based content the distribution of decryption keys for DRM

24 The final slide Thank you very much for your attention Any feedback is desirable, please mail to matheus@in.tum.de matheus@in.tum.de Questions, please


Download ppt "Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität."

Similar presentations


Ads by Google