Security and Access Control

A unique and innovative approach to geo-enabled security and access control for Web Services


The problem of enforcing security and access control on  geospatial Web services is a thorny one, and one which has not been traditionally well-addressed by the industry. Spatial data presents unique challenges that are not easily handled by the same methods used to secure other types of Web content. Access may need to be granted or restricted based on geographic regions, imagery resolutions, scale, etc. These types of conditions cannot be easily described by most existing access control technologies. Because a request for spatial data may be framed in a variety of ways, and includes complex geographic components, it is very difficult to understand exactly what is being requested without a thorough comprehension of the geospatial elements of the request. Any software that acts as a gate-keeper needs to be nearly as complex and intelligent as the services it is protecting.

Spatially-aware, intelligent access control

CubeWerx solves these problems by leveraging our powerful geospatial technology to implement a spatially-aware access control mechanism. Completely integrated with our Web services, the software analyzes each request and matches it against a set of pre-determined rules to decide whether or not to allow access. Since it is integrated with the same services that it is protecting, it operates with full knowledge of the nature of each request.

Security at the Web service level

Because security is implemented at the Web service level, it is automatically available to all clients, from desktop to mobile. A simple set of credentials accompanies all requests, and one set of rules applies to all access. There is no way to bypass access control by going directly to the underlying services because it is part of those services. Indeed, many users will not even realize that security is in place. They will simply see a different set of data or geographic regions depending on their identity.

A powerful, flexible rule grammar

Access control rules are of course highly variable. A flexible grammar is required to describe all situations that may be necessary. Our technology allows rules to be applied to individual users, roles, IP addresses, or any combination of the above. Access may be granted based on Web service types, map layers, feature types, map scales, image resolutions, geospatial regions, and more. Rules may be set to expire at a given time.

Single sign-on/distributed Web services

The credentials provided by the authentication service may be set up to provide Single Sign-On (SSO) capability. This allows access control to be enforced on distributed Web services. An organization can share its data with other stakeholders while maintaining complete control over it.

Key Features

  • Create geo-enabled access control rules for protecting any type of spatial data
  • Security is integrated at the Web service level for complete protection
  • Supports communities composed of trusted jurisdictions
  • Supports Single Sign-On (SSO) within a community of trusted jurisdictions
  • Implements fine-grain access control rules for accessing OGC WxS operations, layers, and features, including spatial extents for OGC WxS data services (i.e. WMS, WFS)
  • Fully supports access through standard encrypted protocols (Secure Socket Layer)
  • Simple editing of access control rules through a Web interface

Key Benefits

  • Protect your valuable geospatial resources with rock-solid security
  • Decide exactly who can access your data and how they can use it
  • Share data with other groups or stakeholders, while maintaining full control

More Info

Bookmark and Share