Seguridad en servicios web: como garantía de control en la interoperabilidad de la información geográfica
DOI:
https://doi.org/10.65966/ag.n48.96Keywords:
Standard, geographic, information, interoperability, politics, service, techno logies, webAbstract
The “Instituto Geográfico Agustín Codazzi – IGAC” is the entity responsible for producing the official maps of the Republic of Colombia. In the same way, the “Centro de Investigación y Desarrollo en Información Geográfica – CIAF” is responsible for detecting, appropriate and transfer technologies for the management of geographic information and spatial data infrastructures through the use of Remote Sensing, Information Systems Geographic and related tools, to support institutional strengthening and sustainable development of the country and the region.
This office has over 40 years of experience with the transfer of knowledge, to train professionals of diverse nationalities through mechanisms and strategies taught in a classroom teaching with highly qualified teaching staff, and for the purpose of transferring knowledge and education high quality.
So, since 2008 the Geoservices Group is putting in operation a variety of web tools under open source software philosophy that promote a new way to work in the research, education and diffusion around geographic information, and that are based on an open and participative spirit. These tools are implemented through web services and applications (in case of the geographic component), that on earlier years had been developed with success, especially in order to make this information interoperable with other institutions that form the Colombian Spatial Data Infrastructure.
The different technologies and tools used by the group arises in an oriented services philosophy. While promoting the use of these open source tools for the geographic information management, the group also has knowledge in GIS proprietary tools, like all the ArcGIS technology package.
However, and because of the growing interest of many institutions in protect the information given to the citizens through web services, we have to think in strategies that assure this information gets where it belongs, especially when dealing with sensitive information such as the geographical.
The previous is the main motivator of this article, because it is currently in the process the study on implementation of security for web services of the IGAC node of ICDE, together with all licenses generated in the policies and standards component of the Spatial Data Infrastructure Group of CIAF, and is interesting from a technological view to show how software components are currently in the world market for this purpose.
Downloads
References
52º NORTH. Security & Geo-Rights Management Community. [artículo de Internet] <http://52north.org/maven/project-sites/security [Consulta: Junio de 2011].
CAMPTOCAMP S.A. CartoWeb, Security Configuration. [artículo de Internet] <http://www.cartoweb.org/doc/cw3.4/xhtml/user.security.html> [Consulta: Junio de 2011].
CAMPTOCAMP S.A. MapFish, Secure TileCache Tutorial. [artículo de Internet] <http://www.mapfish.org/doc/tutorials/secure_tilecache.html> [Consulta: Junio de 2011].
CHRISTL, Arnulf. Introduction to Geoportal Management using Mapbender. FOSS4G 2008. South Africa, 2008. [artículo de Internet] <http://www.foss4g.org/index.php/foss4g/2008/paper/view/82> [Consulta: Junio de 2011].
FRANKS, J. MICROSOFT CORPORATION; NETSCAPE COMMUNICATIONS CORPORATION; entre otros. HTTP Authentication: Basic and Digest Access Authentication. 1999. [artículo de Internet] <http://www.ietf.org/rfc/rfc2617.txt> [Consulta: Junio de 2011].
GEOSERVER. GeoServer Security. [artículo de Internet] <http://docs.geoserver.org/latest/en/user/security/index.html> [Consulta: Junio de 2011].
LAT/LON. Deegree iGeoSecurity. [artículo de Internet] <http://www.lat-lon.de/latlon/portal/media-type/html/user/anon/page/default.psml/js_pane/produkte%2Csub_produkte_deegree-igeosec> [Consulta: Junio de 2011].
LOCKHART, Hal. Web Services Security Challenges. < http://www.omg.org/news/meetings/workshops/MDA-SOA-WS_Manual/06-1_Lockhart.pdf> [Consulta: Junio de 2011].
MATHEUS, Andreas. Geospatial eXtensible Access Control Markup Language (GeoXACML <http://www.w3.org/Policy/pling/wiki/images/5/59/GeoXACML.pdf> [Consulta: Junio de 2011].
MATHEUS, Andreas. Security and the Open Geospatial Consortium (OGC). CEOS/WGISS-27 Workshop. Toulouse, 2009. [artículo de Internet] <http://wgiss.ceos.org/meetings/wgiss27/WGISS_27_Toulouse/05.11.2009/05.11_16.45_Security_and_the_Open_Geospatial_Consortium.ppt> [Consulta: Junio de 2011].
MATHEUS, Andreas. Geospatial eXtensible Access Control Markup Language (GeoXACML). University of the Bundeswehr. 2008. [artículo de Internet] <http://www.w3.org/Policy/pling/wiki/images/5/59/GeoXACML.pdf> [Consulta: Junio de 2011].
MATHEUS, Andreas. Access Control for Geo Web Services using GeoXACML. University of the Bundeswehr. 2005. [artículo de Internet] <http://www.unibw.de/inf3/forschung/projects/opengissec/flyergeoxacml/at_download/down2> [Consulta: Junio de 2011].
OASIS. Web Services Security (WSS) TC. [artículo de Internet] <http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss> [Consulta: Junio de 2011].
OASIS. Web Services Security: SOAP Message Security 1.1. 2006. [artículo de Internet <http://www.oasisopen.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf> [Consulta: Junio de 2011].
OPEN GEOSPATIAL CONSORTIUM. GeoXACML Implementation Specification. [artículo de Internet] <http://www.opengeospatial.org/standards/geoxacml> [Consulta: Junio de 2011].
OPEN GEOSPATIAL CONSORTIUM. OGC Web Services Initiative - Phase 6 (OWS-6). 2008. p. 70-74. [artículo de Internet] <https://portal.opengeospatial.org/files/?artifact_id=29191&format=pdf> [Consulta: Junio de 2011].
OPEN GEOSPATIAL CONSORTIUM. OGC OWS-6 Security Engineering Report. 2009. [artículo de Internet] <http://portal.opengeospatial.org/files/index.php?artifact_id=35461> [Consulta: Junio de 2011].
OPEN GEOSPATIAL CONSORTIUM. Página oficial Security WG. [artículo de Internet <http://www.opengeospatial.org/projects/groups/securitywg> [Consulta: Junio de 2011].
OPINCARU, Cristian Aurel. Service Oriented Architecture applied to Spatial Data Infraestructures. Munich, Alemania. 2008. Pág. 36.
OPEN GEOSPATIAL CONSORTIUM. Secure Dimensions. <http://www.secure-dimensions.de/standards_en.html> [Consulta: Junio de 2011].
PARIKH, Ash; GURAJADA, Murty; SANGHA, Anthony. JavaWorld. Secure your SOA. 2006. [artículo de Internet <http://www.javaworld.com/javaworld/jw-04-2006/jw-0410webservices.html> [Consulta: Junio de 2011].
SPRINGSOURCE. Spring Security. [artículo de Internet] <http://static.springsource.org/springsecurity/site/index.html> [Consulta: Junio de 2011].
VAN DER AUWERA, Joachim. Plugin Static Security, Geomajas. [artículo de Internet] <http://geomajas.org/plugin/static-security> [Consulta: Junio de 2011].
WHEREGROUP. Mapbender, OWS Security Proxy. [artículo de Internet] <http://www.mapbender.org/OWS_Security_Proxy> [Consulta: Junio de 2011].
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Autor - Revista
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
