Databases Reference
In-Depth Information
Geo-XACML: Geospatial Extensible Access Control Markup
Language
One aspect of the security concern with the digital geographic content (geo-
data) and services that are easily available over the networks is to manage
their Intellectual Property, i.e. managing the rights of data producers and
users who are licensed to use, distribute, copy and alter, etc. The Geospa-
tial Digital Rights Management Reference Model (GeoDRM RM) defines the
framework for web service mechanisms and rights languages to articulate,
manage and protect the rights of all participants in the geographic infor-
mation marketplace, including the owners of intellectual property and the
users who wish to use it [27]. It specifies GeoLicense that contains grant-
related information
(Principal, Right, Resource, Condition)
as well as license
issuer information
langledigital-signature, other-info
. Thus, a GeoLicense is
the container expressing the rights to use a specified geospatial resource, for a
given geographical space, over a specific period of time, subject to other con-
ditions. For example, a GeoLicense may express the rights to view, print, copy
and update all road maps of Chicago area for 2006. The identity for users,
resources, licenses, rights and processes is often associated with elements in
URL, URI, URN, WSDL, and digital signatures.
For Web services access control management in Service Oriented Archi-
tectures, the OASIS defined standard, the eXtensible Access Control Markup
Language (XACML) [19], defines a core schema and corresponding namespace
for expressing authorization policies in XML for objects that are themselves
identified in XML. However, XACML does not have the capabilities to ex-
press geo-specific constraints on access rights, relevant for access control for
geographic data.
The GeoXACML [17, 16], geospatial extension to the XACML Policy Lan-
guage, has been proposed to allow specifications of geometry attribute val-
ues, condition functions to test topological relationships between geometries,
and OpenGIS Web Service and Coordinate Reference System (CRS) specific
resource attribute designators. The geometry attribute values supported by
geoXACML include
{
Point, LineString, LinearRing, Polygon, Multipoint
}
.
The functions for testing topological relations include
{
disjoint, touches,
crosses, within, contains, overlaps, intersects, equals
.
Since GeoXACML uses the same policy language as XACML with addi-
tional support for geospatial features and and geospatial condition functions,
a policy decision node, supporting GeoXACML policies, is capable of per-
forming authorization decisions on XACML policies as well.
The GeoXACML policy is expressed as a set of rules each of which is ex-
pressed in a tuple
(Grant-type, (Subjects, Resources, Actions), Condition)
.It
specifies that if conditions are satisfied, then a grant type such as ”permit” or
”deny” is given to
(Subjects, Resources, Actions)
, denoting
Subjects
can per-
form
Actions
on geospatial
Resources
. The following GeoXACML illustrates
an example of a geospatial policy statement that grants a field engineer to ac-
}
