1 / 18

Fine-grained Access Control for Spatial Services ...e nforcing the Need-to-Know Principle

Fine-grained Access Control for Spatial Services ...e nforcing the Need-to-Know Principle. Rüdiger Gartmann con terra GmbH, Münster, Germany. Public Safety Scenario: Planning an Event. Actors:. User Groups. X. Access to All Information. Planning team Event preparation

pingram
Download Presentation

Fine-grained Access Control for Spatial Services ...e nforcing the Need-to-Know Principle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fine-grained Access Control for Spatial Services...enforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

  2. Public Safety Scenario: Planning an Event Actors:

  3. User Groups X

  4. Access to All Information • Planning team • Event preparation • Plan roadblocks, routes, evacuation scenarios, personnel... • Assign areas for police, firefighters, paramedics, ... • Control team • Event monitoring • Measuring of movements, reaction to incidents and emergencies, revision of plans, ... • Management of emergency response teams • Observation of surveillance cameras, location of suspects, ...

  5. Access to Limited Information • Technical preparation • Create roadblocks, trafficcontrolsystems, barriers, ... • Seal gullyholes, check securitymeasures, ... • Emergency responseteams • Situation assessments • Takingorders • Status reports • Findingplacesofaccident • Guidance, evacuation, protection...

  6. Access to Public Information • Tourists • Plan theirtrips • See what‘sgoing on • Find friends • Post information, photos, ... • Geteventnotifications • Threats • Onlyaccesstopublicinformation

  7. Security Levels vs. Need-To-Know • Regardlessofthesecurityclassification, accessisonlypermittedifthereis an actualneed • Planningteamisallowedtoseeevacuationroutes... • Controlteamisallowedtousesurveillancecameras... • Poliecemenareallowedtoreportincidents... • Paramedicsareallowedtorequestambulances... • ...but onlyfortheveryeventtheyareactuallydealingwith!

  8. Authorisation Decision • Information isclassified • Information isassignedtocertaintasks • Users areclassified • Users areassignedtocertainroles (responsibleforcertaintasks) • Access isgranted, onlyif • classificationlevelmatchesand • task/roleassignmentmatches

  9. Access Control to Spatial Content based on security.manager

  10. Creating Policies • Policy structure • System isdeny-biased • Everyonewithout explicit permissionsisdenied

  11. Example: Places to Inspect

  12. Required Authorisation Capabilities

  13. Authorisation of Services Authorize services in securityManager Full set Restricted

  14. Layer Authorisation All layers Define rights Restricted listof layers

  15. Feature Authorization Classification = yellow All features Filtered to features classified as yellow

  16. Authorise Functionalities Assign permissions for operations in securityManager Identify result Identify not authorized

  17. Spatial Restrictions Spatial restrictionsin securityManager Full extent Spatial restriction for Germany

  18. Thank you for your interest......and visit us in the exhibition! Rüdiger Gartmannr.gartmann@conterra.de

More Related