Article

Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure

Author:

Andreas MatheusAuthors Info & Claims

SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies

Pages 21 - 28

https://doi.org/10.1145/1063979.1063983

Published: 01 June 2005 Publication History

Abstract

This work describes the declaration and enforcement of geospatial access restrictions for the infrastructure of heterogenous and distributed geospatial information objects, as they are accessible via the service-oriented geospatial data infrastructure (GDI). Assuming a valid XML markup of the objects and their geometry using the Geographic Markup Language (GML), which is an international standard of the Open GIS Consortium, Inc. (OGC), a solution is introduced that allows the declaration and enforcement of access restrictions, encoded in GeoXACML. GeoXACML is a geospatial extension to the OASIS standard eXtensible Access Control Markup Language (XACML). Due to the nature of the introduced restrictions, the declaration of access restrictions can result in different kinds of inconsistencies. This work describes a mechanism for the detection and classification of contrary permissions. This work also describes a prototype implementation and an illustrating demonstration.

References

[1]

The opengis abstract specification topic 0: Abstract specification overview, version 4. Open Geospatial Consortium Inc. (OGC), June 1999.

[2]

Opengis geography markup language (gml) implementation specification, version 2.1.2. Open Geospatial Consortium Inc. (OGC), September 2002.

[3]

Web feature service implementation specification, version: 1.0.0. Open Geospatial Consortium Inc. (OGC), September 2002.

[4]

Web map service implementation specification, version: 1.1.1. Open Geospatial Consortium Inc. (OGC), January 2002.

[5]

Xml access control language (xacl). IBM et. al., October 2002.

[6]

extensible access control markup language (xacml), version 1.1. Organization for the Advancement of Structured Information Standards (OASIS), July 2003.

[7]

Java topology suite implementation version 1.4. VIVID Solutions, November 2003.

[8]

Xacml implementation version 1.1. SUN microsystems, November 2003.

[9]

extensible rights markup language (xrml). Content Guard Holdings Inc., November 2004.

[10]

A. Baraani-Dastjerdi, R. Safavi-Naini, J. Perprzyk, and J. R. Getta. A model of content-based authorization in object-oriented databaseds based on object views. 1995.

[11]

E. Bertino, S. Castano, E. Ferrari, and M. Mesiti. Controlled access and dissemination of xml documents. Proceedings of the 2nd international workshop on Web information and data management, 1999.

Digital Library

[12]

R. Bhatti, J. B. Joshi, E. Bertino, and A. Ghafoo. Access control in dynamic xml-based web-services with x-rbac. The First International Conference on Web Services, June 2003.

[13]

J. Clark and W. Steve DeRose. Xml path language (xpath), version 1.0. November 1999.

[14]

E. Damiani, S. de Capitani Di Vimercati, S. Paraboschi, and P. Samarati. Fine grained access control for soap e-services. WWW10, May 2001.

Digital Library

[15]

E. Damiani, S. de Capitani Di Vimercati, S. Paraboschi, and P. Samarati. A fine-grained access control system for xml documents. ACM Transactions on Information and System Security (TISSEC), 5(2):169 -- 202, 2002.

Digital Library

[16]

M. J. Egenhofer and R. G. Golledge. Spatial And Temporal Reasoning In Geographic Information Systems. Oxford University Press, 1998.

[17]

S. Hada and M. Kudo. Xml access control language: Provisional authorization for xml documents. 2000.

[18]

R. Kraft. Designing a distributed access control processor for network services on the web. Proceedings of the 2002 ACM workshop on XML security, pages 36- 52, 2002.

Digital Library

[19]

M. Lorch, S. Proctor, R. Lepro, D. Kafura, and S. Shah. First experiences using xacml for access control in distributed systems. Proceedings of the 2003 ACM workshop on XML security, pages 25 -- 37, 2003.

Digital Library

Cited By

Campi A(2025)Roles in SQLEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_685(2127-2130)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_685
Campi A(2024)Roles in SQLEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_685-2(1-4)Online publication date: 1-Sep-2024
https://doi.org/10.1007/978-3-642-27739-9_685-2
Jensen TSalles MBang MSacharidis DGamper JBöhlen M(2018)Declarative cartography under fine-grained access controlProceedings of the 30th International Conference on Scientific and Statistical Database Management10.1145/3221269.3232012(1-12)Online publication date: 9-Jul-2018
https://dl.acm.org/doi/10.1145/3221269.3232012
Show More Cited By

Index Terms

Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure
1. Information systems
  1. Information systems applications
    1. Process control systems
2. Mathematics of computing
  1. Information theory

Recommendations

Administration of (Geo)XACML policies for spatial data infrastructures
SPRINGL '11: Proceedings of the 4th ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS

Thanks to specifications like XACML v3.0, GeoXACML v3.0 and the XACML v3.0 OGC Web Service profile, it is fairly straight forward to implement powerful access control systems that protect Geo Web Services and spatial data in spatial data infrastructures ...
Access control in OGC web service based architectures
SPRINGL '11: Proceedings of the 4th ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS

This paper describes how to provide access control in OGC Web Service (OWS) based spatial data infrastructures (SDI). We start by introducing popular conceptual rights models and than present prominent rights specific requirements in OWS based SDIs. ...
Access control systems for spatial data infrastructures and their administration
COM.Geo '10: Proceedings of the 1st International Conference and Exhibition on Computing for Geospatial Research & Application

Today sophisticated concepts, languages and frameworks exist, that allow implementing powerful fine grained access control systems for protecting Geo Web Services and spatial data in Spatial Data Infrastructures (SDIs). Especially rule based access ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies

June 2005

186 pages

ISBN:1595930450

DOI:10.1145/1063979

General Chair:
Elena Ferrari
University of Insubria at Como, Italy
,
Program Chair:
Gail-Joon Ahn
University of North Carolina at Charlotte

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 June 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT05

Sponsor:

SACMAT05: 10th ACM Symposium on Access Control Models and Technologies 2005

June 1 - 3, 2005

Stockholm, Sweden

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
612
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Campi A(2025)Roles in SQLEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_685(2127-2130)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_685
Campi A(2024)Roles in SQLEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_685-2(1-4)Online publication date: 1-Sep-2024
https://doi.org/10.1007/978-3-642-27739-9_685-2
Jensen TSalles MBang MSacharidis DGamper JBöhlen M(2018)Declarative cartography under fine-grained access controlProceedings of the 30th International Conference on Scientific and Statistical Database Management10.1145/3221269.3232012(1-12)Online publication date: 9-Jul-2018
https://dl.acm.org/doi/10.1145/3221269.3232012
Tran Thi QDang T(2012)X-STROWL: A generalized extension of XACML for context-aware spatio-temporal RBAC model with OWLSeventh International Conference on Digital Information Management (ICDIM 2012)10.1109/ICDIM.2012.6360113(253-258)Online publication date: Aug-2012
https://doi.org/10.1109/ICDIM.2012.6360113
Thi KDang TKuonen PDrissi H(2012)STRoBACProceedings of the 4th international conference on Computational Collective Intelligence: technologies and applications - Volume Part II10.1007/978-3-642-34707-8_21(201-211)Online publication date: 28-Nov-2012
https://dl.acm.org/doi/10.1007/978-3-642-34707-8_21
Gabillon ACapolsini P(2012)Enforcing protection mechanisms for geographic dataProceedings of the 11th international conference on Web and Wireless Geographical Information Systems10.1007/978-3-642-29247-7_14(185-202)Online publication date: 12-Apr-2012
https://dl.acm.org/doi/10.1007/978-3-642-29247-7_14
Lo CHuang CChang C(2011)A flexible access control mechanism for mobile commerce2011 IEEE International Conference on Consumer Electronics (ICCE)10.1109/ICCE.2011.5722508(145-146)Online publication date: Jan-2011
https://doi.org/10.1109/ICCE.2011.5722508
Zhang YZhang YChen K(2011)A map-layer-based access control modelProceedings of the 12th international conference on Information Security Applications10.1007/978-3-642-27890-7_14(157-170)Online publication date: 22-Aug-2011
https://dl.acm.org/doi/10.1007/978-3-642-27890-7_14
Campi A(2011)Roles in SQLEncyclopedia of Cryptography and Security10.1007/978-1-4419-5906-5_685(1055-1057)Online publication date: 2011
https://doi.org/10.1007/978-1-4419-5906-5_685
Gabillon ACapolsini PChbeir R(2010)Security mechanisms for geographic dataProceedings of the International Conference on Management of Emergent Digital EcoSystems10.1145/1936254.1936312(297-302)Online publication date: 26-Oct-2010
https://dl.acm.org/doi/10.1145/1936254.1936312
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten