GeoBliki's Blog

Securing transactional RESTFul OGC Web Services is a challenge but can be done using a hybrid OpenID/OAuth protocol (see OGC OWS-6 interoperability demonstration).

To increase the security assurance level beyond level-1, you need to use more than one authentication factor such as: something you know (password) and something you have (keyfob).  Our openid server is currently being upgraded to support Verisign Identity Protection (VIP) and VIP Access using Mobile Credentials (free for end-users).

If you register a credential in your profile, a security code can now be used in addition to a password to gain access to the SensorWeb services.  A security code can also be used to delegate user authority to consumer applications such as workflows to access services on your behalf.  Credentials will become mandatory to gain access to satellites and UAV tasking request over the web.  There will still be an air gap between users and assets but, at least, user identity will be known with very high confidence.

Our goal is to demonstrate that it can be done simply, cheaply and RESTfully.

A RESTful web service approach is great but it needs to be somewhat secure to survive in the wild Internet.

Here are some of our requirements that we tried to address with our OGC OWS-6 demonstration.  I will try to upload the videos to YouTube next week.

Here is another presentation given at the 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009) in Baltimore this week.  More later…

For SensorWeb to be relevant, we believe that any of its data and assets can be no further away than two degress of separation from anyone in the world. This does assume that those users would be from trusted domains and would have been granted the proper permissions from their organizations.  We are coining this our SWE "Bacon" number or Two.  So, you are doing SWE?  What is your Bacon number?

Warning! Your web access to http://eo1.geobliki.com might be declined.

Security has been tightened up for the RESTful OGC Services.

Done as part of OWS-5 interoperability experiment for RESTful services, OAuth 1.0 has been implemented as our security protocol between consumer applications and our web services (sps, wfs, sos). We have made an additional assumption that users could pre-grant access to consumers such as workflows to allow for unattended operations to simplify the protocol one step further. For more information, go to: http://eo1.geobliki.com/pages/oauth

Workflow interoperability is a major concern for the OGC and the WfMC. A simple and RESTful API is critical for early adoption. With the help of John Mettraux of OpenWFE fame, Matt Zukovsky, Keith Swenson and many others, we are documenting this effort dubbed WfXML-R leveraging many years of work done by Keith and the WfMC group.

We need some help and early adopters. Continuous feedback to the nascent specification would be appreciated.

Subscribe to WfXML

Email:

Visit this group