Pervasive geo-security - a lightweight triple-A approach to securing distributed geo-service infrastructures

B. Resch; B. Schulz; M. Mittlboeck; T. Heistracher

doi:10.1080/17538947.2012.674562

Pervasive geo-security - a lightweight triple-A approach to securing distributed geo-service infrastructures

B. Resch, B. Schulz, M. Mittlboeck, T. Heistracher

Research output: Contribution to journal › Article › peer-review

Abstract

Security has recently become a major concern in distributed geo-infrastructures for spatial data provision. Thus, a lightweight approach for securing distributed low-power environments such as geo-sensor networks is needed. The first part of this article presents a survey of current security mechanisms for authentication and authorisation. Based on this survey, a lightweight and scalable token-based security infrastructure was developed, which is tailored for use in distributed geo-web service infrastructures. The developed security framework comprises dedicated components for authentication, rule-based authorisation and optimised storage and administration of access rules. For validation purposes, a prototypical implementation of the approach has been created. © 2012 © 2012 Taylor & Francis.

Original language	English
Pages (from-to)	373-390
Number of pages	18
Journal	International Journal of Digital Earth
Volume	7
Issue number	5
DOIs	https://doi.org/10.1080/17538947.2012.674562
Publication status	Published - 2014

Keywords

Digital Earth
Digital Earth Architecture
distributed geo-service infrastructures
geo-authorisation
Geographic Information Systems (GIS)
geoinformatics
pervasive security
service protection
spatial data infrastructure
standardised sensor networks
triple-A
Authentication
Digital storage
Geographic information systems
Low power electronics
Sensor networks
Spatial distribution
Surveys
Web services
Geo services
Geo-informatics
Pervasive security
Service protections
Spatial data infrastructure
Network security
GIS
sensor
spatial data
survey
World Wide Web

Access to Document

10.1080/17538947.2012.674562

https://www.scopus.com/inward/record.uri?eid=2-s2.0-84897418642&doi=10.1080%2f17538947.2012.674562&partnerID=40&md5=1fe7e71affc888897651e4f2746ad171

Cite this

@article{945cf59503934266accb4c07746c56ac,

title = "Pervasive geo-security - a lightweight triple-A approach to securing distributed geo-service infrastructures",

abstract = "Security has recently become a major concern in distributed geo-infrastructures for spatial data provision. Thus, a lightweight approach for securing distributed low-power environments such as geo-sensor networks is needed. The first part of this article presents a survey of current security mechanisms for authentication and authorisation. Based on this survey, a lightweight and scalable token-based security infrastructure was developed, which is tailored for use in distributed geo-web service infrastructures. The developed security framework comprises dedicated components for authentication, rule-based authorisation and optimised storage and administration of access rules. For validation purposes, a prototypical implementation of the approach has been created. {\textcopyright} 2012 {\textcopyright} 2012 Taylor \& Francis.",

keywords = "Digital Earth, Digital Earth Architecture, distributed geo-service infrastructures, geo-authorisation, Geographic Information Systems (GIS), geoinformatics, pervasive security, service protection, spatial data infrastructure, standardised sensor networks, triple-A, Authentication, Digital storage, Geographic information systems, Low power electronics, Sensor networks, Spatial distribution, Surveys, Web services, Geo services, Geo-informatics, Pervasive security, Service protections, Spatial data infrastructure, Network security, GIS, sensor, spatial data, survey, World Wide Web",

author = "B. Resch and B. Schulz and M. Mittlboeck and T. Heistracher",

note = "Cited By :3 Export Date: 14 December 2023 Correspondence Address: Resch, B.; Research Studio iSPACE, , Salzburg, Austria; email: [email protected] Funding details: Seventh Framework Programme, FP7, 223996 References: (2011) Security \& geo-rights management community [online], , http://52north.org/communities/security, 52North Initiative, 52°North Initiative, Available from: [Accessed 24 August 2011]; (2010) GeoXACML - access control for geospatial data [online], , http://www.geoxacml.org, AM Consult, AM Consult. Available from: [Accessed 21 November 2011]; Ashley, P., Vandenwauver, M., (1998) Practical intranet security - overview of the state of the art and available technologies, , Boston, MA,: Kluwer Academic Publishers; (2011) Con terra - GIS expert for spatial data infrastructures FME \& ESRI technology [online], , http://www.conterra.de, con terra, Con terra, Available from: [Accessed 21 June 2011]; Craglia, M., Next-generation Digital Earth: a position paper from the vespucci initiative for the advancement of geographic information science (2008) International Journal of Spatial Data Infrastructures Research, 1 (3), pp. 146-167; Craglia, M., Digital Earth 2020: towards the vision for the next decade (2012) International Journal of Digital Earth, 5 (1), pp. 4-21; COMMISSION REGULATION (EU) No 268/2010 of 29 March 2010 Implementing Directive 2007/2/EC of the European Parliament and of the Council as Regards the Access to Spatial Data Sets and Services of the Member States by Community Institutions and Bodies Under Harmonised Conditions [online] (2010), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:083:0008:0009:EN:PDF, European Commission, Brussels, Belgium,: European Commission, Available from: [Accessed 3 June 2011]; (2011) GENESIS FP7 [online], , http://www.genesis-fp7.eu, GENESIS Consortium, Cannes, France,: GENESIS Consortium, Available from: [Accessed 19 June 2011]; Hermann, J., Matheus, A., (2009) OGC OWS-6 GeoXACML engineering report [online], , http://www.opengeospatial.org, Open Geospatial Consortium. Document Version 0.3.0, Available from: [Accessed 6 June 2011]; Institute of Earth Science, Scuola Universitaria Professionale della Svizzera Italiana (SUPSI) (2011) GeoShield - division of geomatics [online], , http://istgeo.ist.supsi.ch/site/projects/geoshield, Institute of Earth Science, Available from: [Accessed 17 August 2011]; (2011) Shibboleth [online], , http://shibboleth.internet2.edu, Internet2 Middleware Initiative, Ann Arbor, MI, Internet2 Middleware Initiative, Available from: [Accessed 28 May 2011]; Matheus, A., Herrmann, J., (2011) Geospatial eXtensible Access Control Markup Language (GeoXACML) Version 1 Corrigendum [online], , http://www.opengeospatial.org, Wayland, MA,: Open Geospatial Consortium, Document Version 1.0.1. Available from: [Accessed 28 June 2011]; (2011) Standards OASIS - Web Services Security SAML Token Profile 1.1 [online], , http://www.oasis-open.org, OASIS, Burlington, MA,: OASIS Consortium, Available from: [Accessed 18 June 2011]; (2011) Standards OASIS - Web Services Security 1.1 [online], , http://www.oasis-open.org, OASIS, Burlington, MA,: OASIS Consortium, Available from: [Accessed 18 June 2011]; (2011) Standards OASIS - eXtensible Access Control Markup Language (XACML) v2.0 [online], , http://www.oasis-open.org, OASIS, Burlington, MA,: OASIS Consortium, Available from: [Accessed 18 June 2011]; (2011) OAuth community site [online], , http://oauth.net, OAuth Community, South Orange NJ,: OAuth Community, Available from: [Accessed 10 September 2011]; (2011) Welcome - GeoServer [online], , http://www.geoserver.org, OpenGeo, Available from: [Accessed 24 June 2011]; (2011) OGC geospatial digital rights management reference model [online], , http://www.opengeospatial.org, Open Geospatial Consortium, Wayland, MA,: Open Geospatial Consortium, Document Version 06-004r3. Available from: [Accessed 21 June 2011]; (2011) OpenID foundation website [online], , http://openid.net, OpenID Foundation, OpenID Foundation, Available from: [Accessed 21 June 2011]; ORCHESTRA Consortium (2009) Orchestra overview [online], , http://www.eu-orchestra.org, ORCHESTRA Consortium, Available from: [Accessed 15 June 2011]; Rivest, R.L., Lampson, B., (2001) CIS: SDSI (A Simple Distributed Security Infrastructure) [online], , http://groups.csail.mit.edu/cis/sdsi.html, MIT CSAIL, Available from: [Accessed 27 December 2011]; Scherpenisse, A., (2011) MiracleThings [online], , http://miraclethings.nl, Available from: [Accessed 19 August 2011]; (2008) CQL: Contextual Query Language (SRU Version 1.2 Specifications) [online], , http://www.loc.gov, The Library of Congress, The Library of Congress, Available from: [Accessed 3 September 2011]; Vretanos, P.A., (2005) OpenGIS filter encoding implementation specification [online], , http://www.opengeospatial.org/standards/filter, Wayland, MA,: Open Geospatial Consortium, Document Version 1.0.0. Available from: http://www.opengeospatial.org/standards/filter [Accessed 14 June 2011]; (1999) HTTP authentication: Basic and digest access authentication [online], , http://www.ietf.org/rfc/rfc2617.txt, W3C Networking Group, W3C Networking Group, Available from: [Accessed 4 September 2011]; (2011) PHP web application server - PHP development tools - PHP Training - Zend.com [online], , http://www.zend.com, Zend Technologies Ltd, Munich, Germany,: Zend Technologies GmbH, Available from:, 2011 [Accessed 18 August 2011]",

year = "2014",

doi = "10.1080/17538947.2012.674562",

language = "English",

volume = "7",

pages = "373--390",

journal = "International Journal of Digital Earth",

issn = "1753-8947",

publisher = "Taylor and Francis Ltd.",

number = "5",

}

TY - JOUR

T1 - Pervasive geo-security - a lightweight triple-A approach to securing distributed geo-service infrastructures

AU - Resch, B.

AU - Schulz, B.

AU - Mittlboeck, M.

AU - Heistracher, T.

N1 - Cited By :3 Export Date: 14 December 2023 Correspondence Address: Resch, B.; Research Studio iSPACE, , Salzburg, Austria; email: [email protected] Funding details: Seventh Framework Programme, FP7, 223996 References: (2011) Security & geo-rights management community [online], , http://52north.org/communities/security, 52North Initiative, 52°North Initiative, Available from: [Accessed 24 August 2011]; (2010) GeoXACML - access control for geospatial data [online], , http://www.geoxacml.org, AM Consult, AM Consult. Available from: [Accessed 21 November 2011]; Ashley, P., Vandenwauver, M., (1998) Practical intranet security - overview of the state of the art and available technologies, , Boston, MA,: Kluwer Academic Publishers; (2011) Con terra - GIS expert for spatial data infrastructures FME & ESRI technology [online], , http://www.conterra.de, con terra, Con terra, Available from: [Accessed 21 June 2011]; Craglia, M., Next-generation Digital Earth: a position paper from the vespucci initiative for the advancement of geographic information science (2008) International Journal of Spatial Data Infrastructures Research, 1 (3), pp. 146-167; Craglia, M., Digital Earth 2020: towards the vision for the next decade (2012) International Journal of Digital Earth, 5 (1), pp. 4-21; COMMISSION REGULATION (EU) No 268/2010 of 29 March 2010 Implementing Directive 2007/2/EC of the European Parliament and of the Council as Regards the Access to Spatial Data Sets and Services of the Member States by Community Institutions and Bodies Under Harmonised Conditions [online] (2010), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:083:0008:0009:EN:PDF, European Commission, Brussels, Belgium,: European Commission, Available from: [Accessed 3 June 2011]; (2011) GENESIS FP7 [online], , http://www.genesis-fp7.eu, GENESIS Consortium, Cannes, France,: GENESIS Consortium, Available from: [Accessed 19 June 2011]; Hermann, J., Matheus, A., (2009) OGC OWS-6 GeoXACML engineering report [online], , http://www.opengeospatial.org, Open Geospatial Consortium. Document Version 0.3.0, Available from: [Accessed 6 June 2011]; Institute of Earth Science, Scuola Universitaria Professionale della Svizzera Italiana (SUPSI) (2011) GeoShield - division of geomatics [online], , http://istgeo.ist.supsi.ch/site/projects/geoshield, Institute of Earth Science, Available from: [Accessed 17 August 2011]; (2011) Shibboleth [online], , http://shibboleth.internet2.edu, Internet2 Middleware Initiative, Ann Arbor, MI, Internet2 Middleware Initiative, Available from: [Accessed 28 May 2011]; Matheus, A., Herrmann, J., (2011) Geospatial eXtensible Access Control Markup Language (GeoXACML) Version 1 Corrigendum [online], , http://www.opengeospatial.org, Wayland, MA,: Open Geospatial Consortium, Document Version 1.0.1. Available from: [Accessed 28 June 2011]; (2011) Standards OASIS - Web Services Security SAML Token Profile 1.1 [online], , http://www.oasis-open.org, OASIS, Burlington, MA,: OASIS Consortium, Available from: [Accessed 18 June 2011]; (2011) Standards OASIS - Web Services Security 1.1 [online], , http://www.oasis-open.org, OASIS, Burlington, MA,: OASIS Consortium, Available from: [Accessed 18 June 2011]; (2011) Standards OASIS - eXtensible Access Control Markup Language (XACML) v2.0 [online], , http://www.oasis-open.org, OASIS, Burlington, MA,: OASIS Consortium, Available from: [Accessed 18 June 2011]; (2011) OAuth community site [online], , http://oauth.net, OAuth Community, South Orange NJ,: OAuth Community, Available from: [Accessed 10 September 2011]; (2011) Welcome - GeoServer [online], , http://www.geoserver.org, OpenGeo, Available from: [Accessed 24 June 2011]; (2011) OGC geospatial digital rights management reference model [online], , http://www.opengeospatial.org, Open Geospatial Consortium, Wayland, MA,: Open Geospatial Consortium, Document Version 06-004r3. Available from: [Accessed 21 June 2011]; (2011) OpenID foundation website [online], , http://openid.net, OpenID Foundation, OpenID Foundation, Available from: [Accessed 21 June 2011]; ORCHESTRA Consortium (2009) Orchestra overview [online], , http://www.eu-orchestra.org, ORCHESTRA Consortium, Available from: [Accessed 15 June 2011]; Rivest, R.L., Lampson, B., (2001) CIS: SDSI (A Simple Distributed Security Infrastructure) [online], , http://groups.csail.mit.edu/cis/sdsi.html, MIT CSAIL, Available from: [Accessed 27 December 2011]; Scherpenisse, A., (2011) MiracleThings [online], , http://miraclethings.nl, Available from: [Accessed 19 August 2011]; (2008) CQL: Contextual Query Language (SRU Version 1.2 Specifications) [online], , http://www.loc.gov, The Library of Congress, The Library of Congress, Available from: [Accessed 3 September 2011]; Vretanos, P.A., (2005) OpenGIS filter encoding implementation specification [online], , http://www.opengeospatial.org/standards/filter, Wayland, MA,: Open Geospatial Consortium, Document Version 1.0.0. Available from: http://www.opengeospatial.org/standards/filter [Accessed 14 June 2011]; (1999) HTTP authentication: Basic and digest access authentication [online], , http://www.ietf.org/rfc/rfc2617.txt, W3C Networking Group, W3C Networking Group, Available from: [Accessed 4 September 2011]; (2011) PHP web application server - PHP development tools - PHP Training - Zend.com [online], , http://www.zend.com, Zend Technologies Ltd, Munich, Germany,: Zend Technologies GmbH, Available from:, 2011 [Accessed 18 August 2011]

PY - 2014

Y1 - 2014

N2 - Security has recently become a major concern in distributed geo-infrastructures for spatial data provision. Thus, a lightweight approach for securing distributed low-power environments such as geo-sensor networks is needed. The first part of this article presents a survey of current security mechanisms for authentication and authorisation. Based on this survey, a lightweight and scalable token-based security infrastructure was developed, which is tailored for use in distributed geo-web service infrastructures. The developed security framework comprises dedicated components for authentication, rule-based authorisation and optimised storage and administration of access rules. For validation purposes, a prototypical implementation of the approach has been created. © 2012 © 2012 Taylor & Francis.

AB - Security has recently become a major concern in distributed geo-infrastructures for spatial data provision. Thus, a lightweight approach for securing distributed low-power environments such as geo-sensor networks is needed. The first part of this article presents a survey of current security mechanisms for authentication and authorisation. Based on this survey, a lightweight and scalable token-based security infrastructure was developed, which is tailored for use in distributed geo-web service infrastructures. The developed security framework comprises dedicated components for authentication, rule-based authorisation and optimised storage and administration of access rules. For validation purposes, a prototypical implementation of the approach has been created. © 2012 © 2012 Taylor & Francis.

KW - Digital Earth

KW - Digital Earth Architecture

KW - distributed geo-service infrastructures

KW - geo-authorisation

KW - Geographic Information Systems (GIS)

KW - geoinformatics

KW - pervasive security

KW - service protection

KW - spatial data infrastructure

KW - standardised sensor networks

KW - triple-A

KW - Authentication

KW - Digital storage

KW - Geographic information systems

KW - Low power electronics

KW - Sensor networks

KW - Spatial distribution

KW - Surveys

KW - Web services

KW - Geo services

KW - Geo-informatics

KW - Pervasive security

KW - Service protections

KW - Spatial data infrastructure

KW - Network security

KW - GIS

KW - sensor

KW - spatial data

KW - survey

KW - World Wide Web

U2 - 10.1080/17538947.2012.674562

DO - 10.1080/17538947.2012.674562

M3 - Article

SN - 1753-8947

VL - 7

SP - 373

EP - 390

JO - International Journal of Digital Earth

JF - International Journal of Digital Earth

IS - 5

ER -

Pervasive geo-security - a lightweight triple-A approach to securing distributed geo-service infrastructures

Abstract

Keywords

Access to Document

Fingerprint

Cite this