The topics

3D Access Control aerial images Analysis analytics API application schema Are3na Atom authoring Availability Big Data broker cache Cadaster Capacity testing catalog Client cloud services CMS code list code lists coordinate systems coverage crawler Crowdsourcing CSW database DCAT DCAT-AP diagrams Disaster Management Documentation Dublin Core Earth Observation edge-matching ETF ETL Extension gazetteer geocoding geodata management GeoDCAT-AP geometric algorithms Geometry Validation geoparsing geoportal geoprocessing geotagging GeoXACML globe GML GPS GPX harvesting HILUCS hosting INSPIRE INSPIRE central component INSPIRE dataset INSPIRE Discovery Service INSPIRE Download Service INSPIRE Geoportal INSPIRE metadata INSPIRE pre-defined WFS INSPIRE theme INSPIRE View Service INSPIRE WCS Reference Implementation interoperability IP ISA ISO 19115 ISO 19119 ISO 19135 ISO 19139 JSON KML KPI layer LDAP LiDAR Linked Data map MARC 21 mashups MetaCRS metadata metadata quality modelling Monitoring multi-dimensional mygeoss Natura 2000 NetCDF noise OAI-PMH OCL OGC OGC Compliance Program Open data OpenGL OpenSearch ortho-rectification OSGeo PDOK performance photogrammetry PID planar partitions portrayal projections proxy QGIS Quality of Service RASTER RDF Register registry Remote Sensing rendering reporting RESTful API retrieval reverse geocoding RoR routing SaaS Scenario 1 schema.org schema transformation Schematron SDI SDK search engine SEMIC sensor sensor data management SensorML shop simulations SOS SPARQL spatial analysis spatial index spatio-temporal Statistics Survey SVG SWE THREDDS TMS transformation transport UML Usage validation Validator vector VGI Viewer Visualisation Water Framework Directive water management WCS weather forecast WebGL web metrics WFS WMC WMS WMTS WPS XSLT

GeoPDP is an Authorization Component, a Java implementation of the OGC Standard GeoXACML 1.0 with Corrigendum

SDInterceptor is the Enforcement Component, implemented as proposed by the XACML Standard. 

Central Authorisation using GeoXACML does require an access federation based on SAML (Shibboleth)

 

security.manager allows the assignment of individual access permissions to different user groups, thereby ensuring that everyone gets access only to what they are entitled to.

Besides controlling access to services, it provides many integration possibilities for enterprise IT landscapes. It can connect to existing user repositories, provides cross-application and cross-domain single-sign-on based on SAML 2.0, supports multiple authentication methods up to the Windows log-in and can protect different service implementations, including ArcGIS and OGC services, etc.

The Shibboleth software implements widely used federated identity standards, principally the OASIS Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework. A user authenticates with his or her organizational credentials, and the organization (or identity provider) passes the minimal identity information necessary to the service provider to enable an authorization decision.

MapProxy is an open source proxy for geospatial data. It caches, accelerates and transforms data from existing map services and serves any desktop or web GIS client.

MapProxy comes with a flexible security API that allows you to add fine-grained control over services and layers. You can even restrict access of single layers to polygon extents.

Mapbender is the back office software and client framework for spatial data infrastructures. It provides a data model and web based interfaces for displaying, navigating and interacting with OGC compliant map services.

The Mapbender framework furthermore provides authentication and authorization services, OWS Proxy functionality, management interfaces for user, group and service administration.

Web Enforcement Service (WSS) is the gatekeeper of your protected services. The WSS is designed to analyze service requests targeted to the protected service