Gerry Creager wrote:
Gregor Mosheh wrote:
Sean Gillies wrote:
Gerry Creager wrote:
Rights management is now well into the investigatory and
specification stages in OGC.
He, that's excellent to hear. Thanks for the tip.
No, it's not excellent. DRM is defective by design.
Hrm, perhaps I misunderstood. I read "access control" as in password
protection to get into my WMS/WFS server.
Gerry, did you mean access control at the application layer, so I can
have Mapserver manage user accounts and access to my WMS layers, or
something deeper such as DRM on the imagery, copy-protection on
GeoTIFFs, and the like?
(yeah, it's off the topic of Mapserver; so's a lot of educational and
interesting stuff we talk about :)
The working group title is GeoDRM. I am not real happy with that but
the bigger organizations are thinking of the resources they've put into
their datasets and/or products. Some governments fail to see the
benefits to their citizens of making geospatial data widely available,
and thus are supporting this sort of thing. It's gonna be an
interesting period, but I'm trying to get them to see the benefits of
authentication/authorization/capabilities control. They keep thinking
the RIAA/MPAA model is good and working. We have interesting debates.
I can't tell if I'm making headway or not.
The National Middelware Initiative (NSF funded, Internet2/SURA
implemented) covers a lot of this via federation and credential exchange
in their Shibboleth software initiative.
gerry
Gerry, I'm all for security too, but I think it's already addressed for
web services by HTTP Basic + SSL/TLS. In my opinion, adding a spatial
and time dimensions to auth (user 'joe' can only use a service between
9am-5pm originating from Larimer County, Colorado) is pure geo-wankery.
The "GeoDRM" name -- it's clearly pandering to the non-technical guys in
suits who (like you say) still think the RIAA is the good guy.
Cheers,
Sean
