When data can't be open - securing sensitive spatial data with open source software

The open source geospatial software ecosystem provides reliable, performant and advanced web mapping tools, with increasing ease of use and a polished feature set for publishing spatial data in a wide range of use cases. However, we often find a need to publish data which might have some constraints with regard to public release, such as privacy concerns and commercial or environmental sensitivity. Therefore, we need the ability to share some data-sets publicly but have other data restricted to authorised users only; and we need a system in which data owners and administrators can assign data to authorised user groups. 

Open source tools for web mapping have, to date, not had a simple and straight forward 'out of the box' path to a robust authentication and authorisation feature set, as for simple public data publishing. Instead, developers have had to create semi custom solutions and/or delve deep into the configuration of plugins.

We will show that this set of security problems can be solved whilst providing a seamless end user experience.  This can be achieved with a mixture of 'off the shelf' Open Source Geospatial software (Geonode,Geoserver,Postgis,Leaflet) integrated with a web application. By using Geonode, we are able to enhance Geoserver's web service capability by providing access to only authorised users. Further, we will explore the developer experience for secure geospatial services, how to access secured data from within a web mapping client (Leaflet), and show that, by combining with containerised cloud deployment (Docker, Docker Compose) the path to production deployment of secure data and services is becoming clearer and that the 'out of the box' experience for secure geospatial web mapping may be closer than we think. We will also discuss current limitations and challenges, and share some of the 'gotchas' with getting the described system production ready. Finally we will make some recommendations for software developers working in this space and some possible improvements which could be made within the FOSS4G ecosystem.

Presentation type: Full length
Session: Data Publishing and Portals


Angus MacAulay