deegree3 Securtiy Requirements
The following table shows the current collection of requirements for the deegree3 security system. ID scheme is "sec-[auth|g|ows|u3r|ui]-##" where "auth" is for authentication requirements, "g" is for general requirements, "ows" is for open web services-related requirements, "u3r" is requirements regarding the users, roles and resources and "ui" is for user interface-related requirements.
The table is a snapshot of work in progress and open for additional requirements and discussion.
ID |
Feature |
Minispec |
Status |
Priority (M-S-C-W)(*) |
Discussion |
sec-auth1 |
support cascadable, configurable authentication mechanisms |
supported authentication mechanisms are tested one after another. If none is successful, request can be denied or user can be treated as anonymous |
not started |
M |
- |
sec-auth2 |
dynamic extension of authentication mechanisms |
list of supported authentication mechanisms is extensible and can be edited during runtime |
not started |
C |
might become mandatory if authentication options are realized client specific |
sec-auth3 |
support username/password authentication |
tbd |
not started |
M |
- |
sec-auth4 |
support sessionID |
tbd |
not started |
? |
mandatory if backwards compatibility to deegree2 is needed |
sec-auth5 |
support IP-Pattern authentication |
tbd |
not started |
S |
- |
sec-auth6 |
support Http-Basic authentication |
tbd |
not started |
M |
- |
sec-auth7 |
support Network ID |
e.g. in a Microsoft network in combination with IIS |
not started |
S |
- |
sec-auth8 |
support SSO authentication |
forward authentication information to an external service |
not started |
M |
token in http header? |
sec-auth9 |
issue ticket |
Request ticket from a server |
not started |
M |
deegree should only implement interfaces to external ticket servers. How can user information be requested from these servers? |
sec-auth10 |
validate ticket |
forward ticket to appropriate server |
not started |
M |
- |
sec-auth11 |
request user information related to ticket |
tbd |
not started |
M |
- |
sec-auth12 |
define valid ticket time |
tbd |
not started |
M |
- |
sec-auth13 |
support SSO |
authentication of users through external authentication service |
not started |
S |
- |
sec-g1 |
support HTTPS |
client-server-communication encrypted by SSL |
not started |
M |
- |
sec-ows1 |
support deegree webservices (java-based) |
Secure deegree webservices |
not started |
M |
- |
sec-ows2 |
support other webservices (java-based) |
Secure other java based webservices |
not started |
M |
- |
sec-ows3 |
support webservices (non java/deegree-based) |
Secure other OGC services |
not started |
M |
- |
sec-ows4 |
support for server sided portal component |
Secure portal components |
not started |
M |
Implementation is portal specific hence we need a plugin concept in order to support different portals/clients |
sec-ows5 |
support preconditions |
deny requests because of missing rights, restrictions regarding request methods as well as request parameters |
not started |
M |
- |
sec-ows6 |
support post conditions |
manipulation of the reply dependent on the assigned rights |
not started |
S |
- |
sec-u3r01 |
support users, groups, roles, rights and resources |
all users, groups, roles as well as resources to be protected are stored in a db |
not started |
? |
possibly not necessary, if we rely entirely on external solutionswenn es externe Alternativen gibt → siehe (sec-u3r03 |
sec-u3r02 |
support different db as backend |
tbd |
not started |
conditional |
depend on solution for sec-u3r01 |
sec-u3r03 |
usage of external user, groups, and role definition |
bind e.g. ActiveDirectory, LDAP, Tomcat, or DB |
not started |
C |
Use cases need to be defined (external/internal definition of users/groups/roles), evaluate possibility to exclusivly use existing solutions |
sec-u3r04 |
password expiration date |
support 'final expiration' and 'pw needs renewal' |
not started |
M |
- |
sec-u3r05 |
support password for one-time usage |
pw needs to be changed after first login |
not started |
S |
one time login for new user in order to change user pw |
sec-u3r06 |
configurable rules for valid password creation |
min/max length, allowed characters, no words from dictionary, no relation to user name etc |
not started |
M |
As regular expressions: (?=.*[A-Z])(?=.*[@#$%&+=])(?=.*[a-z])(?=.*[0-9]).{6,50}$ |
sec-u3r07 |
expiration date for user |
no expiration, expiration date, pause period |
not started |
M |
- |
sec-u3r08 |
number of logins per user |
unlimited, limit per resource |
not started |
C |
- |
sec-u3r09 |
groups are users |
groups are logically treated as users |
not started |
M |
- |
sec-u3r10 |
relate users to groups |
each user is member of 1..n groups |
not started |
M |
- |
sec-u3r11 |
expiration date for groups |
allows for temporal groups |
not started |
M |
- |
sec-u3r12 |
resources can be of any type |
freely defined resource types |
not started |
M |
- |
sec-u3r13 |
combine resources to resource groups |
tbd |
not started |
M |
- |
sec-u3r14 |
resource groups are resources |
resource groups are treated as resources themselves |
not started |
M |
- |
sec-u3r15 |
relate resource to resource group |
each resource is member of 0..n resource groups |
not started |
M |
- |
sec-u3r16 |
relate resources to data sources/services |
resources can be linked to a resource source, e.g. a Layer to a WMS. Sources are resources themselves |
not started |
M |
as in the concept of namespaces |
sec-u3r17 |
define right type |
rights can be freely defined actions, e.g. GetMap, GetFeature etc. |
not started |
M |
- |
sec-u3r18 |
grant rights to user/group |
rights are granted through an association of a resource with a user and a right type |
not started |
M |
- |
sec-u3r19 |
define additional constraints to rights |
restrict a right through e.g. FilterEncoding expression |
not started |
M |
several options for the filter language are possible, needs further evaluation. Options would include FilterEncoding, SQL, JavaObjects, etc |
sec-u3r20 |
define expiration time of right |
no expiration, expiration date, pause period |
not started |
S |
- |
sec-u3r21 |
support for clients (Mandanten) within the rights database |
several separated sections within the rights database |
not started |
M |
- |
sec-u3r22 |
support user roles (on administration level) |
admin, sub-admin (administration only for a subset of u3r), users and anonymous |
not started |
S |
is this feasible with sec-u3r03? |
sec-u3r23 |
support encryption |
within the system information can be stored encrypted or as clear text |
not started |
M |
pw-encryption: http://www.heise.de/security/artikel/Passwoerter-unknackbar-speichern-1253931.html |
sec-u3r25 |
support synchronization deegree security <> other security systems |
classes/tools for import/synchronization, other systems e.g. ActiveDirectory/LDAP, Oracle, Postgres |
not started |
S |
- |
sec-ui1 |
administration: web-based (HTML) |
as stand-alone UI |
not started |
M |
- |
sec-ui2 |
administration: web-based (HTML) |
as part of iGeoPortal |
not started |
M |
- |
sec-ui3 |
administration: swing-based |
stand-alone or JWS |
not started |
S |
- |
sec-ui4 |
administration: command line tool |
script/batch-tools for user/rights management |
not started |
M |
- |
(*) M-S-C-W: Must have, Should have, Could have, Won't have