Constellation servers are being built to provide the forms of security generally found in distributed service architectures.

Security for web services involves a very complex set of factors: a potentially hostile open networking environment, an intricate stack of interdependent elements including operating systems, databases, web servers, web service containers, code libraries, and the Constellation services themselves, and an advanced set of mathematically difficult technologies. These are all run by the most fallible of components, humans who want to get work done and therefore try to be helpful to others. Given these factors, providing security requires extensive analysis, detailed design, careful implementation, extensive testing, and full-time monitoring.

The security domain is an area in which experts can provide an invaluable help by clarifying the needs of organization with regards to security, designing appropriate policies, developing a reliable monitoring system, and pre-planning the response to any eventual breach so as to enable fast recovery.

The security design of Constellation can only form one of the elements in any overall security system so no one should rely on that design alone. Every organization will have different needs so the facilities being developed within Constellation will necessarily have to be adapted to each organization.

Access Control to OGC Web Services

Constellation is currently being built to provide access control to the geospatial web services following the design being developed at the Open Geospatial Consortium (OGC). This design builds on the well-known role-based access control model developed at OASIS and leverages the security systems developed by the World Wide Web Consortium (W3C) and other leading foundations.

The current OGC design focuses on selective use of point-to-point transport level encryption to secure certain communication exchanges and a broader use of message level signing and encryption to ensure privacy, prevent repudiation and provide efficient access control decisions across the network. The OGC design leverages the W3C and OASIS specification for SOAP level security elements such as WS-Security, WS-Trust, WS-Policy, and WS-SecurityPolicy. The design calls for SAML to provide the core security assertions and the OASIS XACML schemas and protocol to provide the role based access control decisions.

Beyond the OASIS model

Experimentally, the access control mechanism is also being extended beyond the design of the OASIS access control model because there are some very clear needs for access control to geospatial resources which cannot be satisfied by the OASIS model alone. This work is experimental because the consequences of moving beyond the OASIS model cannot properly be assessed without extensive investigation. The OASIS model has been subject to intense scrutiny by experts in the domain, academic researchers and multiple implementors, and therefore has a track record which suggests its proper functioning. The development of new approaches does not benefit from such a history and so must be considered insecure until extensive work can suggest otherwise.