enterprise level security and data configuration · enterprise level security and data...
TRANSCRIPT
E n t e r p r i s e L e v e l S e c u r i t y a n d D a t a C o n f i g u r a t i o n
Chris Spicer Team Lead and Domain Architect
Ministry of Citizens' Services and Open Government
What is DataBC?
Security and Configuration in an Enterprise, a two year mission
DataBC provides leadership for the BC Government’s Open Data and Spatial Data Infrastructure
DataBC provides resources that help the BC Government manage and use its data as a strategic asset
DataBC promotes and enables the sharing of data with citizens, businesses and across the government enterprise www.data.gov.bc.ca
DataBC online is the place to find BC Government data, services, applications and tools
www.data.gov.bc.ca
5
ELUC,
CORE,
LUCO
1990’s Early 2000’s Late 2000’s Future
2006: ILMB 2003: LIBC 2002: MSRM 2008: GeoBC 2011: DataBC
• Open Data – License, Policy, Catalogue, Website
• Provincial Spatial Data Infrastructure – Shared Infrastructure for Access to Government Data
– warehouse, catalogue, download, visualization and connection services
– Application Frameworks and Location Services
• Governance: – Data Custodianship Principles
An SDI is composed of 6
fundamental elements:
• Metadata
• Geospatial Data
• Framework
• Services
• Standards
• Partnerships
More than 2,500 data sets and 3,400 presentation Layers
6,000 tables
1.6 billion rows of data
150 line of business applications
Users download over 400,000 products / yr
Core corporate app, iMapBC has over 275,000 user sessions / yr
Our WMS services serve over 129 million image requests / yr
Light weight for Mobile devices using the Google Maps API
Heavy weight for desktop users via Java, Silverlight & Browser (IMF & IMF2 respectively)
Maintaining presentation and security for over 3,400 different warehouse layers for web mapping and desktop GIS users
Managing the individual configuration of layer collections in dozens of different applications
◦ One layer change could require multiple configuration updates across multiple applications
◦ Each application often needs to be tested and migrated between IT environments
Security configured in one place with no duplication
Layer presentation configured in one place, both for desktop GIS and Web GIS users and consumers
Centralized security through a database driven policy store
Using ArcIMS Dynamic layers eliminated the need for a AXL file with 3,400 layers
Implemented for a single application; many stand alone AXL files still maintained for business specific applications
Policy store implementation clumsy; one record entry for each database layer
The Internet Mapping Framework, based on ArcIMS is nearing the end of its useful lifespan
Upgrade opportunity using Geocortex Essentials, ArcGIS Server and custom code to reproduce and improve on the feats of the original iMapBC app
Trying to migrate from ArcIMS to ArcGIS Server, it was apparent that there was a gap –– dynamic layer support was absent
Sud Menon
Ismael Chivite
Craig Williams
Layer files are converted into JSON using a Server object extension
The JSON is stored in a database and made available through a REST endpoint layer catalogue
The layer catalogue provides an authorized catalogue list of layers to calling client applications
Layer File Library
.LYR files on disk
JSON
Conversion to JSON
Dynamic Layers Web Service
GetDynamicLayers()
GetDynamicLayer(layerName)
Upon application start-up, the layer catalogue provides the client application with a list of authorized layer IDs
JSON is provided directly from the database when the user or application requires a layer to reduce network traffic
The layer presentation properties are retrieved dynamically from the database which holds the authoritative layer representation
A Proxy monitors transactions from the client to AGS and filters any IDs that the client is not authorized to see
Client viewer makes requests through different AGS map services for different security groups
Multiple AGS map services are used to protect sensitive layers, each with an associated proxy account with appropriate oracle permissions
ArcGIS Server Geocortex Essentials
Viewer
REST API
REST API
Secured Map Services
Proxy
Public Map Services
Layer Security Provider
Available Layers
Dynamic Layers Web Service
GetDynamicLayers()
GetDynamicLayer(layerName)
Layer Security Provider Sites
Layer Catalogue
Client Viewer
Essentials Proxy
Security
Layer Catalogue
Web Service
JSON Repository
Security Groups
ArcGIS Server 10.1
Layer List
A new version of iMapBC is being rolled out using ArcGIS Server 10.1 and Essentials
Beta test URL goes out this week
Future application design stds will require new apps to utilize this REST endpoint for security and layer presentation