WMS with Access Control (ACL) for different users? Or solution for thousands of points on web map?

Some projects for GIS webservices ACL

  • http://52north.org/maven/project-sites/52n-security-site/
  • http://www.geoxacml.org/
  • https://secureows.org/
  • http://www.easysdi.org/
  • http://istgeo.ist.supsi.ch/site/projects/geoshield
  • http://wald.intevation.org/scm/?group_id=39 (Gispatcher)
  • http://www.mapbender.org/OWS_Proxy (for Mapbender)
  • http://wiki.deegree.org/deegreeWiki/iGeoSecurity (for Degree)

At the foss4g 2010, see on the Sept 09th, 11:00 in the final program http://2010.foss4g.org/program_print.php (presentations not available for the moment)


I think that a common solution is to create a proxy or wrapper script that sits between the client and WMS. The proxy is used to craft a custom WMS call based on parameters from the client.

You haven't mentioned whether your purpose for this setup is security or just customization, or what information the client will have to determine which custom 'view' of the data the WMS should produce.

If you will be displaying more than a few hundred points, you will want to stick to an image based service like WMS. Depending on your requirements, you could also just put MapServer behind a wrapper script that makes custom map requests based on unique filter or expression parameters.


I have an answer that worked for us after some trial and error.

Oracle Spatial + Oracle VPD does the trick. We're already using Ora, and VPD, so this was the next logical step. Ora spatial has a WMS service and can be customized to be different for different users based on their rights/ACL via VPD. If others are looking for something like this, I realize not every operation has or can afford Oracle, but if you have it - it's in there. Don't know if MS SQL Server has similar functionality.