Rudiger Gartmann
Senior Consultant
con terra
Germany

Abstract
Data Sharing and Access Control - A Contradiction?

Data sharing has become a hype topic in the geospatial business over the last years. While initially businesses regarded their data as an asset that has to be kept private, the value of sharing data becomes more and more obvious. The notion of data silos that shall be opened illustrate this development. Very often, data sharing is regarded synonymous to Open Data, but this is a limited view. Data may contain personal information or business value, which cannot be provided to everybody. But in many areas, either commercial or public sector, sharing of non-open data has a significant potential. In this case, it is very important to be able to impose access restrictions to this data, in order to ensure that only authorised users are able to use this data. Without this protection, sharing of sensitive data would not be practical. The Trans Adriatic Pipeline AG (TAP) is building a pipeline from Greece to Italy, and therefore has to manage huge amounts of spatial data, including the pipeline trajectory, facilities, affected cadastral parcels, etc. This data includes many sensitive aspects, which are classified into non-personal, personal, and sensitive-personal data. All authorized users may get access to non-personal data in general, but access to personal and sensitive-personal data is restricted to a limited number of users. These access restrictions may be of a spatial nature or imposed on a need to know basis or a combination of these. With standard GIS systems, TAP would have to publish individual services per unique combination of access restrictions. That requires more hardware resources and maintenance costs. Using security.manager as a tool for fine-grained role based access control, a service only needs to be published once. Then individual permissions including spatial restrictions can be managed on layer-, feature- and attribute level through the security.manager management console. In this presentation the relevance of access control for data sharing use cases will be shown by the example of TAP, elaborating on technical as well as on business aspects.