|
GEOPORTAL
|
|
AUTHORIZATION SERVER
The task of the authorization server, marked on the scheme as AUTORYZACJA, is to service the logging of users of the system, and their level of authorization. When logging to the system at the GEOPORTAL server, that server checks for the correctness of the user name and password, on the authorization server. In case the logging is correct, the server AUTORYZACJA sends a special token to the customer. That token will be added to the queries sent to the WSP and CSP servers. Each of the WSP servers, and the CSP server, will be able, on the basis of the token and the information collected from the authorization server (AUTORYZACJA), to state to which data (services) that specific user has access.
If the user has restrictions ascribed to the IP address, the server AUTORYZACJA will also send information about IP addresses, from which a given user may get connected. Restriction imposed upon the IP address enables control not only of the person, but also the location, from which the user logs in.
The course of access session to non-public data:
- The user, on the website downloaded from the server GEOPORTAL (www) provides the user name and password.
- The GEOPORTAL server connects with the server AUTORYZACJA and, in case of correct authorization, sends a token to the user.
- The user indicates, which data s/he wants to view and from which register unit.
- Connection is made with the proper WSP server proxy (responsible for the register unit) or CSP server proxy. The proper server proxy is selected on the basis of the data gathered on the location server LOKALIZACJA.
- The proxy server servers checks the validity of the received token on the server AUTORYZACJA, controls the rights of access to a definite register unit, and to the layers specified in the query (those data are saved in order to eliminate their checking every time).
- In case the control has been positive, the query is sent to the proper data server (providing the services). As result of the query, the server generates data, which via the server proxy are sent to the user.
It should be stressed again that public data are collected directly from cadastral nodes, topographic nodes, and general geographic nodes, whereas the non-public data being subject to protection require the intermediation of servers proxy. In no case is it necessary to send data via the GEOPORTAL server (the server responsible for the distribution of the www website). It enables achieving high efficiency and improves the work speed (which can be easily checked).
The authorization server AUTORYZACJA serves two groups of users:
- distinguished users with permanent access
- users with access in line with the contract.
The first group is made up of users that have permanent access to data. That access may be restricted by territory - e.g. browsing data on by municipalities or by topics - e.g. access of chartered surveyors to geodetic matrices. Those users, after registration on authorization server and confirmation of the data, will be able to use data without additional charges (for example: municipalities from the resources of the register of land and buildings).
The second group consists of users who signed contracts for access to data in a specified time. The registration of such users takes place via the server of orders. The server of orders registers the data resulting from a given contract (data concerning the user, area, scope of topics, period of access, and payment principle). The server of orders adds such a user on the authorization server AUTORYZACJA. From that moment on, the user has access to data without the necessity of paying for services every time.
|
){kind=link}