The illuvis Security Model
People often ask us how secure is illuvis? the short answer is very secure indeed. illuvis has been built from the ground-up with security as a primary consideration. This page describes some of the security features of illuvis as well as the model it uses to facilitate the secure sharing of projects between users.
General Security Characteristics
The following points describe the more general security characteristics of illuvis while the Security Model section deals specifically with how illuvis securely manages the sharing of projects between users.
- All communication with illuvis is encrypted using 128-bit TLS-based encryption.
- All elements of the illuvis service are protected by the LutraAuth security library which:
- Requires users to login / authenticate before accessing any part of the service.
- Checks that a user is authorised to perform a given action (e.g. viewing someone else's map that's shared with them).
- Performs authentication / authorisation for WMS and other OGC service requests.
- Only stores encrypted and salted login credentials.
- illuvis runs on dedicated servers to which only the illuvis management team have access.
Within illuvis, all data is arranged into Projects, Scenarios and Events as shown in the diagram below. The illuvis Concepts section of the documentation contains more information about the illuvis data model.
The diagram above illustrates how flood, event and scenario data are associated with a single project. By default, when a user creates a project, it is only visible to themselves. illuvis allows projects to be securely shared with other users.
illuvis allows permissions to be set (and performs authorisation) at the project-level.
Projects shared with users in illuvis are done so with zero or more of the following permissions:
- Can Share
- Can Edit
If neither of these permissions are granted when sharing a project with a user then that user will simply be able to view the project and its data. They will not be able to edit it or share it with others.
Users with whom a project is shared with "Can Edit" permissions will be able to view and make changes to the project in the same way its owner can. "Can Edit" permissions do not imply "Can Share" permissions.
Users with whom a project is shared with "Can Share" permissions will be able to view and also share the project with others. When sharing the project with others, they too will be able to grant the "Can Share" permission to whom they are sharing with. They may also only grant the "Can Edit" permission to others if they have been granted the "Can Edit" permission.
The ability to grant "Can Edit" and "Can Share" permissions varies depending on pricing plan.
The Sharing projects section of the documentation explains how to manage project sharing settings.