Security and the Open Geospatial Consortium (OGC) CEOS/WGISS-27 Workshop 11 Mai 2009 Toulouse Andreas Matheus, Secure Dimensions GmbH

Slides:



Advertisements
Similar presentations
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Advertisements

Page 1 CSISS LCenter for Spatial Information Science and Systems 03/19/2008 GeoBrain BPELPower Workflow Engine Liping Di, Genong Yu Center.
Lousy Introduction into SWITCHaai
Datum Name Dr. Roland M. Wagner Overview: Geo Digital Rights Management Note: The Presentation and the paper do not represent any official OGC.
Cario, April, 18th 2005 Dr. Roland M. Wagner SDI NRW Joint Project 2004: Identification of enhanced SDI elements Dr. Roland M. Wagner
SDI Business Phases and derived INSPIRE Horizontal Services Relates to INSPIRE DT Network Services, DT Sharing Relates to OGC GeoDRM WG, Price & Order.
Dr. Roland M. Wagner (IFGI) Spatial Data Infrastructures: Architecture & Approach X-Border Spatial and urbanization planning Aachen Some slides.
© 2004, Open Geospatial Consortium, Inc. Managing and Protecting Digital Rights within a Network of Geo-spatial Web Services 11 th EC GI & GIS Workshop,
Click to edit Master title style HEALTH INFORMATION 1 Identity & Access Management Presenter: Mike Davis (760) January 09, 2007.
® Copyright © 2009, Open Geospatial Consortium, Inc., All Rights Reserved. OWS-6 Grid Computing Activities Bastian Baranski Institute for Geoinformatics.
© 2006 Open Grid Forum OGF19 Federated Identity Rule-based data management Wed 11:00 AM Mountain Laurel Thurs 11:00 AM Bellflower.
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
© Geospatial Research & Consulting Ingo Simonis Ingo Simonis Freelancer.
® © 2006 Open Geospatial Consortium, Inc. OGC Catalog CEOS WGISS September 2006 Chuck Heazel
Sensor Web Enablement and GEOSS Presented by: Terence van Zyl.
Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität.
1 SensorWebs and Security Experiences Dan Mandl Presented at WGISS Meeting in Toulouse, France May 11, 2009.
CEOS WGISS, China, February, Sensor Web Enablement (SWE) Wyn Cudlip BNSC/QinetiQ Presentation to WGISS China, 2008.
Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
The Next Generation Network Enabled Weather (NNEW) SWIM Application Asia/Pacific AMHS/SWIM Workshop Chaing Mai, Thailand March 5-7, 2012 Tom McParland,
EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop London, UK.
Proposed update of Technical Guidance for INSPIRE Download services based on SOS Matthes Rieke, Dr. Albert Remke (m.rieke, 52°North.
GDI.DE Test Federation Demo Slides Andreas Matheus.
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
WS-Security TC Christopher Kaler Kelvin Lawrence.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Copyright © 2006, Open Geospatial Consortium, Inc., All Rights Reserved. The OGC and Emergency Services: GML for Location Transport & Formats & Mapping.
Web services security I
OGC Liaison Report WGISS-20 Allan Doyle, EOGEO
Page 1 LAITS Laboratory for Advanced Information Technology and Standards 9/6/04 Briefing on Open Geospatial Consortium (OGC)’s Web Services (OWS) Initiative.
Web Service Standards, Security & Management Chris Peiris
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Interoperability ERRA System.
Identity Management Report By Jean Carreon and Marlon Gonzales.
® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Sensors, SWE and European spatial data initiatives – INSPIRE and GMES Brno, Radim Štampach, Ph.D.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
SWIM-SUIT Information Models & Services
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
Introduction to Implementing XML web services authentication John Messing Law-on-Line, Inc. Prepared for Maricopa County ICJIS May 17, 2006.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Geneva, Switzerland, 18 February 2014 OGC Where the Internet of Things touches Location/Space Bart De Lathouwer, OGC, bdelathouwer [at] opengeospatial.orgbdelathouwer.
Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
Open Geospatial Consortium Overview and why we are adopting the standards.
Web Services Security Patterns Alex Mackman CM Group Ltd
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Page 1Overview of the HMA Project, 8 March 2010 Overview of the HMA Project OGC TC Opening Plenary Pier Giorgio Marchetti European Space Agency.
ESRIN, 15 July 2009 Slide 1 Web Service Security support in the SSE Toolbox HMA-T Phase 2 FP 14 December 2009 S. Gianfranceschi, Intecs.
Access Policy - Federation March 23, 2016
HMA Identity Management Status
OGSA-WG Basic Profile Session #1 Security
Geo Rights Management (GeoRM) Hats and Doors?
HMA Identity Management Status
and perspectives for AIXM
Presentation transcript:

Security and the Open Geospatial Consortium (OGC) CEOS/WGISS-27 Workshop 11 Mai 2009 Toulouse Andreas Matheus, Secure Dimensions GmbH

Helping the World to Communicate Geographically Agenda What do I mean by Security? Typical Requirements and Standards OGC Security and GeoRM Working Groups OGC Interoperability Initiatives Conclusion and upcoming activities

Helping the World to Communicate Geographically Context For This Talk Target to be secured is a Distributed System –for exchanging / processing of geospatial information –implemented by (but not limited to) OGC Web Services One mandatory and one optional Threat Model –Internet Threat Model –Browser (Client) Threat Model In this context, Security refers to –communication between entities –trust between entities / parties –protection of assets Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security – What Do I Mean By That? For the system itself: secure systems will control, through use of specific security features, access to information such that only properly authorized individuals, or processes operating on their behalf, will have access to read, write, create, or delete information. [TCSEC]* For a distributed system: the distributed property is a characteristic of the system that shall not have any influence on the definition above. Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security Relies On Requirements Trusted Computer System Evaluation Criteria –Policy, Marking, Identification, Accountability, Assurance, Continuous Protection –Evaluation Classes: D (lowest), C, B, A (highest) C: Discretionary Access Rights Management, Identity based AC B: Mandatory Access Rights Management, Context based AC ISO Security and the Open Geospatial Consortium –1: Overview –2: Authentication FW –3: Access Control FW –4: Non-Repudiation FW –5: Confidentiality FW –6: Integrity FW –7: Security Audits and Alarms FW

Helping the World to Communicate Geographically OGC Sensor Web – A Trusted System? Security and the Open Geospatial Consortium CAT SOS SAS Sensors WNS SPS Register Search SOS SAS GetResults SensorML Task Notify notification Publish Alert Notify Bind

Helping the World to Communicate Geographically The Interoperability Issue Exchanging and processing of geospatial Information in a federation requires interoperability on different levels: –Data Level Interoperability ensures the ability to consume the information –Service Level Interoperability ensures the ability to exchange / obtain the information to be consumed –Security Level Interoperability ensures the ability to the above in a reliable and trustworthy fashion Implementation of all levels can be done by using standards from the OGC and other bodies Establishing secure communication –Network level –Application level Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security Standards Security and the Open Geospatial Consortium This is an OGC Standard!

Helping the World to Communicate Geographically Security And The OGC – Working Groups GeoRM (Geo Rights Management) DWG – 2004 – –Geospatial Digital Rights Management Reference Model (Abstract Specification Topic 18) Security DWG – 2006 – –Forum for discussing related topics to authentication, access control and secure communication Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – Standardization GeoRM Common SWG – 2007 – –define the GeoRM Common Standard for the implementation of common aspects GeoDRM Reference Model [Charter] GeoXACML SWG (persistent) –Potential to be established 2009 (next TC meeting 06/09) –purpose … is to develop an OGC Web Services Profile of GeoXACML [Draft Charter] –another purpose … is to coordinate OGCs work on GeoXACML with the work of the OASIS XACML WG [Draft Charter] Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-3 Initiative Timeline 04 – 10/2005 Dedicated Thread for GeoDRM Click-through" licensed use of a –Web Map Service (WMS) –Web Feature Service (WFS) –Web Portrayal Service (cascade of a WMS and WFS) GeoDRM license model for different types of users –anonymous / registered user Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-3 Initiative Click-Through Licensing Security and the Open Geospatial Consortium Error: Please read/accept the disclaimer! Read & Accept Disclaimer Request Result: Image / 27GML

Helping the World to Communicate Geographically Security And The OGC – OWS-3 Initiative WS-Security based implementation of secure communication and exchange of security context information –Confidentiality –Integrity WS-Security supports different Security Tokens –Username Tokens (authentication by user/password) –X.509 Tokens (authentication by certificate) –SAML Tokens (exchange of user assertions) –REL Tokens (exchange of license assertions) –Kerberos Tokens (Microsoft authentication) Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-3 Initiative Interoperability Program Report (IPR) –OGC (Fraunhofer): Terms of Use (ToU) Service and Model Implementation –Click-Through License for WMS and WFS (University of the Bundeswehr München) Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-4 Initiative Timeline 06 – 12/2006 Dedicated Thread for GeoDRM Use of brokered / negotiated licenses for a –Web Feature Service (WFS) Two phase approach –I: Negotiation of a license (and the comprised rights) –II: Managing access to protected services based on the rights and conditions in the license Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-4 Initiative Scenario 1 –Unrestricted User-License Scenario 2 –Brokered-License Scenario 3 –Negotiation of a User-License Scenario 4 –Managing access to a WFS-T for feature updates Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-4 Initiative Security and the Open Geospatial Consortium Rights as XACML Policy Authenticity by XML Signature Structure of an OWS-4 License

Helping the World to Communicate Geographically Security And The OGC – OWS-4 Initiative Interoperability Program Reports –Engineering Viewpoint (con terra) –Trusted Geo Services (University of the Bundeswehr München) –Change Request OWS Common (Fraunhofer) Implementation (con terra) –Phase I: Negotiation of licenses Implementation (University of the Bundeswehr München) –Phase II: Licensed feature update using a WFS-T Online Demo – Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-6 Initiative Timeline 10/2008 – 04/2009 Security inside threads –Geo Processing Workflow (GPW) Managed access to OWS and trusted communication between different security domains XACML/GeoXACML based protection of a WMTS and WFS –Sensor Web Enablement (SWE) How to secure a sensor network based on OGC Sensor Web Services? Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-6 Initiative Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-6 Initiative Security and the Open Geospatial Consortium Access Control in the Airport Emergency Response Scenario (source: )

Helping the World to Communicate Geographically Security And The OGC – OWS-6 Initiative Secure Sensor Web Engineering Report –Evaluate vulnerabilities, attacks and affects on assets for the Sensor Web Services specifications Sensor Alert Service (SAS) Sensor Observation Service (SOS) Sensor Planning Service (SPS) –Assets are Sensors, Production Data, Observations, Alerts –Provide recommendations how to prevent or mitigate the attacks Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Security And The OGC – OWS-6 Initiative Interoperability Program Reports –OWS-6Security ER (con terra) –OWS-6 GeoXACML ER (University of the Bundeswehr München) –OWS-6 Secure Sensor Web ER (AM Consult*) Implementation (con terra) –STS, PDP, PEP Implementation (AM Consult*) –GeoPDP Implementation (Geomatys) –WMS / WFS PEP Security and the Open Geospatial Consortium *: Secure Dimensions GmbH is the successor of AM Consult

Helping the World to Communicate Geographically Security Standards – OGC experience Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Consensus On Security In The OGC Results from the OWS-3, OWS-4, OWS-6 Initiatives –Use SOAP based communication for service interface –Secure communication by leveraging WS-Security from OASIS Includes use of XML DSig and XML Encryption by W3C –Access Control based on XACML / GeoXACML Items that require standardization/recommendation –Authentication –Bootstrapping for secured OGC Web Services –GeoXACML Profile for OGC Web Services Security and the Open Geospatial Consortium

Helping the World to Communicate Geographically Potentially Future Work Items GeoXACML SWG –How to ensure 100% interoperability using GeoXACML to protect Geo Web Services (includes OGC Services) –Communicate with OASIS XACML WG to ensure that geo-specific use cases are included GeoRM Common SWG –How to transport a security context for licensed protection of OGC Web Services OWS-7: Proposal for a Security Thread –Implementation of Secure Sensor Web ER results for SPS –Evaluation / comparison of Authentication Mechanisms Security and the Open Geospatial Consortium CEOS members – get involved in Security for OWS-7

Helping the World to Communicate Geographically Thank You For Your Attention Security and the Open Geospatial Consortium It is important, never to stop asking questions... [Albert Einstein] Secure Dimensions GmbH – Holistic Geosecurity Dr. Andreas Matheus Kederbacherstraße 44 D München, Germany Phone+49 (0) Mobile+49 (0) Telefax+49 (0) Web

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.