1 SensorWebs and Security Experiences Dan Mandl Presented at WGISS Meeting in Toulouse, France May 11, 2009.

Slides:



Advertisements
Similar presentations
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Advertisements

Page 1 CSISS LCenter for Spatial Information Science and Systems 03/19/2008 GeoBrain BPELPower Workflow Engine Liping Di, Genong Yu Center.
0 McLean, VA August 8, 2006 SOA, Semantics and Security.
22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.
1 NASA CEOP Status & Demo CEOS WGISS-25 Sanya, China February 27, 2008 Yonsook Enloe.
Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Web Services Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.
1 Understanding Web Services Presented By: Woodas Lai.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Using Digital Credentials On The World-Wide Web M. Winslett.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
FIM-ig Federated Identity Management Interest Group.
Configuration Management Issues in IHE Asuman Dogac, SRDC, METU, Turkey
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Web Services An introduction for eWiSACWIS May 2008.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
CEOS WGISS, Hanoi May OSCAR Prototyping the sensor web Wyn Cudlip BNSC/QinetiQ Presentation to WGISS Hanoi May 2007 (Slides.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin.
An XML based Security Assertion Markup Language
W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.
Shibboleth: An Introduction
NSAU Flood Model Use in Sensor Web: Lessons Learned Sergii Skakun Space Research Institute NASU-NSAU, Ukraine CEOS WGISS-27 May 11-15, 2009 Toulouse, France.
NASA Use Cases for the Earth Observation Sensor Web Karen Moe NASA Earth Science Technology Office WGISS-26 Boulder,
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
RSISIPL1 SERVICE ORIENTED ARCHITECTURE (SOA) By Pavan By Pavan.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
NASA SensorWeb AIP-5 Kick-off User Authentication & Licensing Pat Cappelaere Vightel Stu Frye SGT Dan Mandl GSFC Karen Moe GSFC 1.
1 Alternative view on Internet Computing Web 1.0 –Web 1.0 is first generation, Web Information based. Driven by Information provider. Web 2.0 Ajax enabled.
Kemal Baykal Rasim Ismayilov
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Web Services Architecture Presentation for ECE8813 Spring 2003 By: Mohamed Mansour.
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
Adding Distributed Trust Management to Shibboleth Srinivasan Iyer Sai Chaitanya.
Web Services. Web Service: Simple definition : “ Service Offered On the Web “ Technically : “ A Web Service is a programmable application component that.
® ® Geospatial Information Standards for Human Geography at: Human Geography Summit by: Raj Singh, PhD Director, Interoperability Programs Open Geospatial.
Access Policy - Federation March 23, 2016
Introduction to Windows Azure AppFabric
Secure Sockets Layer (SSL)
GF and RS, Dept. of CS, Mangalore University
CASE STUDY -HTML,URLs,HTTP
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Public Key Infrastructure (PKI)
Adding Distributed Trust Management to Shibboleth
The New Virtual Organization Membership Service (VOMS)
Tim Bornholtz Director of Technology Services
InfiNET Solutions 5/21/
Presentation transcript:

1 SensorWebs and Security Experiences Dan Mandl Presented at WGISS Meeting in Toulouse, France May 11, 2009

2 Definition Web Service – from Wikipedia W3C compliant software system designed to support interoperable machin-to- machine interaction over a network It communicates over the HTTP protocol used on the Web and falls generally into two categories Simple Object Access Protocol (SOAP)/Web Service Design Language (WSDL) Representational State Transfer (REST)-ful Both need to be supported, but our preference up to this point is RESTful Web Services to reduce implementation and operations costs

Key Implementation Challenges Web Processing Service (WPS) Web Coverage Service (WCS) Sensor Planning Service (SPS) Organization Orchestrating Workflow Secure transactions Delegation Single sign on

4 Scope Web Services need to be accessible from an Open Network but are not necessarily on the NASA network They are used to access data and/or assets in a bi-directional manner They may need to communicate with many communities on a permanent or temporary basis (e.g. disaster management) Some data to exchanged may Be mostly public Be restricted for dissemination for a specified time period (e.g no distribution rights for 60 days) Have license agreements Web security protocol needs to be easy to implement since many user will have low IT capability Target Web 2.0 mass market Implementable in less than a half a day Leverage existing Web 2.0 standards to lower cost and more easily gain acceptance

SensorWeb High Level Architecture L1G SOS WFS SPS SAS SOS WFS SPS SAS Sensor Planning Service (SPS) Sensor Alert Service (SAS) Sensor Observation Service (SOS) Web Feature Service (WFS) SensorML Capabilities Documents Satellite Data Node EO-1 Satellite In-situ Sensor Data Node UAV Sensor Data Node SensorML Satellite sensor data product Web Processing Service (WPS) Web Coverage Service (WCS) Web Coordinate Transformation Service (WCTS) SensorML Capabilities Documents Data Processing Node Internet Sensor Data Products OpenID 2.0 RSS Feeds floods, fires, volcanoes etc Campaign Manager Workflow s

6 Goal is to visualize available satellite data and possible future satellite data in an area of interest and a desired time span on Google Earth. Satellite imagery available on Myanmar flooding as a result of Nargis cyclone May Overview Builds on Stefan Falkes and Don Sullivans enhanced WCS in which subset of data returned based on user specified AOI and time – ESTO funded

7 Federated Approach Build electronic trust relationships between closed communities over the open Internet Permanent Temporary Permission policies may need to be exchanged across domains Trust relationships must be discoverable within their community trust service providers (layered) E.g. Application registered with community Openid provider and thus could check validity to see if request comes from a trusted domain as a preliminary check)

8 Federated Approach Management Each community needs to manage its users and services in a satisfactory manner but not necessarily identically Provide a recognizable handle for a user or service Provide an accessible profile for user/service attributes Permission policies may need to be exchanged across domains Local trust relationships must be discoverable by local service providers Some attributes may be read-write Privacy issues (user consent to release info)

9 User & Service Profile Standard organization profile Example: (OpenID possible attributes) One or more notification methods for delegation of authority or other notifications (SMS, instant messages) Roles/permission granted by organization (e.g. Red Cross representative can task EO-1) Some user profile attributes may be writable by outside services E.g. Digital Rights management/ License agreements Service profile (e.g client application registered so that we know it is valid) Name, description Main URL web page end point RSA public key

10 Secure Transactions Data providers need to make sure that: Message transaction has not been tampered with Message has not been played back in tampering scheme Message is not encrypted Message comes in from valid service consumer Message comes from valid user User has proper permission to access the specified security realm User has delegated authority to consumer (confirmation may be necessary) User has agreed to access/license agreement

GSFC USGS Level 0 Processing at GSFC First operational experiment Experimental OpenID Provider (OP) Server Campaign Manager GSFC OpenID Provider (OP) Server Other Federated OpenID Provider (OP) Servers Server User from GSFC Non-GSFC User GSFC Domain Non-GSFC Workflows GSFC Workflows GSFC User

12 NASA Considerations Standard trust service providers that register communities for a fee Incommon.org Levels to authentication certification Level 1 – claimed assurance Level 2 – Identity check, user id and password Level 3 – Increased level of identity check such as checking hard token and 2 factor personal ID Level 4 – Fed PIC smartcard Method of authentication and IT security evolving We are working with GSFC and NASA IT security team to input requirements and for possible collaborative security prototypes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.