Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Authentication and Metrics Parallel Session 4b - Friday, May 4 at 09:00 in Room 4 - Session Leaders: Steve Browdy, Lucia Lovison AIP-5 Kickoff.

Published bySydney Chandler Modified over 6 years ago

Similar presentations

Presentation on theme: "User Authentication and Metrics Parallel Session 4b - Friday, May 4 at 09:00 in Room 4 - Session Leaders: Steve Browdy, Lucia Lovison AIP-5 Kickoff."— Presentation transcript:

1 User Authentication and Metrics Parallel Session 4b Friday, May 4 at 09:00 in Room Session Leaders: Steve Browdy, Lucia Lovison AIP-5 Kickoff Workshop UNEP Geneva 3-4 May 2012

2 Session Agenda Session Introduction (5 minutes)
Self introductions (5 minutes) Primary presentations (30 minutes) identify what problem are you solving emphasis on the end-to-end use case: publish, find, bind, workflow, decision listing of services and data contributions Open discussion (20 minutes) Interactive discussion of design and interoperability arrangements Develop a work plan (30 minutes) review and comment on AIP Master Schedule identify session specific milestones what is missing and still needed: service and data gaps what would result in a paradigm shift to meeting our objectives rather than a simple evolutionary path.

3 Authentication Key Points
User Authentication is a 2012 IIB priority Research began in AIP-3 Goal is to operationalize this going into 2013 User Authentication entails: User registration Single Sign-On (SSO) There exist multiple options: Federated (lightest impact on GCI) Centralized (heaviest impact on GCI) Hybrid ??? Solutions that have been considered: OpenID OAuth Shiboleth At this point, there is only interest in authentication, not access control Could there be a “GEOSS User” ?

4 Metric Key Points User metrics is a 2012 IIB priority
Goal is to operationalize this going into 2013 User metrics initially discussed in early 2011 by DSTF (now DSWG) Does not need to be coupled to registration and authentication, but could be May aggregate metrics, but no individual tracking User metrics reports: Provider used Resource accessed Date/time of access Other metadata, as desired and within reason

5 High Level Requirements
Single Sign-On (SSO) Metrics Duration of login without activity Password longevity Resources accessed Implementation Impact Desired Light impact for data providers Light impact for GCI Realistic Tradeoff between data providers and GCI One will most likely have much more to do than the other AIP still looking into this (will continue in AIP-4)

6 High Level Requirements
Data user perspective Easy to register Possibly identified as “GEOSS User” No repeat logins desired Legal perspective User privacy issues Data provider access issues (time to logout)

7 When Should It Be Done (Development/Test/Deploy Schedule)
Process DSTF -> ADC -> IIB -> AIP -> GCI-CT … Development Specification to be written (no matter how small) GCI component providers to develop (AIP-4) AIP to experiment/test GCI-CT to update and test against consolidated requirements Make sure that all technical goals have been met DSWG Sign-off Make sure that all data sharing goals have been met Deploy into the GCI Code release Maintenance on existing users (if necessary)

8 Current Status AIP-3 assumed SSO from two perspectives:
Federated solution Impact on data providers (possibly non-trivial) Virtually no impact on GCI GCI-centric solution Light impact on data providers Heavy impact on GCI Two technologies researched OpenID Shibboleth

9 Current Status OpenID Federated solution
User must register at an OpenID server Use OpenID itself Use some other implementation of OpenID server (possibly in the GCI) Somewhat light impact on data provider Checking authentication, not authorization However, Most notable OpenID solutions leverage external identity providers such as Google, Yahoo, and Paypal. Metrics across multiple providers will be problematic without heavier impact on providers. Machine-to-machine issues may exist, but haven’t been tested yet.

10 Current Status

11 Current Status Shibboleth Federated solution
There must exist an Identity Provider (IdP) Needs to be provided by GCI or some other provider. Not provided by trusted 3rd parties, such as Google, Yahoo, etc. works in conjunction with a user directory Active Directroy LDAP Very heavy impact on data provider and potentially the GCI Checking authentication and authorization However, Metrics across multiple providers will be problematic without a GCI-provided IdP. Machine-to-machine issues may exist without a GCI-provided IdP.

12 GCI-Centric Solution

13 Things to Consider Relative impact between data providers and GCI
If a GCI component is deemed the way to go, then it needs to be written into the AIP-4 CFP. As seamless and painless as possible for users and providers. Will require a complete implementation guideline for data providers. Should there be a “GEOSS User”? Work continues with AIP-5, how soon is it needed?

14 Yesterday Things to Consider
Relative impact between data providers and GCI If a GCI component is deemed the way to go, then it needs to be written into the AIP-4 CFP. As seamless and painless as possible for users and providers. Will require a complete implementation guideline for data providers. Should there be a “GEOSS User”? Work continues with AIP-5, how soon is it needed? Yesterday

Download ppt "User Authentication and Metrics Parallel Session 4b - Friday, May 4 at 09:00 in Room 4 - Session Leaders: Steve Browdy, Lucia Lovison AIP-5 Kickoff."

Similar presentations

AIP-2 Kickoff Workshop [Your Topic] Session Overview [Session co-lead names] GEOSS AIP-2 Kickoff 25-26 September 2008.

AIP-2 Kickoff Workshop [Your Topic] Session Overview [Session co-lead names] GEOSS AIP-2 Kickoff September 2008.
March 28-29, 2013 1 AIP-6 Data Sharing Working Group Breakout Steven F. Browdy OMS Tech, Inc. IEEE.

March 28-29, AIP-6 Data Sharing Working Group Breakout Steven F. Browdy OMS Tech, Inc. IEEE.
Agenda Session (75 minutes duration, Friday sessions are 90 minutes) Co-lead introduces the session (5 minutes) –repeat of one chart from opening plenary.

Agenda Session (75 minutes duration, Friday sessions are 90 minutes) Co-lead introduces the session (5 minutes) –repeat of one chart from opening plenary.
High level summary and recommendations from AIP-3 George Percivall Open Geospatial Consortium Task lead AR-09-01B ADC-16, May 2011.

High level summary and recommendations from AIP-3 George Percivall Open Geospatial Consortium Task lead AR-09-01B ADC-16, May 2011.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
AIP Data Sharing investigations for GEOSS Summary of AIP-3 Data Sharing Guidelines Working Group George Percivall AIP Task Leader Open Geospatial Consortium.

AIP Data Sharing investigations for GEOSS Summary of AIP-3 Data Sharing Guidelines Working Group George Percivall AIP Task Leader Open Geospatial Consortium.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section 15.2 Identify guidelines.

Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section 15.2 Identify guidelines.
ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security
Shibboleth 2.0 IdP Training: Authentication January, 2009.

Shibboleth 2.0 IdP Training: Authentication January, 2009.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
GEOSS Common Infrastructure Internal Structure and Standards Steven F. Browdy (IEEE)

GEOSS Common Infrastructure Internal Structure and Standards Steven F. Browdy (IEEE)
Shibboleth: An Introduction

Shibboleth: An Introduction
May 7, 2013 CEOS WGISS-35 Meeting 1 GEOSS Authentication and Single Sign-On Steven F. Browdy OMS Tech, Inc. IEEE.

May 7, 2013 CEOS WGISS-35 Meeting 1 GEOSS Authentication and Single Sign-On Steven F. Browdy OMS Tech, Inc. IEEE.

Similar presentations

Ads by Google