Presentation is loading. Please wait.

Presentation is loading. Please wait.

OGC Interoperability Experiments & Authentication Association GI Laboratories Europe (AGILE) pre-conference work shop. Testbed research: Testing Geospatial.

Similar presentations


Presentation on theme: "OGC Interoperability Experiments & Authentication Association GI Laboratories Europe (AGILE) pre-conference work shop. Testbed research: Testing Geospatial."— Presentation transcript:

1 OGC Interoperability Experiments & Authentication Association GI Laboratories Europe (AGILE) pre-conference work shop. Testbed research: Testing Geospatial and Services/Persistent Testbed, Utrecht, The Netherlands, 18 th April, 2011. chris.higgins@ed.ac.uk EDINA National Data Centre, University of Edinburgh

2 Shibboleth Internet2 consortium Open source package for web Single Sign On across admin boundaries based on standards: –Security Assertion Markup Language (SAML)‏ Organisations can exchange user information and make security assertions by obeying privacy policies Devolved authentication – maintain and leverage existing user management Enables finer grained authorisation through use of attributes Small coordination centre, large federation of organisations (service and identity providers)

3 SP IdP SP Coordinating Centre Federation Service Providers Identity Providers Users Organisations IdP SP Key Roles within an Access Management Federation

4 EDINA A National Data Centre for Tertiary Education since 1995 …enhance the productivity of research, learning and teaching in UK higher and further education Focus is on services but also undertake r&D Shibboleth used primarily in academic sector –https://www.aai.dfn.de/links/https://www.aai.dfn.de/links/ –https://spaces.internet2.edu/display/SHIB/ShibbolethFederationshttps://spaces.internet2.edu/display/SHIB/ShibbolethFederations EDINA provides technical support in the operation of the UK Access Management Federation –Approx 8 million users –837 Member Organisations (IdPs and SPs) EDINA

5 Why put effort into federated access control? Authentication is the process of verifying that claims made concerning a subject, eg, identity, who is attempting to access a resource are true, ie, authentic Frequently, SDI content and service providers need to know who is accessing their valuable, secure, protected, etc, data The ability for a group of organisations with common objectives, ie, a federation, to securely exchange authentication information is a powerful SDI enabler Example: Article 19 of the INSPIRE Directive ”…Member States may limit public access…etc, etc”. Even more so if removing some of the barriers to interoperability…

6 Why put effort into federated access control round OWS? Open geospatial interoperability standards underpin SDI OGC Standards agnostic about security Grand challenge: lack of a genuinely interoperable security solution a major barrier to all sectors EU requested that ESDIN project focus on testing practical existing solutions

7 Work to Date: ESDIN Project Resourced EDINA to build on in-house access control expertise An eContentplus Best Practice Network project Ran from Sept 2008 until end Feb 2011 Coordinated by EuroGeographics From AuthN perspective, the main ESDIN Use Case was Key Users, eg, EEA, EuroStat, JRC, accessing INSPIRE Annex 1 services from different member states Key goal: help member states prepare their data for INSPIRE Annex 1 themes

8 EDINA’s Role in ESDIN Bring experience of: –putting up operational OGC Web Services –access management A point of contact for the European academic sector Help the NMCAs understand academic sector market Bring academic users Report on work done: –http://www.esdin.eu/sites/esdin.eu/files/ESDIN%20D11% 206%20services%20academic%20sector%20v4%200.pdfhttp://www.esdin.eu/sites/esdin.eu/files/ESDIN%20D11% 206%20services%20academic%20sector%20v4%200.pdf

9 Steps towards... Our users; students, lecturers, etc, getting access to INSPIRE compliant services: –for research –for education Our UK users getting access to European data And European academic sector users getting access to UK data Development of a European academic SDI

10 Key Vehicle - PTB Objectives To act as a research test-bed for collaborative European research in geospatial interoperability, To aid the assessment of the current standards for geospatial interoperability in terms of research compatibility, completeness, consistency and ease of use and extensibility To provide an environment for teaching standards and techniques for geospatial interoperability To provide a resource to AGILE/EuroSDR/OGC for the coordination of research requirements as well as definition, testing, validation and development of open standards

11 Overall Goal Public sector Academic sector Real world SDI R&D requirements Resources Data Better educated graduates Future customers/employees used to using high quality public sector reference data via Geospatial Web Services R&D requirements get met Virtuous Circle

12 OGC Interoperability Experiments (IE’s) Key vehicle for taking the work forward Simple, low overhead, means for OGC members to get together and advance specific technical objectives within the OGC baseline Facilitated by OGC staff More lightweight than the OGC Web Services initiatives Focussed on specific interoperability issues Effort is viewed as voluntary and supported by in-kind contributions by participating member organisations Duration normally around 6 months

13 Authentication IE Test standard ways of authentication between OGC clients and OGC Web Services Intended that the following mechanisms would be tested: HTTP Authentication; HTTP Cookies; SSL/X509; SAML; Shibboleth; OpenID; WS-Security ESDIN concentrated on: –Putting together a prototype Shibboleth Access Management Federation comprised mainly of NMCA’s –Understanding how OWS clients could be modified to be capable of undergoing the Shibboleth interactions OGC Engineering Report: Doc 09-092r1

14 OGC Web Services Shibboleth IE (OSI) Started Aug 2010 Previous work had shown it was possible to protect WMS with Shibb so that: –No mods required to the OGC interfaces –No mods required to Shibb download –BUT mods required to OWS clients OSI provided the OGC software producing community with means and opportunity of modifying OWS clients to work with Shibb Emphasis on desktop OWS client software Provide participants with the opportunity to demonstrate their software in action.

15 OSI - How Use the test ESDIN Federation to provide OSI participants with services to develop against Provide an open source reference implementation of a modified desktop client conformant with the SAML ECP Profile –http://esdin.fgi.fi/wiki/index.php/Esdin:AuthIE:Clienthttp://esdin.fgi.fi/wiki/index.php/Esdin:AuthIE:Client Provide some technical support, eg, with OpenLayers clients conformant with the Web Browser SSO Profile Regular telcons OSI Technology Integration Experiment event

16 Technology Integration Experiment Webinar Afternoon of Thurs 18 th November Approx 30 people turned up on the day EDINA, Snowflake, Cadcorp, Envitia, con terra, JRC all demonstrated: –Different clients (desktop, browser, proxy) –Different services (WMS and WFS) –Different federations (ESDIN and BKG)

17 OSI - Outcomes Using Shibboleth to protect OWS is practical Not particularly difficult on server side Not particularly difficult with browser based clients More subtle with desktop based clients but possible with some effort in short space of time This kind of “IE testbed” approach appreciated by participating OGC members Highly likely community support and tooling will be available if decision made to operationalise Draft Engineering Report (OGC 11-019r1)

18 Interoperable Geographic Information for Biosphere Study JISC funded IGIBS project from Apr 1 st to 31 st Oct 2011 Partnership between EDINA, Aberystwyth University and Welsh Assembly Government (WAG) Focussed on Research and Education related to the UNESCO Dyfi Biosphere Reserve Allow users to create WMS’s to view data in conjunction with reference data from WAG Access control so: –Students can publish intermediary results, or commercial in confidence datasets, etc. –WAG can make available a wider range of data Better integration between academic and public sector Opportunity to transfer knowledge and explore (a bit)

19 Workshop at INSPIRE Conference in June Title: Shibboleth Federations and Secure SDI: Outcome and Demonstrations from the OGC Web Service Shibboleth Interoperability Experiment Original intention is a re-run of the Nov 2010 “plugfest” More public, slicker More member state NMCA’s in ESDIN Federation Maybe get more system suppliers to modify their software Up the level of discussion

20 Consequences If they operationalise, it will be good for the academic sector: –More Shibb enabled software/tooling will become available –Our sector already had the technology in place and has understanding –Well positioned to negotiate for access to data and services


Download ppt "OGC Interoperability Experiments & Authentication Association GI Laboratories Europe (AGILE) pre-conference work shop. Testbed research: Testing Geospatial."

Similar presentations


Ads by Google