Presentation is loading. Please wait.

Presentation is loading. Please wait.

OGC Interoperability Experiments & Authentication Association GI Laboratories Europe (AGILE) pre-conference work shop. Testbed research: Testing Geospatial.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "OGC Interoperability Experiments & Authentication Association GI Laboratories Europe (AGILE) pre-conference work shop. Testbed research: Testing Geospatial."— Presentation transcript:

1 OGC Interoperability Experiments & Authentication Association GI Laboratories Europe (AGILE) pre-conference work shop. Testbed research: Testing Geospatial and Services/Persistent Testbed, Utrecht, The Netherlands, 18 th April, 2011. chris.higgins@ed.ac.uk EDINA National Data Centre, University of Edinburgh

2 Shibboleth Internet2 consortium Open source package for web Single Sign On across admin boundaries based on standards: –Security Assertion Markup Language (SAML)‏ Organisations can exchange user information and make security assertions by obeying privacy policies Devolved authentication – maintain and leverage existing user management Enables finer grained authorisation through use of attributes Small coordination centre, large federation of organisations (service and identity providers)

3 SP IdP SP Coordinating Centre Federation Service Providers Identity Providers Users Organisations IdP SP Key Roles within an Access Management Federation

4 EDINA A National Data Centre for Tertiary Education since 1995 …enhance the productivity of research, learning and teaching in UK higher and further education Focus is on services but also undertake r&D Shibboleth used primarily in academic sector –https://www.aai.dfn.de/links/https://www.aai.dfn.de/links/ –https://spaces.internet2.edu/display/SHIB/ShibbolethFederationshttps://spaces.internet2.edu/display/SHIB/ShibbolethFederations EDINA provides technical support in the operation of the UK Access Management Federation –Approx 8 million users –837 Member Organisations (IdPs and SPs) EDINA

5 Why put effort into federated access control? Authentication is the process of verifying that claims made concerning a subject, eg, identity, who is attempting to access a resource are true, ie, authentic Frequently, SDI content and service providers need to know who is accessing their valuable, secure, protected, etc, data The ability for a group of organisations with common objectives, ie, a federation, to securely exchange authentication information is a powerful SDI enabler Example: Article 19 of the INSPIRE Directive ”…Member States may limit public access…etc, etc”. Even more so if removing some of the barriers to interoperability…

6 Why put effort into federated access control round OWS? Open geospatial interoperability standards underpin SDI OGC Standards agnostic about security Grand challenge: lack of a genuinely interoperable security solution a major barrier to all sectors EU requested that ESDIN project focus on testing practical existing solutions

7 Work to Date: ESDIN Project Resourced EDINA to build on in-house access control expertise An eContentplus Best Practice Network project Ran from Sept 2008 until end Feb 2011 Coordinated by EuroGeographics From AuthN perspective, the main ESDIN Use Case was Key Users, eg, EEA, EuroStat, JRC, accessing INSPIRE Annex 1 services from different member states Key goal: help member states prepare their data for INSPIRE Annex 1 themes

8 EDINA’s Role in ESDIN Bring experience of: –putting up operational OGC Web Services –access management A point of contact for the European academic sector Help the NMCAs understand academic sector market Bring academic users Report on work done: –http://www.esdin.eu/sites/esdin.eu/files/ESDIN%20D11% 206%20services%20academic%20sector%20v4%200.pdfhttp://www.esdin.eu/sites/esdin.eu/files/ESDIN%20D11% 206%20services%20academic%20sector%20v4%200.pdf

9 Steps towards... Our users; students, lecturers, etc, getting access to INSPIRE compliant services: –for research –for education Our UK users getting access to European data And European academic sector users getting access to UK data Development of a European academic SDI

10 Key Vehicle - PTB Objectives To act as a research test-bed for collaborative European research in geospatial interoperability, To aid the assessment of the current standards for geospatial interoperability in terms of research compatibility, completeness, consistency and ease of use and extensibility To provide an environment for teaching standards and techniques for geospatial interoperability To provide a resource to AGILE/EuroSDR/OGC for the coordination of research requirements as well as definition, testing, validation and development of open standards

11 Overall Goal Public sector Academic sector Real world SDI R&D requirements Resources Data Better educated graduates Future customers/employees used to using high quality public sector reference data via Geospatial Web Services R&D requirements get met Virtuous Circle

12 OGC Interoperability Experiments (IE’s) Key vehicle for taking the work forward Simple, low overhead, means for OGC members to get together and advance specific technical objectives within the OGC baseline Facilitated by OGC staff More lightweight than the OGC Web Services initiatives Focussed on specific interoperability issues Effort is viewed as voluntary and supported by in-kind contributions by participating member organisations Duration normally around 6 months

13 Authentication IE Test standard ways of authentication between OGC clients and OGC Web Services Intended that the following mechanisms would be tested: HTTP Authentication; HTTP Cookies; SSL/X509; SAML; Shibboleth; OpenID; WS-Security ESDIN concentrated on: –Putting together a prototype Shibboleth Access Management Federation comprised mainly of NMCA’s –Understanding how OWS clients could be modified to be capable of undergoing the Shibboleth interactions OGC Engineering Report: Doc 09-092r1

14 OGC Web Services Shibboleth IE (OSI) Started Aug 2010 Previous work had shown it was possible to protect WMS with Shibb so that: –No mods required to the OGC interfaces –No mods required to Shibb download –BUT mods required to OWS clients OSI provided the OGC software producing community with means and opportunity of modifying OWS clients to work with Shibb Emphasis on desktop OWS client software Provide participants with the opportunity to demonstrate their software in action.

15 OSI - How Use the test ESDIN Federation to provide OSI participants with services to develop against Provide an open source reference implementation of a modified desktop client conformant with the SAML ECP Profile –http://esdin.fgi.fi/wiki/index.php/Esdin:AuthIE:Clienthttp://esdin.fgi.fi/wiki/index.php/Esdin:AuthIE:Client Provide some technical support, eg, with OpenLayers clients conformant with the Web Browser SSO Profile Regular telcons OSI Technology Integration Experiment event

16 Technology Integration Experiment Webinar Afternoon of Thurs 18 th November Approx 30 people turned up on the day EDINA, Snowflake, Cadcorp, Envitia, con terra, JRC all demonstrated: –Different clients (desktop, browser, proxy) –Different services (WMS and WFS) –Different federations (ESDIN and BKG)

17 OSI - Outcomes Using Shibboleth to protect OWS is practical Not particularly difficult on server side Not particularly difficult with browser based clients More subtle with desktop based clients but possible with some effort in short space of time This kind of “IE testbed” approach appreciated by participating OGC members Highly likely community support and tooling will be available if decision made to operationalise Draft Engineering Report (OGC 11-019r1)

18 Interoperable Geographic Information for Biosphere Study JISC funded IGIBS project from Apr 1 st to 31 st Oct 2011 Partnership between EDINA, Aberystwyth University and Welsh Assembly Government (WAG) Focussed on Research and Education related to the UNESCO Dyfi Biosphere Reserve Allow users to create WMS’s to view data in conjunction with reference data from WAG Access control so: –Students can publish intermediary results, or commercial in confidence datasets, etc. –WAG can make available a wider range of data Better integration between academic and public sector Opportunity to transfer knowledge and explore (a bit)

19 Workshop at INSPIRE Conference in June Title: Shibboleth Federations and Secure SDI: Outcome and Demonstrations from the OGC Web Service Shibboleth Interoperability Experiment Original intention is a re-run of the Nov 2010 “plugfest” More public, slicker More member state NMCA’s in ESDIN Federation Maybe get more system suppliers to modify their software Up the level of discussion

20 Consequences If they operationalise, it will be good for the academic sector: –More Shibb enabled software/tooling will become available –Our sector already had the technology in place and has understanding –Well positioned to negotiate for access to data and services

Download ppt "OGC Interoperability Experiments & Authentication Association GI Laboratories Europe (AGILE) pre-conference work shop. Testbed research: Testing Geospatial."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Introduction to the COBWEB project Fri 24th Nov, 2012, GEO-IX Plenary, Foz do Iguaçu, Brazil. Chris Higgins, Project Coordinator, EDINA National Data Centre,

Introduction to the COBWEB project Fri 24th Nov, 2012, GEO-IX Plenary, Foz do Iguaçu, Brazil. Chris Higgins, Project Coordinator, EDINA National Data Centre,
WORKSHOP: Shibboleth Federations and Secure SDI: Outcomes and Demonstrations from the OGC Web Service Shibboleth Interoperability Experiment Chris Higgins,

WORKSHOP: Shibboleth Federations and Secure SDI: Outcomes and Demonstrations from the OGC Web Service Shibboleth Interoperability Experiment Chris Higgins,
Joint Information Systems Committee Supporting Higher and Further Education Portals and the JISC Information Environment Strategy Chris Awre Programme.

Joint Information Systems Committee Supporting Higher and Further Education Portals and the JISC Information Environment Strategy Chris Awre Programme.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Report on main ESDIN PTB related activities AGILE 2010 Pre-conference Workshop, European Persistent Geospatial Testbed for Research and Education (PTB),

Report on main ESDIN PTB related activities AGILE 2010 Pre-conference Workshop, European Persistent Geospatial Testbed for Research and Education (PTB),
Shibboleth Access Management Federations as an Organisational Model for SDI C.I.Higgins, M.Koutroumpas, A.Seales, EDINA National Datacentre, Scotland A.Matheus,

Shibboleth Access Management Federations as an Organisational Model for SDI C.I.Higgins, M.Koutroumpas, A.Seales, EDINA National Datacentre, Scotland A.Matheus,
Where next…. Stakeholder workshop, 29 Jan 2003. To the end of the project.

Where next…. Stakeholder workshop, 29 Jan To the end of the project.
UKOLN and the Institutional Web Service UKOLN (UK Office for Library and Information Networking) is a research and dissemination unit based at the University.

UKOLN and the Institutional Web Service UKOLN (UK Office for Library and Information Networking) is a research and dissemination unit based at the University.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
The CTCN Services UNEP – March 5th, 2014, Nairobi, Kenya.

The CTCN Services UNEP – March 5th, 2014, Nairobi, Kenya.
Secure access to spatial data for academia – the UK experience Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public.

Secure access to spatial data for academia – the UK experience Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public.
Geospatial Standards – Experiences for the UK Academic Community Workshop on Grid Middleware and Geospatial Standards for Earth System Science Data, National.

Geospatial Standards – Experiences for the UK Academic Community Workshop on Grid Middleware and Geospatial Standards for Earth System Science Data, National.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
Authentication methods: Shibboleth UKLII: Data Publishing Working Group, Welsh Assembly Government, Cardiff. 28 th March 2011

Authentication methods: Shibboleth UKLII: Data Publishing Working Group, Welsh Assembly Government, Cardiff. 28 th March 2011
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.

® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.
Shibboleth Access Management Federations and Secure SDI: ESDIN Experience from the OGC Authentication Interoperability Experiment C.I.Higgins, M.Koutroumpas,

Shibboleth Access Management Federations and Secure SDI: ESDIN Experience from the OGC Authentication Interoperability Experiment C.I.Higgins, M.Koutroumpas,
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Similar presentations

Ads by Google