1 / 14

Secure access to spatial data for academia – the UK experience

Secure access to spatial data for academia – the UK experience. Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public Administrations , KU Leuven, 17 th March, 2014 Chris Higgins, chris.higgins@ed.ac.uk. EDINA.

hide
Download Presentation

Secure access to spatial data for academia – the UK experience

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure access to spatial data for academia – the UK experience Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public Administrations, KU Leuven, 17th March, 2014 Chris Higgins, chris.higgins@ed.ac.uk

  2. EDINA • Jisc-designated centre of expertise and online services since 1995 • based at the University of Edinburgh • Jisc: champions the use of digital technologies in UK education and research • EDINA’s mission... …develop and deliver shared services and infrastructure for research and education. • focus is on service but also undertake r&D • turn projects  services • substantial experience in handling geospatial data

  3. UKAMF • UK Access Management Federation (UKAMF) • Approx. 8 million users • Approx. 400 entities (Identity Providers (IdPs) and Service Providers (SPs)) • Operated by EDINA and Jisc • Largest academic federation in the world • Mostly Shibboleth: an open source implementation of SAML but some non-Shibb SAML entities • Agnostic about AuthZ, at discretion of SPs. • A framework for exchanging access management information – see rules of membership • SP entirely responsible for management of access rights to its services

  4. Related geospatial projects

  5. ESDIN • Resourced EDINA to build on in-house access control expertise • An eContentplus Best Practice Network project • Ran from Sept 2008 until end Feb 2011 • Coordinated by EuroGeographics • From AuthN perspective, the main ESDIN Use Case was Key Users, eg, EEA, EuroStat, JRC, accessing INSPIRE Annex 1 services from different member states • Key goal: help member states prepare their data for INSPIRE Annex 1 themes

  6. OGC Interoperability Experiments (IE’s) • Key vehicle for taking the work forward • Simple, low overhead, means for OGC members to get together and advance specific technical objectives within the OGC baseline • Facilitated by OGC staff • More lightweight than the OGC Web Services initiatives • Focussed on specific interoperability issues • Effort is viewed as voluntary and supported by in-kind contributions by participating member organisations • Duration normally around 6 months

  7. OGC Web Services Shibboleth IE (OSI) • Started Aug 2010 • Previous work had shown it was possible to protect WMS with Shibb so that: • No mods required to OGC interface • No mods required to Shibb download • BUT mods required to OWS clients • OSI provided the OGC software producing community with means and opportunity of modifying OWS clients to work with Shibb • Emphasis on desktop OWS client software • Provide participants with the opportunity to demonstrate their software in action.

  8. OSI - How • Use the test ESDIN Federation to provide OSI participants with services to develop against • Provide an open source reference implementation of a modified desktop client conformant with the SAML ECP Profile • http://esdin.fgi.fi/wiki/index.php/Esdin:AuthIE:Client • Provide some technical support, eg, with OpenLayers clients conformant with the Web Browser SSO Profile • Regular telcons • OSI Technology Integration Experiment event

  9. OSI/ESDIN – Some outcomes • Using Shibboleth to protect OWS is practical • Not particularly difficult on server side or with browser based clients • More subtle with desktop based clients but possible with some effort in short space of time • This kind of “IE testbed” approach appreciated by participating OGC members • Highly likely community support and tooling will be available if decision made to operationalise

  10. Some references • OGC Engineering Report (OGC 11-019r2) • https://portal.opengeospatial.org/files/?artifact_id=47852 • IJSDIR paper. Shibboleth Access Management Federations as an Organisational Model for SDI • http://ijsdir.jrc.ec.europa.eu/index.php/ijsdir/article/view/245/324 • Workshop at INSPIRE 2011. Shibb Federations and Secure SDI: Outcome and Demonstrations from the OGC Web Service Shibboleth Interoperability Experiment • http://igibs.blogs.edina.ac.uk/inspire2011/

  11. Citizen Observatory Web 4 year FP7 funded research project Crowdsourced environmental data to aid decision making Introduce quality measures and reduce uncertainty Combine crowdsourced data with existing sources of data

  12. A GEOSS Project Global Earth Observation System of Systems “Data collected should be made available through the GEOSS without any restrictions” But, we must address “questions of privacy…” Some kinds of protected data that may be encountered during the project: Personal information, eg, name, email address Location protected species Reference data from European National Mapping and Cadastral Agencies Conflated data

  13. GEOSS Architecture Implementation Pilots (AIP) One of the means by which GEOSS addresses interoperability issues and GEOSS Common Infrastructure extension work Led by the OGC All contributions are in-kind Phased approach In AIP-6 we piloted the use of access management federations

  14. COBWEB/GEOSS AIP-6 Federation Identity Provider (IdP) Trust Gateway (TG) to OpenID Service Provider (SP) Discovery Service (DS) Catapult CUAHSI* NASA Ames Secure Dimensions “GEOSS user” Single-Sign-On MEEO Google OpenId EarthServer (FP7) project Kst. GDI.DE University of Edinburgh *: Consortium of Universities for the Advancement of Hydrologic Science

More Related