Secure access to spatial data for academia the uk experience
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

Secure access to spatial data for academia – the UK experience PowerPoint PPT Presentation


  • 52 Views
  • Uploaded on
  • Presentation posted in: General

Secure access to spatial data for academia – the UK experience. Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public Administrations , KU Leuven, 17 th March, 2014 Chris Higgins, [email protected] EDINA.

Download Presentation

Secure access to spatial data for academia – the UK experience

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Secure access to spatial data for academia the uk experience

Secure access to spatial data for academia – the UK experience

Workshop,

Authentication, Authorization and Accounting for Data and Services in EU Public Administrations,

KU Leuven,

17th March, 2014

Chris Higgins,

[email protected]


Edina

EDINA

  • Jisc-designated centre of expertise and online services since 1995

    • based at the University of Edinburgh

  • Jisc: champions the use of digital technologies in UK education and research

  • EDINA’s mission...

    …develop and deliver shared services and

    infrastructure for research and education.

  • focus is on service but also undertake r&D

    • turn projects  services

  • substantial experience in handling geospatial data


Ukamf

UKAMF

  • UK Access Management Federation (UKAMF)

    • Approx. 8 million users

    • Approx. 400 entities (Identity Providers (IdPs) and Service Providers (SPs))

    • Operated by EDINA and Jisc

    • Largest academic federation in the world

  • Mostly Shibboleth: an open source implementation of SAML but some non-Shibb SAML entities

  • Agnostic about AuthZ, at discretion of SPs.

  • A framework for exchanging access management information – see rules of membership

    • SP entirely responsible for management of access rights to its services


Related geospatial projects

Related geospatial projects


Esdin

ESDIN

  • Resourced EDINA to build on in-house access control expertise

  • An eContentplus Best Practice Network project

  • Ran from Sept 2008 until end Feb 2011

  • Coordinated by EuroGeographics

  • From AuthN perspective, the main ESDIN Use Case was Key Users, eg, EEA, EuroStat, JRC, accessing INSPIRE Annex 1 services from different member states

  • Key goal: help member states prepare their data for INSPIRE Annex 1 themes


Ogc interoperability experiments ie s

OGC Interoperability Experiments (IE’s)

  • Key vehicle for taking the work forward

  • Simple, low overhead, means for OGC members to get together and advance specific technical objectives within the OGC baseline

  • Facilitated by OGC staff

  • More lightweight than the OGC Web Services initiatives

  • Focussed on specific interoperability issues

  • Effort is viewed as voluntary and supported by in-kind contributions by participating member organisations

  • Duration normally around 6 months


Ogc web services shibboleth ie osi

OGC Web Services Shibboleth IE (OSI)

  • Started Aug 2010

  • Previous work had shown it was possible to protect WMS with Shibb so that:

    • No mods required to OGC interface

    • No mods required to Shibb download

    • BUT mods required to OWS clients

  • OSI provided the OGC software producing community with means and opportunity of modifying OWS clients to work with Shibb

  • Emphasis on desktop OWS client software

  • Provide participants with the opportunity to demonstrate their software in action.


Osi how

OSI - How

  • Use the test ESDIN Federation to provide OSI participants with services to develop against

  • Provide an open source reference implementation of a modified desktop client conformant with the SAML ECP Profile

    • http://esdin.fgi.fi/wiki/index.php/Esdin:AuthIE:Client

  • Provide some technical support, eg, with OpenLayers clients conformant with the Web Browser SSO Profile

  • Regular telcons

  • OSI Technology Integration Experiment event


Osi esdin some outcomes

OSI/ESDIN – Some outcomes

  • Using Shibboleth to protect OWS is practical

  • Not particularly difficult on server side or with browser based clients

  • More subtle with desktop based clients but possible with some effort in short space of time

  • This kind of “IE testbed” approach appreciated by participating OGC members

  • Highly likely community support and tooling will be available if decision made to operationalise


Some references

Some references

  • OGC Engineering Report (OGC 11-019r2)

    • https://portal.opengeospatial.org/files/?artifact_id=47852

  • IJSDIR paper. Shibboleth Access Management Federations as an Organisational Model for SDI

    • http://ijsdir.jrc.ec.europa.eu/index.php/ijsdir/article/view/245/324

  • Workshop at INSPIRE 2011. Shibb Federations and Secure SDI: Outcome and Demonstrations from the OGC Web Service Shibboleth Interoperability Experiment

    • http://igibs.blogs.edina.ac.uk/inspire2011/


Citizen observatory web

Citizen Observatory Web

4 year FP7 funded research project

Crowdsourced environmental data to aid decision making

Introduce quality measures and reduce uncertainty

Combine crowdsourced data with existing sources of data


A geoss project

A GEOSS Project

Global Earth Observation System of Systems

“Data collected should be made available through the GEOSS without any restrictions”

But, we must address “questions of privacy…”

Some kinds of protected data that may be encountered during the project:

Personal information, eg, name, email address

Location protected species

Reference data from European National Mapping and Cadastral Agencies

Conflated data


Geoss architecture implementation pilots aip

GEOSS Architecture Implementation Pilots (AIP)

One of the means by which GEOSS addresses interoperability issues and GEOSS Common Infrastructure extension work

Led by the OGC

All contributions are in-kind

Phased approach

In AIP-6 we piloted the use of access management federations


Cobweb geoss aip 6 federation

COBWEB/GEOSS AIP-6 Federation

Identity Provider (IdP)

Trust Gateway (TG)

to OpenID

Service Provider (SP)

Discovery Service (DS)

Catapult

CUAHSI*

NASA Ames

Secure Dimensions

“GEOSS user” Single-Sign-On

MEEO

Google OpenId

EarthServer (FP7) project

Kst. GDI.DE

University of Edinburgh

*: Consortium of Universities for the Advancement of Hydrologic Science


  • Login