SE
Download
1 / 18

SE cur E access to GEO spatial services - PowerPoint PPT Presentation


  • 123 Views
  • Uploaded on

SE cur E access to GEO spatial services. OGC-OGF Collaboration workshop Open Grid Forum 22 (OGF22) February, 2007 Chris Higgins (EDINA, University of Edinburgh) [email protected] EDINA National Data Centre.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' SE cur E access to GEO spatial services' - kris


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

SEcurE access to GEOspatial services

OGC-OGF Collaboration workshop

Open Grid Forum 22 (OGF22)

February, 2007

Chris Higgins

(EDINA, University of Edinburgh)

[email protected]


Edina national data centre
EDINA National Data Centre

  • A National Data Centre for Tertiary Education since 1995, based at the University of Edinburgh

  • Our mission...

  • to enhance the productivity of research, learning and teaching in UK higher and further education

  • Focus is on services but also undertake r&D

    • turn projects  services

  • Substantial experience in handling geospatial data


Why interested in grid
Why interested in Grid?

  • Lots of users, eg, ~30000 students registered for our Ordnance Survey service.

  • Need to be able to scale:

    • SOA comprised mainly of OGC Web Services for use in the academic sector: an academic Spatial Data Infrastructure

    • high load; dont want to restrict services and cant afford to buy endless hardware (that sits unused most of the time)

  • Supporting eResearch. Grid characteristics and goals (Technical Strategy OGF 2007-2010):

    • infrastructure virtualisation

    • resource pooling and sharing

    • self monitoring/improvement

    • dynamic resource provisioning

    • highest Quality of Service


Grid OGC Collision Programme

  • JISC (Joint Information Systems Committee) Programme

    • Funded by the UK HFE funding councils

    • Supports teaching, learning, research and administration

    • Provides strategic guidance to UK HFE on use of ICT

  • Grid OGC Collision in context of wider UK e-infrastructure

    • “…embraces networks, grids, data centres and collaborative environments, and can include supporting operations centres, service registries, single-sign on, certificate authorities, training and help-desk services.  Most importantly, it is the integration of these that defines e-Infrastructure.”


SEcurE access to GEOspatial services

  • Aiming to demonstrate how access to GI on Grid may be achieved:

    • Shibboleth

    • WS-Security

    • GSI

    • OGC Web Services

  • Partners: EDINA, NeSC, NCeSS, MIMAS

  • Main deliverables are a report and a number of demonstrators:

    • National datacentre

    • e-Social Science

    • Orchestration

  • Would welcome your input on next demonstrator


1 ordnance survey mastermap
#1 Ordnance Survey MasterMap

  • UK National Topographic Database

  • 400+ million features

  • Encoded in Geography Markup Language (GML)

  • EDINA uses Web Feature Servers (WFS) within our architecture – service launched Sept 2007

  • We want to make WFS directly available


Ows 4 geodrm architecture

Consumer

Broker

Manager

Deliveryman

End-User

OWS-4 GeoDRM Architecture

Reference:

GeoDRM Engineering Viewpoint

Elfers, Wagner

OGC meeting San Diego, GeoDRM WG

2006-12-13

Identity Provider

Authentication

Service

conditions

OWS

Client

Gatekeeper

(Enforcement)

OWS

Service

OWS

Client

GeoDRM

Client

Authorization

Service (Decision)

License

Broker

License

Manager

(Administration)


  • Gatekeeper is transparent; extension for OGC W*S

    • Adds GeoDRM functionality and information (e.g. capabilities)

    • Accepts identity and/or license tokens with the W*S payload

  • Authentication Service

    • Provides identity tokens for in-band authentication

    • Authentication Service could be used as central service in a federation

      • Authentication and retrieval of user information

      • Single-Sign-On and Single-Log-Out

      • Support different authentication methodologies (harmonization)

  • Authorization Service is responsible for all authorization and validity checks

    • Integrity, authenticity and origin of messages, signatures, etc.

    • Authorization based on local rights (classical access control) as well as on-the-fly resolved rights from licenses


  • License Broker negotiates Licenses with the Client

    • Different types of Offerings; those define the further negotiation-workflows

    • On agreement: Broker stores License in License Manager, Client receives a Reference Token

  • License Manager manages Licenses (surprise!)

    • License are fetched by the AuthZ-Service using the reference

    • Manager could be used as central service in a federation

      • Storage in Federation

      • Global “License Revoke” (similar to single-log-out)


AuthN: Shibboleth

1. User attempts to access a Shibboleth-protected resource on the SP site.

2.,3. User is redirected to the WAYF in order to select home organisation (IdP).

4. IdP ensures that user is authenticated, by whatever means IdP deems appropriate.

5. After successful authentication, a one-time handle (session identifier) is generated for this user session.

6. SP uses the handle to request attribute information from the IdP for this user.

7. IdP allows or denies attribute information to be made available to this SP using the Attribute Release policy.

8. Based on the attribute information made available, SP allows or denies the user access to the resource.

User

3

1

8

4

Where are you from (WAYF)

2

Identity

Provider

(IdP)

Service

Provider

(SP)

5

6

7


UK National Grid Service

  • Mission: provide coherent electronic access for UK researchers to all computational and data based resources and facilities required to carry out their research, independent of resource or researcher location

  • Largest National Grid Initiative outside US

  • Claims to have the largest grid PKI infrastructure

  • Approx 500 registered users (April 2007)

  • Predominantly focussed on compute and storage at present

  • “Content” = Services; data, computation, ...NGS will only grow if the content grows

  • Limited data sets available

  • Exploring use of their facilities for hosting MasterMap


2 the see geo esocsci exemplar
#2 the SEE-GEO eSocSci exemplar

Refactored as Web Processing Service


OGSA-DAI WPS implementation

  • OGSA-DAI activities, a simple pipeline, eg, GDAS getData, GLS geoLink, WFS getFeature

  • Additional GLS implementations simplified if activities already exist (multiple different ways to implement GLS)

  • We can now do the following with relatively little extra work:

    • Choose different framework datasets dynamically

    • Merge GDAS XML directly into an RDBMS dataset

    • Implement filters, eg, bbox, currently must use geolinkage field values (geolinkids)

    • Transfer data using GridFTP

    • Protect using Grid Security Infrastructure (GSI)

  • Feature based data processing and OGSA-DAI as a toolkit for building additional WPS.


Security at the moment

Authenticate here

IP restrict services to OGSA-DAI server

IP restrict WPS to application server


Some security options considerations
Some security options/considerations

  • Workflow Use Cases vital

  • Different service, different licence

  • Requirement for secondary authentication

  • Other possible security options include:

    • Use GSI

    • Web services as in #1

  • Must avoid solutions that do not scale easily

  • Need consensus

  • Need to be closer to production services and not research


3 distributed federations
#3 Distributed Federations

  • European Persistent Geospatial Testbed for Research and Education

  • Collaboration AGILE, EuroSDR and OGC

  • Aims:

    • research test-bed for collaborative European research in geospatial interoperability

    • aid the assessment of the current standards for geospatial interoperability in terms of research compatibility, completeness, consistency and ease of use and extensibilit

    • an environment for teaching standards and techniques for geospatial interoperability

    • a resource to AGILE/EuroSDR/OGC for the coordination of research requirements as well as definition, testing, validation and development of open standards



End

Questions?

Chris Higgins

(EDINA, University of Edinburgh)

[email protected]


ad