1 / 10

GEOSS Authentication and Single Sign-On

GEOSS Authentication and Single Sign-On. Steven F. Browdy OMS Tech, Inc. IEEE. Background and History. Initial research started during AIP-3 Motivated by the DSWG Implementation Guidelines of the Data Sharing Principles. Is not bring viewed as data access restriction.

mahon
Download Presentation

GEOSS Authentication and Single Sign-On

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. GEOSS Authentication and Single Sign-On Steven F. Browdy OMS Tech, Inc. IEEE May 7, 2013 CEOS WGISS-35 Meeting

  2. Background and History • Initial research started during AIP-3 • Motivated by the DSWG Implementation Guidelines of the Data Sharing Principles. • Is not bring viewed as data access restriction. • Initially considered OpenID, OAuth, and Shibboleth • Decided to drop OAuth • Not concerned at this point with authorization (access control), just authentication. • DSWG has many examples of data providers that just want to know “who is using my data.” May 7, 2013 CEOS WGISS-35 Meeting

  3. Provider’s Site Resources (Data and Services) Authentication Service Authorization Service User Answers “is this User XYZ?” by verifying the identity Answers “what can User XYZ do?” by checking identity against stored access constraint rules May 7, 2013 CEOS WGISS-35 Meeting

  4. Background and History • Decided to drop Shibboleth • To hard an impact to require of data providers. • Examples of implementation case studies that concluded Shibboleth took a lot of effort to implement. • No work on this for AIP-4 • Picked up again in AIP-5 • Decided to include SAML 2.0 (Security Assertion Markup Language) to exchange user credentials via XML. • Works with many user management security systems • Lightweight implementation requirements • Developed use cases to implement in AIP-6. May 7, 2013 CEOS WGISS-35 Meeting

  5. Main Goals • Federated solution that has minimal to no impact on the GCI. • Lightweight implementation requirements for data providers. • A solution that can evolve. May 7, 2013 CEOS WGISS-35 Meeting

  6. Current Use Cases • Registration for Authentication via OpenID • Organizational user registration for Authentication via SAML2 • Registration as OpenID user for SAML2 Users • OpenID-Protected Data Access via OpenID Authentication • SAML2-Protected Data Access via OpenID Authentication • OpenID-Protected Data Access via SAML2 Authentication • SAML2-Protected Data Access via SAML2 Authentication • Registering and Modifying a New Identity or Service Provider for SAML2 Trust Gateway • Identification as "GEOSS User" During Registration May 7, 2013 CEOS WGISS-35 Meeting

  7. Unofficial Tentative Plan May 7, 2013 CEOS WGISS-35 Meeting

  8. AIP-6 Plans • Implement the use cases to test the federated authentication and single sign-on solution. • Will work with partners that have an interest in establishing the viability of the solution in terms of meeting the goals. • COBWEB project • NASA • CUAHSI • Create demo for GEO Summit in January, 2014 • Generate appropriate documentation May 7, 2013 CEOS WGISS-35 Meeting

  9. Some OpenID-Approved Identity Servers • US Government • Google • Equifax • PayPal • VeriSign • Verizon • EC – INSPIRE ??? May 7, 2013 CEOS WGISS-35 Meeting

  10. Q & A May 7, 2013 CEOS WGISS-35 Meeting

More Related