secure access to spatial data for academia the uk experience n.
Skip this Video
Download Presentation
Secure access to spatial data for academia – the UK experience

Loading in 2 Seconds...

play fullscreen
1 / 14

Secure access to spatial data for academia – the UK experience - PowerPoint PPT Presentation

  • Uploaded on

Secure access to spatial data for academia – the UK experience. Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public Administrations , KU Leuven, 17 th March, 2014 Chris Higgins, EDINA.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Secure access to spatial data for academia – the UK experience' - hide

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure access to spatial data for academia the uk experience

Secure access to spatial data for academia – the UK experience


Authentication, Authorization and Accounting for Data and Services in EU Public Administrations,

KU Leuven,

17th March, 2014

Chris Higgins,

  • Jisc-designated centre of expertise and online services since 1995
    • based at the University of Edinburgh
  • Jisc: champions the use of digital technologies in UK education and research
  • EDINA’s mission...

…develop and deliver shared services and

infrastructure for research and education.

  • focus is on service but also undertake r&D
    • turn projects  services
  • substantial experience in handling geospatial data
  • UK Access Management Federation (UKAMF)
    • Approx. 8 million users
    • Approx. 400 entities (Identity Providers (IdPs) and Service Providers (SPs))
    • Operated by EDINA and Jisc
    • Largest academic federation in the world
  • Mostly Shibboleth: an open source implementation of SAML but some non-Shibb SAML entities
  • Agnostic about AuthZ, at discretion of SPs.
  • A framework for exchanging access management information – see rules of membership
    • SP entirely responsible for management of access rights to its services
  • Resourced EDINA to build on in-house access control expertise
  • An eContentplus Best Practice Network project
  • Ran from Sept 2008 until end Feb 2011
  • Coordinated by EuroGeographics
  • From AuthN perspective, the main ESDIN Use Case was Key Users, eg, EEA, EuroStat, JRC, accessing INSPIRE Annex 1 services from different member states
  • Key goal: help member states prepare their data for INSPIRE Annex 1 themes
ogc interoperability experiments ie s
OGC Interoperability Experiments (IE’s)
  • Key vehicle for taking the work forward
  • Simple, low overhead, means for OGC members to get together and advance specific technical objectives within the OGC baseline
  • Facilitated by OGC staff
  • More lightweight than the OGC Web Services initiatives
  • Focussed on specific interoperability issues
  • Effort is viewed as voluntary and supported by in-kind contributions by participating member organisations
  • Duration normally around 6 months
ogc web services shibboleth ie osi
OGC Web Services Shibboleth IE (OSI)
  • Started Aug 2010
  • Previous work had shown it was possible to protect WMS with Shibb so that:
    • No mods required to OGC interface
    • No mods required to Shibb download
    • BUT mods required to OWS clients
  • OSI provided the OGC software producing community with means and opportunity of modifying OWS clients to work with Shibb
  • Emphasis on desktop OWS client software
  • Provide participants with the opportunity to demonstrate their software in action.
osi how
OSI - How
  • Use the test ESDIN Federation to provide OSI participants with services to develop against
  • Provide an open source reference implementation of a modified desktop client conformant with the SAML ECP Profile
  • Provide some technical support, eg, with OpenLayers clients conformant with the Web Browser SSO Profile
  • Regular telcons
  • OSI Technology Integration Experiment event
osi esdin some outcomes
OSI/ESDIN – Some outcomes
  • Using Shibboleth to protect OWS is practical
  • Not particularly difficult on server side or with browser based clients
  • More subtle with desktop based clients but possible with some effort in short space of time
  • This kind of “IE testbed” approach appreciated by participating OGC members
  • Highly likely community support and tooling will be available if decision made to operationalise
some references
Some references
  • OGC Engineering Report (OGC 11-019r2)
  • IJSDIR paper. Shibboleth Access Management Federations as an Organisational Model for SDI
  • Workshop at INSPIRE 2011. Shibb Federations and Secure SDI: Outcome and Demonstrations from the OGC Web Service Shibboleth Interoperability Experiment
citizen observatory web
Citizen Observatory Web

4 year FP7 funded research project

Crowdsourced environmental data to aid decision making

Introduce quality measures and reduce uncertainty

Combine crowdsourced data with existing sources of data

a geoss project
A GEOSS Project

Global Earth Observation System of Systems

“Data collected should be made available through the GEOSS without any restrictions”

But, we must address “questions of privacy…”

Some kinds of protected data that may be encountered during the project:

Personal information, eg, name, email address

Location protected species

Reference data from European National Mapping and Cadastral Agencies

Conflated data

geoss architecture implementation pilots aip
GEOSS Architecture Implementation Pilots (AIP)

One of the means by which GEOSS addresses interoperability issues and GEOSS Common Infrastructure extension work

Led by the OGC

All contributions are in-kind

Phased approach

In AIP-6 we piloted the use of access management federations

cobweb geoss aip 6 federation

Identity Provider (IdP)

Trust Gateway (TG)

to OpenID

Service Provider (SP)

Discovery Service (DS)




Secure Dimensions

“GEOSS user” Single-Sign-On


Google OpenId

EarthServer (FP7) project


University of Edinburgh

*: Consortium of Universities for the Advancement of Hydrologic Science