citizen observatory framework with access management federation in geoss - bart de lathouwer
DESCRIPTION
Presentation given by Bart De Lathouwer (Interoperability Program, OGC and COBWEB Project) on Thursday 10th October, at the ENVIP'2013 Workshop, part of ISESS (International Symposium on Environmental Software Systems) 2013 in Neusiedl am See, Austria. Find out more about the COBWEB Project at: http://cobwebproject.eu/dissemination/TRANSCRIPT
Citizen Observatory Framework with Access Management Federation
In GEOSS
10th October, 2013,Neusiedl am See
ENVIP’2013
Bart De LathouwerInteroperability Program
The bare bones…
• Project started 1st Nov, 2012 and will run for 4 yrs• Funded under the European Commission’s
Framework Programme 7 (Grant No: 308513)• Crowd sourced environmental data to aid decision
making• Introduce quality measures and reduce uncertainty• Fusion of crowdsourced data with reference data…• Spatial Data Infrastructure - like initiatives
– National SDI’s in UK, Greece and Germany– INSPIRE– GEOSS
FP7-ENV-2012 observatories
Name Lead Topic
Citclops Barcelona Digital Centre Tecnològic (Spain)
Coast and ocean optical monitoring
WeSenseIt University of Sheffield (UK)
Water Management
CITI-SENSE Nilu (Norway) Air quality
Omniscientis Spacebel (Belgium) Odour monitoring
COBWEB UEDIN (UK) Environment
Essential context – WNBR
• UNESCO Man and Biosphere Programs (MAB) World Network of Biosphere Reserves– Sites of excellence to foster harmonious integration
of people and nature for sustainable development through participation, knowledge sharing, poverty reduction and human well-being improvements, cultural values and society's ability to cope with change, thus contributing to the Millennium Development Goals
• 610 reserves in 117 countries
COBWEB Biosphere Reserves
1. UK (Wales): Biosffer Dyfi
2. Germany: Wadden See and Hallig Islands
3. Greece:– Mount Olympus– Gorge of Samaria
Left open possibility of expansion to further BRs later in project
Why the need for Authentication?
• Not all observers are created equal– Occasional observer– Scientific observer– Influence on the quality indicator of the
observation
• Not all observations should have unrestricted access– Endangered species
Authentication and Single Sign-On
• Recommendations– Federated solution (lightest impact on GCI)
• OpenID and SAML-2 to be used– Data provider support for a set of “trusted”
OpenID identity servers to be used with SAML-2 user management systems• USA Gov. has such a list (Google &VeriSign)• INSPIRE doesn’t have such a list
– Authentication is the current primary goal• Access control is a future interest
– User interaction is the current primary goal• Programmatic authentication is a future interest
7
Authentication and Single Sign-On
• The AIP-6 access management federation includes: – SAML-2 Service Provider (SP)– SAML-2 Identity Provider (IdP)– SAML-2 Discovery Service (DS)– SAML-2 / OpenID Trust Gateway
AIP-6 Access Management Federation 20 Sept 2013
*: Consortium of Universities for the Advancement of Hydrologic Science
Service Provider (SP) Identity Provider (IdP)Discovery Service (DS)
“GEOSS user” Single-Sign-On
Trust Gateway (TG) to OpenID
OpenId
NASA Ames
ESA
Secure Dimensions
CUAHSI*
INPE
University of Edinburgh
Kst. GDI.DE
AIP-6 Federation
• GEOSS AIP-6 Data Sharing activity– Work is being done under the COBWEB project
• Currently the following participants– EDINA – University of Edinburgh (https://cobweb.edina.ac.uk)
• SP, IdP, Trust Gateway to Google OpenID, Hosting federation metadata
– Secure Dimensions GmbH (https://aip6.secure-dimensions.de) • SP, IdP, DS, WMS, WCS
– Kst. GDI.DE (https://sp.gdi-de.org) • SP, IdP, (INSPIRE services to come)
– CUAHSI (https://geoss.cuahsi.org) • SP, (WMS, WFS, SOS to come), OpenLayers client showing protected
WCS from NASA and Secure Dimensions (/secure/bf.html) – NASA Ames (https://sggate.arc.nasa.gov)
• SP, IdP, WMS, WCS
Copyright © 2013 Open Geospatial Consortium
Want to know more?
• COBWEB– Coordinator: Chris Higgins
chris.higgins (at) ed.ac.uk
• OGC Security DWG– Chair: Andreas Matheus
andreas.matheus (at) secure-dimensions.de
Thank you. Questions?