FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
Role-based Access Control June09 GeoSOA Workshop
1. Role-based Access Control Framework for Geospatial Cloud Services NSDI Cooperative Agreements Program (CAP) 2008 Best Practices in Geospatial Service Oriented Architecture (SOA) Project Contacts: Joel Schlagel, US Army Corps of Engineers, [email_address] Jeff Harrison, CubeWerx USA, [email_address] This work is 3.0
2.
3.
4.
5. Service Providers Service Consumers Geospatial SOA … Regulatory … Infrastructure … other needs Access Processing Discovery Collaboration Security
6.
7.
8.
9. Geospatial SOA Access Security Project Design Outreach & Collaboration Scenarios & Business Processes Develop DT&E Lab Document Best Practices Services DT&E Lab
10. SDI Access Control Service NSDI Data Access Service and SDI Access Control Service WFS WMS SACS Role-based Access Control DT&E Lab WFS Request & Response Client Authentication Login Cookie WFS Response Access Control WFS Request
11. Virtual SACS Other Client SDI Access Control Service NSDI Data Access Service and SDI Access Control Service Other NSDI Service with Virtual SACS WFS WMS SAC WFS WMS SAC Role-based Access Control DT&E Lab WFS Request & Response Client Authentication Login Cookie WFS Response WFS Request & Response WFS Request Access Control Federation Fine-grained A ccess C ontr ol Rules : SDI Client : Feature Constraints Geographic Constraints Role-based Contstraints Operations Constaints Access Control
51. NRCan Service* Montana Service* NSDI Data Services CGDI Services SACS with Single Sign-On* Geospatial SOA
52.
53. Demos illustrate role-based access to USACE regulatory data, using four different scenarios, four roles and four demo users – one Cloud-based Service. Each user belongs to one role – Public : ‘Public’ California : ‘Paul’ EPA Region II : ‘John’ USFWS Region IV : ‘George’ (the password for each user is the same as the username) Each role's access rules demonstrates a different spatial & non-spatial filter (details for each scenario appear in the bottom panel). USACE Regulatory Demos
62. Before – Many Roles, Many Services Datastore HTTPS Username/PW WFS WMS Datastore HTTPS Username/PW WFS WMS Datastore HTTPS Username/PW WFS WMS
63. Datastore HTTPS SACS WFS WMS SDI Access Control Rules After – Many Roles, One Service
64. USACE Data Provider Portal Provider Security Manager NSDI Data Provider USACE End User NSDI End User (Public) Manage Users Manage Roles Manage Credentials Manage Groups Manage SDI Access Control Rules Authorize Users Access by Feature Access by Role Deploy Data Access by Geography Update by Feature Update by Role Update by Operation Type Access by Operation Type Use Cases… NSDI End User (Govt)
65.
66. User Relying Party Identity Provider Relying Party Identity Provider Security Token Service WS-SecurityPolicy Security Token Service WS-SecurityPolicy Identity Selector SDI Access Control Rules (SACR) Framework… WS-Trust, WS-MetadataExchange Kerberos SAML SACS X.509
70. Role-based Access Control Framework for Geospatial Cloud Services NSDI Cooperative Agreements Program (CAP) 2008 Best Practices in Geospatial Service Oriented Architecture (SOA) Project Contacts: Joel Schlagel, US Army Corps of Engineers, [email_address] Jeff Harrison, CubeWerx USA, [email_address] This work is 3.0