1. COBWEB Authentication
Workshop
Weds 21st Nov, 2012,
GEO-IX Plenary,
Foz do Iguaçu, Brazil.
Chris Higgins, Andreas Matheus,
Project Coordinator, Technical Coordinator,
EDINA National Data Centre, Secure Dimensions GmbH.
University of Edinburgh. am@secure-dimensions.de
chris.higgins@ed.ac.uk
3. COBWEB consortium objectives
• Stakeholder engagement
– First time project at a GEOSS meeting
– Have we understood the authentication issues?
• Guaging interest in our plans
– Help with prioritising
• Seeking expressions of interest in working
with us
• Sanity checking
• Is the direction of travel right?
• Architecture Implementation Pilot – 6
coming…
4. Audience objectives
• “how access management federation
technology, principally the OASIS standard
Security Assertion Markup Language (SAML),
may be applied in a GEOSS context”
• Opportunity to engage in some discussion with
people who have been working in this area for
a while
• COBWEB might assist in getting some of your
R&D requirements met…
5. Schedule
1 1000- Welcome and objectives
1010
2 1010- Quick introduction to COBWEB
1020
3 1020- Previous Access Management Federation work
1040 by this team
4 1040- Previous related work GEOSS
1110
5 1110- Initial COBWEB plans and discussion
1130
6 1130- Possible future COBWEB activities and
1150 discussion
7 1150- Wrap-up
1200
6. Why put effort into federated access control?
• Authentication is the process of verifying that claims
made concerning a subject, eg, identity, who is
attempting to access a resource are true, ie, authentic
• Frequently, SDI content and service providers need
to know who is accessing their valuable, secure,
protected, etc, data
• The ability for a group of organisations with common
objectives, ie, a federation, to securely exchange
authentication information is a powerful SDI enabler
• Even more so if removing some of the barriers to
interoperability…
9. Introduction to COBWEB
• Project started 1st Nov, 2012 and will run for 4 yrs
• Funded under the European Commission’s
Framework Programme 7 (Grant No: 308513)
• Crowdsourced environmental data
• Introduce quality measures and reduce uncertainty
• Fusion of crowdsourced data with reference data…
• Spatial Data Infrastructure - like initiatives
– National SDI’s in UK, Greece and Germany
– INSPIRE
– GEOSS
10. Project Partners
University of Edinburgh UK (Scotland)
University of Nottingham UK (England)
Aberystwyth University UK (Wales)
Welsh Assembly Government UK (Wales)
Environment Systems Limited UK (Wales)
Ecodyfi UK (Wales)
Open Geospatial Consortium (Europe) Limited UK
University College Dublin Ireland
Technische Universitaet Dresden Germany
Secure Dimensions GmbH Germany
University of Western Greece Greece
OIKOM – Environmental Studies Ltd Greece
GeoCat BV Netherlands
11. Essential context - GEOSS
• COBWEB is obliged to work within GEOSS
framework
• common methodologies and standards for data
archiving, discovery and access
• Section on collaboration with GEOSS and
FP7-ENV-2012 cluster projects added to
project description
• “Data collected should be made available
through the GEOSS without any restrictions”
12. Whats all this got to do with AuthN?
• “…addressing questions of privacy…”
• COBWEB about environmental, not personal
data
• Some kinds of protected data that may be
encountered during the project:
• Personal information, eg, expert or novice
observer
• Location protected species
• Reference data from European National Mapping
and Cadastral Agencies
• Conflated data
13. FP7-ENV-2012 observatories
Name Lead Topic
CITI-SENSE Nilu (Norway) Air quality
WeSenseIt University of Water
Sheffield (UK) Management
Citclops Barcelona Digital Coast and ocean
Centre Tecnològic optical
(Spain) monitoring
Omniscientis Spacebel Odour
(Belgium) monitoring
COBWEB UEDIN (UK) Various
14. Essential context - WNBR
• UNESCO Man and Biosphere Programmes
(MAB) World Network of Biosphere Reserves
– Sites of excellence to foster harmonious integration of
people and nature for sustainable development
through participation, knowledge sharing, poverty
reduction and human well-being improvements,
cultural values and society's ability to cope with
change, thus contributing to the Millennium
Development Goals
• 610 reserves in 117 countries
20. Separation of concerns
Layer
Appl.
Applications
Service Bus
Authorisation
Layers
eCommerce
RM
electronic licence negotiation
Access Management Federation
Service
Layer
View Download Transf. InvokeSD
Registry Service Discovery Service
Service Service Service Service
Layer
Data
Service Data Set Spatial Data Sets
Registers Metadata Metadata
INSPIRE Annex
Thematic DS
Framework for
harmonized DS
21. Other possibilities
• Service chaining. More advanced
architecture patterns
• Inter-federation interoperability
– different scales
– different countries
– different sectors
23. Conclusions
• We want to pilot Access Management
Federation (AMF) technology within GEOSS
– We strongly recommend building on existing
infrastructure, eg, existing AMFs
• Is your organisation interested in participating or
knowing more?
• If so, contact either of the following or find us at
the COBWEB stand here at GEO-IX:
chris.higgins@ed.ac.uk andreas.matheus@secure-dimensions.de
Notes de l'éditeur
Always speculative: Might just want to find out what authentication is about and why it important
Not just SDI, many kinds of information infrastructure require access control Typically, authentication is a pre-requisite. Some use cases where you don’t, eg, public Barriers to interoperability include; cost, vendor lock-in, lack of a support community, not standards based, etc Return later to those last points
This diagram adapted from the Switch website Single Sign On
And we know that GEOSS has some outstanding issues in this area
Still an unknown and will meet with Martin Price in Dec? Relationship with GEOSS? Ask if anyone knows of any history here. Don’t want to reinvent the wheel