This document summarizes the COBWEB project, AIP-6, and how federated access management could help meet their goals. COBWEB aims to crowdsource environmental data while ensuring data quality and privacy. AIP-6 will set up a federation of organizations to enable single sign-on for the GEOSS system. The document discusses how federated access control could authenticate users while protecting sensitive data sources. COBWEB and AIP-6 plan to demonstrate how federations can help with these tasks and inform future work on authorization and commerce.
ICT role in 21st century education and it's challenges.
COBWEB, AIP-6, and Access Management Federations
1. COBWEB, AIP-6 and Access
Management Federations
Chris Higgins,
Project Coordinator,
University of Edinburgh.
chris.higgins@ed.ac.uk
Andreas Matheus,
Technical Coordinator,
Secure Dimensions GmbH.
am@secure-dimensions.de
2. Citizen Observatory Web (COBWEB)
• Research project started Nov 2012 for 4 years
• Crowdsourced environmental data to aid decision
making
• Introduce quality measures, reduce uncertainty
• Fusion crowdsourced data with reference data…
• Spatial Data Infrastructure - like initiatives
-
3. University of Edinburgh UK (Scotland)
University of Nottingham UK (England)
Aberystwyth University UK (Wales)
Welsh Assembly Government UK (Wales)
Environment Systems Limited UK (Wales)
Ecodyfi UK (Wales)
Open Geospatial Consortium (Europe) Limited UK
University College Dublin Ireland
Technische Universitaet Dresden Germany
Secure Dimensions GmbH Germany
University of Western Greece Greece
OIKOM – Environmental Studies Ltd Greece
GeoCat BV Netherlands
4. Name Lead Institution Topic
CITI-SENSE Nilu (Norway) Air quality
WeSenseIt University of Sheffield
(UK)
Water
Management
Citclops Barcelona Digital
Centre Tecnològic
(Spain)
Coast and ocean
optical monitoring
Omniscientis Spacebel (Belgium) Odour monitoring
COBWEB UEDIN (UK) Environment
FP7-ENV-2012 observatories
5. GEOSS Architecture Implementation Pilot
• One of the means by which GEOSS addresses
interoperability issues and GCI extension work
• Led by the Open Geospatial Consortium (OGC)
• All contributions are in-kind
• Phased approach
• AIP-6 kickoff 28/29 March 2013 in Washington
• Still options for participation…
7. Why put effort into federated access control?
• Authentication is the process of verifying that claims
made concerning a subject, eg, identity, who is
attempting to access a resource are true
• Frequently, SDI content and service providers need
to know who is accessing their valuable, secure,
protected data
• The ability for a group of organisations with common
objectives, ie, a federation, to securely exchange
authentication information is a powerful SDI enabler
• Even more so if removing some of the barriers to
interoperability…
8. COBWEB’s need for Federation technology
• “…addressing questions of privacy…”
• COBWEB about environmental, not personal data
• Some kinds of protected data that may be
encountered during the project:
• Personal information to assign unique identity
• Location protected species
• Reference data from European National Mapping and
Cadastral Agencies
• Conflated data
• Testbed for research and development
9. GEOSS’s current need for SSO
• From previous AIP’s, identified need for all
users to authenticate so can gather metrics
• Concept of a “GEOSS-User”:
– any authenticated participant from the
GEOSS AIP-6 Access Management
Federation
• Access Management Federations enable SSO
10. AIP-5 “Use Cases” in scope for COBWEB AIP-6 work
• Registration for Authentication via OpenID
• Registration as OpenID user for Authentication via SAML2
• Organizational user for Authentication via SAML2
• Identification as "GEOSS User" During Registration
• OpenID-Protected Data Access via OpenID Authentication
• SAML2-Protected Data Access via OpenID Authentication
• OpenID-Protected Data Access via SAML2 Authentication
• SAML2-Protected Data Access via SAML2 Authentication
• Registering and Modifying a New Identity or Service
Provider
11. GEOSS AIP-6 Data Sharing and COBWEB
• Plan is to setup a federation of GEOSS members to establish SSO
• Not currently concentrating any particular SBA’s, however SBA Water is
participating
• Support Single Sign On
• Reliable identification of a “GEOSS-user”
• Desired outcome for AIP-6 is answers to:
– Can AMF’s meet COBWEB requirements for privacy?
– Do AMF’s meet GEOSS requirements?
12. Current list of organisations indicating
strong interest in participating:
– ESA (European Space Agency)
– NASA (North American Space Agency)
– INPE (National Institute for Space Research)
– Tufts University
– Secure Dimensions
– EDINA (University of Edinburgh)
Will expand:
– Other FP7 projects?
– Existing academic sector federations?
{COBWEB partners
13. • Sept 2013: Demo of COBWEB AIP-6 outputs at OGC
Technical Committee meeting at ESA/ESRIN
• Jan 2014: AIP-6 results demonstrated at GEO Plenary in
Geneva
• Feb 2014: Completion of AIP-6 activities
• Post AIP-6, COBWEB will respond to feedback from
stakeholders, eg, GEO, in framing next steps, maybe:
– Electronic licence negotiation
– Authorisation
– eCommerce
– …?
AIP-6 Results / Future Work
14. Links to Previous Work regarding AMF
• OGC White Paper
http://portal.opengeospatial.org/files/?artifact_id=47848
• Engineering Report from the OGC Web Service Shibboleth Interoperability Experiment
https://portal.opengeospatial.org/files/?artifact_id=47852
• INSPIRE Conference 2011 Paper
http://ijsdir.jrc.ec.europa.eu/index.php/ijsdir/article/view/245/324
• Authentication workshop at the GEO-IX Plenary, Brazil, 2012
http://edina.ac.uk/events/cobwebworkshop.html
Notes de l'éditeur
15 mins not enough to cover all this
Some references provided for those wishing to followup. Also, please feel free to contact self or Andreas
Just in process of completing setup phase and technical Work Packages starting
If intererested in participating or finding out more about AIP, contact:
Bart De Lathouwer <bdelathouwer@opengeospatial.org>
This diagram adapted from the Switch website
Ones in blue are those we are currently planning to cover in AIP-6
Workplan under development. First version going out in the next week or so
This is going to expand (in unanticipated ways!)
MoU with other FP7 projects
Possibly pairing participants in countries with existing federations
Challenge for COBWEB is keeping this manageable