COBWEB Authentication Workshop


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Always speculative: Might just want to find out what authentication is about and why it important
  • Not just SDI, many kinds of information infrastructure require access control Typically, authentication is a pre-requisite. Some use cases where you don’t, eg, public Barriers to interoperability include; cost, vendor lock-in, lack of a support community, not standards based, etc Return later to those last points
  • This diagram adapted from the Switch website Single Sign On
  • And we know that GEOSS has some outstanding issues in this area
  • Still an unknown and will meet with Martin Price in Dec? Relationship with GEOSS? Ask if anyone knows of any history here. Don’t want to reinvent the wheel
  • Don’t want to reinvent the wheel!
  • G2C, G2B use cases
  • COBWEB Authentication Workshop

    1. 1. COBWEB Authentication Workshop Weds 21st Nov, 2012, GEO-IX Plenary, Foz do Iguaçu, Brazil.Chris Higgins, Andreas Matheus,Project Coordinator, Technical Coordinator,EDINA National Data Centre, Secure Dimensions GmbH.University of Edinburgh.
    2. 2. Welcome and objectives of the workshop
    3. 3. COBWEB consortium objectives• Stakeholder engagement – First time project at a GEOSS meeting – Have we understood the authentication issues?• Guaging interest in our plans – Help with prioritising• Seeking expressions of interest in working with us• Sanity checking• Is the direction of travel right?• Architecture Implementation Pilot – 6 coming…
    4. 4. Audience objectives• “how access management federation technology, principally the OASIS standard Security Assertion Markup Language (SAML), may be applied in a GEOSS context”• Opportunity to engage in some discussion with people who have been working in this area for a while• COBWEB might assist in getting some of your R&D requirements met…
    5. 5. Schedule1 1000- Welcome and objectives 10102 1010- Quick introduction to COBWEB 10203 1020- Previous Access Management Federation work 1040 by this team4 1040- Previous related work GEOSS 11105 1110- Initial COBWEB plans and discussion 11306 1130- Possible future COBWEB activities and 1150 discussion7 1150- Wrap-up 1200
    6. 6. Why put effort into federated access control?• Authentication is the process of verifying that claims made concerning a subject, eg, identity, who is attempting to access a resource are true, ie, authentic• Frequently, SDI content and service providers need to know who is accessing their valuable, secure, protected, etc, data• The ability for a group of organisations with common objectives, ie, a federation, to securely exchange authentication information is a powerful SDI enabler• Even more so if removing some of the barriers to interoperability…
    7. 7. Federation Service Providers SP SP SP IdP IdP Identity Providers Organisations SP SP Coordinating Centre IdP SP SP SP Authenticates here Users SP SP SP IdP SP IdP SP SP
    8. 8. Quick introduction to COBWEB
    9. 9. Introduction to COBWEB• Project started 1st Nov, 2012 and will run for 4 yrs• Funded under the European Commission’s Framework Programme 7 (Grant No: 308513)• Crowdsourced environmental data• Introduce quality measures and reduce uncertainty• Fusion of crowdsourced data with reference data…• Spatial Data Infrastructure - like initiatives – National SDI’s in UK, Greece and Germany – INSPIRE – GEOSS
    10. 10. Project PartnersUniversity of Edinburgh UK (Scotland)University of Nottingham UK (England)Aberystwyth University UK (Wales)Welsh Assembly Government UK (Wales)Environment Systems Limited UK (Wales)Ecodyfi UK (Wales)Open Geospatial Consortium (Europe) Limited UKUniversity College Dublin IrelandTechnische Universitaet Dresden GermanySecure Dimensions GmbH GermanyUniversity of Western Greece GreeceOIKOM – Environmental Studies Ltd GreeceGeoCat BV Netherlands
    11. 11. Essential context - GEOSS• COBWEB is obliged to work within GEOSS framework • common methodologies and standards for data archiving, discovery and access• Section on collaboration with GEOSS and FP7-ENV-2012 cluster projects added to project description• “Data collected should be made available through the GEOSS without any restrictions”
    12. 12. Whats all this got to do with AuthN?• “…addressing questions of privacy…”• COBWEB about environmental, not personal data• Some kinds of protected data that may be encountered during the project: • Personal information, eg, expert or novice observer • Location protected species • Reference data from European National Mapping and Cadastral Agencies • Conflated data
    13. 13. FP7-ENV-2012 observatories Name Lead TopicCITI-SENSE Nilu (Norway) Air qualityWeSenseIt University of Water Sheffield (UK) ManagementCitclops Barcelona Digital Coast and ocean Centre Tecnològic optical (Spain) monitoringOmniscientis Spacebel Odour (Belgium) monitoringCOBWEB UEDIN (UK) Various
    14. 14. Essential context - WNBR• UNESCO Man and Biosphere Programmes (MAB) World Network of Biosphere Reserves – Sites of excellence to foster harmonious integration of people and nature for sustainable development through participation, knowledge sharing, poverty reduction and human well-being improvements, cultural values and societys ability to cope with change, thus contributing to the Millennium Development Goals• 610 reserves in 117 countries
    15. 15. Not the World Naked Bike Ride
    16. 16. Previous Security Assertion MarkupLanguage (SAML) work by this team
    17. 17. Previous related work GEOSS
    18. 18. Initial COBWEB plans and discussion
    19. 19. Possible future COBWEB activities anddiscussion
    20. 20. Separation of concernsLayerAppl. Applications Service Bus AuthorisationLayers eCommerce RM electronic licence negotiation Access Management FederationService Layer View Download Transf. InvokeSD Registry Service Discovery Service Service Service Service ServiceLayerData Service Data Set Spatial Data Sets Registers Metadata Metadata INSPIRE Annex Thematic DS Framework for harmonized DS
    21. 21. Other possibilities• Service chaining. More advanced architecture patterns• Inter-federation interoperability – different scales – different countries – different sectors
    22. 22. Wrap-up
    23. 23. Conclusions• We want to pilot Access Management Federation (AMF) technology within GEOSS – We strongly recommend building on existing infrastructure, eg, existing AMFs• Is your organisation interested in participating or knowing more?• If so, contact either of the following or find us at the COBWEB stand here at GEO-IX: