Previous work on Access Management Federations
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Previous work on Access Management Federations

on

  • 567 views

 

Statistics

Views

Total Views
567
Views on SlideShare
567
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Previous work on Access Management Federations Presentation Transcript

  • 1. Previous work onAccess Management Federations Andreas Matheus Secure Dimensions
  • 2. Previous work by this team • SEE-GEO • The eContentPlus ESDIN work • OGC Web Services Shibboleth Interoperability Experiment • German Spatial Data Infrastructure 2007 ... 2012 ... 2016 (Concept)Secure Dimensions Previous work on Access Management Federations 2
  • 3. SEE-GEO• SEcurE access to GEOspatial services• UK JISC funded process in 2007• Cross border map (Germany / The Netherlands)• Secure WFS with styled layer descriptor – Depending on style and origin of rescue centre maps is loaded or access is deniedSecure Dimensions Previous work on Access Management Federations 3
  • 4. eContentPlus ESDIN• eContentPlus project (http://www.esdin.eu/)• Participants from all over Europe• Establish a pan-European access management federation withNMCAsservices: – OGC WMS – OGC WFS – ...Secure Dimensions Previous work on Access Management Federations 4
  • 5. Shibboleth IE• OGC Interoperability Experiment – 2011 – OGC® Engineering Report for the OWS Shibboleth Interoperability Experiment – https://portal.opengeospatial.org/files/?artifact_id=478 52• Objectives – Use of the access management federation with OGC Web Services using SAML 2 authentication – Implement SAML 2 Enhanced Client & Proxy Profile in Desktop GIS productSecure Dimensions Previous work on Access Management Federations 5
  • 6. Shibboleth IE• OGC Interoperability Experiment 2011• Participants – Cadcorp, Envitia, con terra, snowflake, JRC• Objective – Connect to protected OGC Web Services provided by esdin and German SDI prototype federation – Implement SAML 2 Enhanced Client Proxy Profile• Result – Desktop GIS: Cadcorp, Envitia, snowflake – Browser based Client: JRC – Client Proxy: con terraSecure Dimensions Previous work on Access Management Federations 6
  • 7. INSPIRE 2011 Workshop• INSPIRE annual conference 2011 Edinburgh• Objective was to introduce the use of Access Management Federation with SAML2 to protect OGC Web Services – Access Management Federation prototype• The result confirmedthat the introduced concept is INSPIRE conformantSecure Dimensions Previous work on Access Management Federations 7
  • 8. Prototype Federation German SDI• https://sp.gdi-de.orgSecure Dimensions Previous work on Access Management Federations 8
  • 9. Prototype Federation German SDI application WMS GetFeatureInfo loaded from IdP SP WMS GetMap Secure Dimensions (secure-dimensions.net) GDI.DE (gdi-de.org)login with SP IHK Bavaria (win.bihk.de) DS GDI.DE SP (gdi-de.org) GDI.BY (gdi-by.org) Secure Dimensions Previous work on Access Management Federations 9
  • 10. Conclusion from previous work• Access Management Federation based on SAML is a productive solution for sharing protected resources in various countries around the world – https://www.aai.dfn.de/links/ [German Federation]• Strength – Single-Sign-On support – High level of assurance about real user identity – Exchange of SAML user credentials support privacy and anonymity of the user – Managed list of trusted entities = federationSecure Dimensions Previous work on Access Management Federations 10
  • 11. Conclusion from previous work• Protected services can be consumed via – Web Browser (e.g. OpenLayers) applications – Desktop GIS applications• Web Browser with full support*1 – IE 10, Google Chrome, Firefox, Safari• Desktop GIS must implement SAML2 ECP – Cadcorp, Envitia got tested successfully during Shibboleth IE – QGIS (open source GIS) SAML2 extension provided by Secure Dimensions*1: This is the list of tested web browsersSecure Dimensions Previous work on Access Management Federations 11
  • 12. Thank You It is important, to do security right... Secure Dimensions GmbH Holistic Geosecurity Dr. Andreas Matheus Waxensteinstr. 28 D-81377 München, Germany Phone +49 (0)89 38151813-0 Mobile +49 (0)160 1066366 Telefax +49 (0)89 38151813-9 Email am@secure-dimensions.com Web www.secure-dimensions.comSecure Dimensions Previous work on Access Management Federations Slide 12