Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Authentication Use Cases

Presenter: Chris Higgins, EDINA

Presentation given at ESDIN Work Package 4 Workshop
IGN Belgium, Brussels,
19th May 2010

Looking at two ESDIN authentication use cases:

1. Secure access by desktop client to medium and small scale ESDIN download service

2. Secure access by desktop client to large scale ESDIN download service

  • Be the first to comment

  • Be the first to like this

Authentication Use Cases

  1. 1. Authentication Use Cases ESDIN Work Package 4 Workshop IGN Belgium, Brussels, 19 th May 2010
  2. 2. What is authentication? <ul><li>… a mandatory part of access control concerned with establishing that claims made concerning a subject who is attempting to use a particular resource are authentic, ie, true </li></ul>
  3. 3. Two Use Cases: <ul><li>Secure access by desktop client to medium and small scale ESDIN download service </li></ul><ul><li>Secure access by desktop client to large scale ESDIN download service </li></ul>
  4. 4. Actors <ul><li>Key ESDIN Users of pan-European Geographical Data , eg, JRC, EEA, EuroStat. </li></ul><ul><li>But could be any user where there is a requirement to know who is taking the data </li></ul>
  5. 5. Description <ul><li>For a wide variety of different reasons, individuals at organizations such as the EEA, JRC or EC need to be able to access secure ESDIN download services on top of pan-European coverage ExM data at medium and small scales. The downloaded data will be accessed via a desktop client and will be either EBM, ERM, EGM or user defined </li></ul>
  6. 6. Trigger <ul><li>Various, user has need for harmonized pan-European data </li></ul>
  7. 7. Preconditions <ul><li>1. Harmonised ExM data available at medium and small scales via a basic WFS serving up data with pan-European coverage </li></ul><ul><li>2. The users organisation and the ExM WFS service provider are part of the same access management federation </li></ul><ul><li>3. User has access to a desktop client capable of undergoing the Shibboleth/SAML interaction </li></ul>
  8. 8. Postconditions <ul><li>1. User has been authenticated and authorized </li></ul><ul><li>2. Data has been delivered to the users WFS client application </li></ul>
  9. 9. Normal Flow <ul><li>1. Users application issues a GetCapabilities request </li></ul><ul><li>2. User selects their Identity Provider from a list of IdPs </li></ul><ul><li>3. Authenticates </li></ul><ul><li>4. GetCapabilities request followed by however many DescribeFeatureType, GetFeature requests and responses as necessary to satisfy users requirements </li></ul>
  10. 10. Alternative Flows <ul><li>1. Single Sign On. User has already authenticated at another federation service provider and is not required to authenticate again </li></ul>
  11. 11. Exceptions <ul><li>1. User not authorised. Authorisation exception </li></ul><ul><li>2. Illegal request leading to a service exception </li></ul><ul><li>3. Security exception in case of attack </li></ul>
  12. 12. Priority <ul><li>High, being able to securely exchange identity information to make authorisation decisions is a fundamental pre-requisite of a large number of SDI scenarios </li></ul>
  13. 13. Frequency of use <ul><li>High </li></ul>
  14. 14. Assumptions <ul><li>It is assumed that a trust federation comprising the ESDIN partners and cooperating organisations will have been established and is being maintained </li></ul>
  15. 15. Notes and issues <ul><li>Cross-federation interoperability not assumed but likely to be desirable under several scenarios, eg, the EEA operates its own federation-like partnership, the European Environment Information and Observation Network (EEIONet). </li></ul>
  16. 16. AuthN Interoperability Experiment <ul><li>OGC mechanism looking at various alternatives </li></ul><ul><li>Implementing these use cases under WP11 </li></ul><ul><li>Two federations created: </li></ul><ul><ul><li>ESDIN NMCAs </li></ul></ul><ul><ul><li>University members of the European Persistent Geospatial Testbed for Research and Education </li></ul></ul><ul><li>Exploring cross-federation scenario where it is agreed universities get access to ExM data </li></ul>
  17. 17. <ul><li>Chris Higgins </li></ul><ul><li>[email_address] </li></ul>