SlideShare a Scribd company logo

GeoShield Project @ Swiss Geoscience Meeting 2011

SUPSI
SUPSI

GeoShield is an Open Source solution for authentication and authorization management to OGC services

TechnologyEducation
1 of 23
Download to read offline
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 1 GeoShield project Managing authentication and permissions to OGC services Presenting the new GeoServer Resource Access Manager plug-in and the Sensor Observation Service protection Milan P. Antonovic, Institute of Earth science - SUPSI Massimiliano Cannata , Institute of Earth science - SUPSI 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 2 Presentation outline • Introduction to the Institute of earth science – SUPSI – OGC implementations used – The need of data protection • Presenting GeoShield – GeoShield’s protection strategies – Web administration interface – OGC Services covered by GeoShield – The Sensor Observation Service protection – The GeoServer Resource Access Manager plug-in • Access rule application process • Data access rule application – GeoServer Resource Access Manager plug-in demo – Next improvements 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 3 Introduction to the Institute of earth science – SUPSI Fields of activity: Focused on: • Land Planning • Government mandates • Hydrogeology – Geo databases maintenance • Hydrology – Web applications for decision making • Geology • Natural hazard • Geomatics • Water protection • Wells / Springs / Boreholes • Hydrological monitoring network • Interregional projects (EU, World Bank) • Training courses • Research projects 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 4 OGC implementations used Geografical data serving Monitoring data Data processing service 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 5 The need of data protection How to protect in a centralized way all the services?? Web application WMS Web Sensible data SOS Mixed data Public data WFS WPS 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 6 Presenting GeoShield • GeoShield is an Open Source solution for • Web administration interface authentication and authorization • Desktop like user interface management to OGC services • Sencha - Ext JS • Written in Java • OGC standards protected • WMS • Relies on: • WFS • Apache Commons • SOS • GeoTools • EclipseLink [Persistence API] • GeoServer plug-in: • PostgreSQL • Resource Access Manager • Flexjson (JSON parser) 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 7 GeoShield’s protection strategy HTTP basic authentication HTTPS Web GeoShield Security Proxy Compatibility with: • Web browsers • Desktop applications • Udig, QGIS, ArcGIS 12 November 2011 Web administration interface
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 8 GeoShield’s PRE-processing protection strategy User GeoShield WFS service GetFeature Loading CQL for each layer GetFeature + OGC Filter The data Forwarding the data
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 9 GeoShield’s POST-processing protection strategy User GeoShield OGC service GetCapabilities GetCapabilities Capabilities document 1. Parsing response 2. Adapt response according to user Capabilities document filter
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 10 Web graphical user interface • Password protected • User friendly (Desktop-like Graphical User Iinterface) • Managing authorization for: – Users – Groups – Services – Permissions – Permitted requests 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 11 OGC Services covered by GeoShield Web Map Service 1.1.1: Standard protocol for serving georeferenced map images over the Internet • GeoServer (tested): – Filtering capability CQL (Common Query Language) • Others (not tested) – INCLUDE/EXCLUDE filters only • Requests: – GetCapabilities – GetMap – GetFeatureInfo – GetLegendGraphic 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 12 OGC Services covered by GeoShield Web Feature Service 1.1.0: Standard protocol allowing requests for geographical raw data over the Internet • Permissions definition: – Filtering capability CQL (Common Query Language) • Requests (Basic profile): – GetCapabilities – DescribeFeatureType – GetFeature • OutPutFormat: GML 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 13 OGC Services covered by GeoShield Sensor Observation Service 1.0.0: Standard protocol allowing requests for retrieving sensor observation data • Permissions definition: – Excluding / Including Offerings • Requests (Basic profile): – GetCapabilities – GetObservation – DescribeSensor • Response format: – text/xml;subtype='sensorML/1.0.0' 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 14 The Sensor Observation Service protection • This is the latest part of GeoShield improvement • Handle the basic implementation (core profile) • Permissions are based on the sos:ObservationOffering grouping of the sos:Capabilities document, GeoShield can exclude the access to: • Features • Procedures • ObservedProperties • Caching permissions in memory for better performance 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 15 <sos:Capabilities> [...] <sos:Contents> <sos:ObservationOfferingList> <sos:ObservationOffering gml:id="aaaa"> <gml:name>urn:x-ist::offering:aaaa</gml:name> <gml:boundedBy>[…]</gml:boundedBy> <sos:eventTime>[…]</sos:eventTime> <sos:procedure xlink:href="B_TRE" /> <sos:procedure xlink:href="H_TRE" /> <sos:procedure xlink:href="P_TRE" /> <sos:procedure xlink:href="T_TRE" /> <sos:observedProperty xlink:href="urn:ogc:def:property:x-ist::meteo:air:humidity"/> <sos:observedProperty xlink:href="urn:ogc:def:property:x-ist::meteo:air:pressure"/> <sos:observedProperty xlink:href="urn:ogc:def:property:x-ist::meteo:air:radiation"/> <sos:observedProperty xlink:href="urn:ogc:def:property:x-ist::meteo:air:rainfall"/> <sos:featureOfInterest xlink:href="urn:ogc:object:feature:x-ist::station:Trevano"/> </sos:ObservationOffering> <sos:ObservationOffering gml:id=“bbbb"> […] </sos:ObservationOffering> <sos:responseFormat>text/xml;subtype='sensorML/1.0.0'</sos:responseFormat> <sos:responseMode>inline</sos:responseMode> <sos:resultModel>om:Observation</sos:resultModel> </sos:ObservationOfferingList> </sos:Contents> </sos:Capabilities>
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 16 GeoShield’s Sensor Observation Service protection strategy ObservationOffering 1: • Sensor 1 S1 • Sensor 2 S2 ObservationOffering 2: Group 1 S5 • Sensor 3 S4 • Sensor 4 (private) • Sensor 5 S3 ObservationOffering 3: S6 • Sensor 1 • Sensor 2 Group 2 • Sensor 5 • Sensor 6
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 17 GeoServer Resource Access Manager plug-in • This year, GeoServer 2.1 version has introduced support for data filtering with an improved security framework: – The main feature is the availability to extend the internal Resource Access Manager with a plug-in • Benefits: – No more limited permission (yes/no definition) for each layer – Extended capabilities to implement granular data access rules • Filters based on geographical functions (BBOX, INTERSETC…) • Filters based on attributes • Include / Exclude filters • Workspace permissions – Integration with external users database – More reliable and stronger protection at data abstraction level 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 18 Access rule application process User GeoServer GeoShield 1. GetMap 2. Authentication 3. Authorization object 5. Error 401 - Unauthorized 4. User is authorized? User: foo.bar 5. Caching Password: xxxxxxx 6. Get Access Rule Ok Cancel 7. Rule Object 9. Map 8. Apply rule / Caching rule
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 19 Benchmarking WMS GetMap • Tests are going to be run using JMeter on my Workstation: – Ubuntu 10.04, Intel Core Duo 2.4 GHz E4600, 4Gb RAM • Using a progression of 1, 2, 4, 8, 16 and 32 threads, each thread group doing 100, 200, 200, 400, 400, 800 requests respectively • Layer: topp:tasmania_water_bodies threads/requests 1/100 2/200 4/200 8/400 16/400 GeoServer* 79 71 79 102 316 GeoShield 291 315 653 3346 7837 (PROXY) GeoServer 134 151 190 332 1320 (PLUGIN) * without authentication 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 20 Installing the plug-in When GeoServer and GeoShield are installed, adding the Resource Access Manager plug-in is quite simple: 1. Copy the geoshield-1.0.jar file into the GeoServer’s WEB-INF/lib directory 2. Modify the web.xml file adding a Filter definition 3. Create the GEOSHIELD_USER 4. Configure the permissions on GeoShield 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 21 GeoServer Resource Access Manager plug-in Demo 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield 22 Next improvements • Extending security: – Web Processing Service – Web Applications • Web administration interface – Integration with GeoServer Web Interface – OpenLayers integration (Real Time Permission definition and test) • Release of the GeoShield stable version 1.0 (end of 2011) – Code refactoring – Better performance 12 November 2011
DACD / IST / Managing authentication and permissions to OGC services with GeoShield Thank you Institute of Earth science http://www.ist.supsi.ch GeoShield project http://sites.google.com/site/geoshieldproject Milan P. Antonovic, Institute of Earth science - SUPSI Massimiliano Cannata, Institute of Earth science - SUPSI 12 November 2011

Recommended

Marine Knowledge Meeting, 11-12 Oct 2012, Brussels: All About iMarine
Marine Knowledge Meeting, 11-12 Oct 2012, Brussels: All About iMarine Marine Knowledge Meeting, 11-12 Oct 2012, Brussels: All About iMarine
Marine Knowledge Meeting, 11-12 Oct 2012, Brussels: All About iMarine iMarine283644
 
GeoShield @ GRASS & GFOSS 2012
GeoShield @ GRASS & GFOSS 2012GeoShield @ GRASS & GFOSS 2012
GeoShield @ GRASS & GFOSS 2012SUPSI
 
prova
provaprova
provaguestb62ecd
 
Protocolos de las capas sesion,presentacion y aplicacion
Protocolos de las capas sesion,presentacion y aplicacionProtocolos de las capas sesion,presentacion y aplicacion
Protocolos de las capas sesion,presentacion y aplicacionEduardo J Onofre
 
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)George Percivall
 
Ist africa2012 solution supporting building of global earth observation syste...
Ist africa2012 solution supporting building of global earth observation syste...Ist africa2012 solution supporting building of global earth observation syste...
Ist africa2012 solution supporting building of global earth observation syste...Karel Charvat
 
D2.2 EnviroGRIDS Data Storage Guidelines
D2.2 EnviroGRIDS Data Storage Guidelines D2.2 EnviroGRIDS Data Storage Guidelines
D2.2 EnviroGRIDS Data Storage Guidelines envirogrids-blacksee
 
GeoServer Ecosystem 2018
GeoServer Ecosystem 2018GeoServer Ecosystem 2018
GeoServer Ecosystem 2018Jody Garnett
 

Recommended

Marine Knowledge Meeting, 11-12 Oct 2012, Brussels: All About iMarine
Marine Knowledge Meeting, 11-12 Oct 2012, Brussels: All About iMarine Marine Knowledge Meeting, 11-12 Oct 2012, Brussels: All About iMarine
Marine Knowledge Meeting, 11-12 Oct 2012, Brussels: All About iMarine iMarine283644
 
GeoShield @ GRASS & GFOSS 2012
GeoShield @ GRASS & GFOSS 2012GeoShield @ GRASS & GFOSS 2012
GeoShield @ GRASS & GFOSS 2012SUPSI
 
prova
provaprova
provaguestb62ecd
 
Protocolos de las capas sesion,presentacion y aplicacion
Protocolos de las capas sesion,presentacion y aplicacionProtocolos de las capas sesion,presentacion y aplicacion
Protocolos de las capas sesion,presentacion y aplicacionEduardo J Onofre
 
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)George Percivall
 
Ist africa2012 solution supporting building of global earth observation syste...
Ist africa2012 solution supporting building of global earth observation syste...Ist africa2012 solution supporting building of global earth observation syste...
Ist africa2012 solution supporting building of global earth observation syste...Karel Charvat
 
D2.2 EnviroGRIDS Data Storage Guidelines
D2.2 EnviroGRIDS Data Storage Guidelines D2.2 EnviroGRIDS Data Storage Guidelines
D2.2 EnviroGRIDS Data Storage Guidelines envirogrids-blacksee
 
GeoServer Ecosystem 2018
GeoServer Ecosystem 2018GeoServer Ecosystem 2018
GeoServer Ecosystem 2018Jody Garnett
 
D2.11 Remote Sensing Services
D2.11 Remote Sensing ServicesD2.11 Remote Sensing Services
D2.11 Remote Sensing Servicesenvirogrids-blacksee
 
GI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformGI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformIGN Vorstand
 
D2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDI
D2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDID2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDI
D2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDIenvirogrids-blacksee
 
OGC Update for State of Geospatial Tech at T-Rex
OGC Update for State of Geospatial Tech at T-RexOGC Update for State of Geospatial Tech at T-Rex
OGC Update for State of Geospatial Tech at T-RexGeorge Percivall
 
Geonuris ep introduction 3.0 english sg
Geonuris ep introduction 3.0 english sgGeonuris ep introduction 3.0 english sg
Geonuris ep introduction 3.0 english sgSTLogic
 
Introducing the Geomajas Open Source framework for building spatial web appli...
Introducing the Geomajas Open Source framework for building spatial web appli...Introducing the Geomajas Open Source framework for building spatial web appli...
Introducing the Geomajas Open Source framework for building spatial web appli...MapWindow GIS
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeoSolutions
 
2013 09-01 enviroinfo presentation - final
2013 09-01 enviroinfo presentation - final2013 09-01 enviroinfo presentation - final
2013 09-01 enviroinfo presentation - finalDenis Havlik
 
Dissemination of the UAE solar resource atlas over the web: preliminary results
Dissemination of the UAE solar resource atlas over the web: preliminary resultsDissemination of the UAE solar resource atlas over the web: preliminary results
Dissemination of the UAE solar resource atlas over the web: preliminary resultsJacinto Estima
 
Gi2013 vohnout&team-enviro grids
Gi2013 vohnout&team-enviro gridsGi2013 vohnout&team-enviro grids
Gi2013 vohnout&team-enviro gridsKarel Charvat
 
GI2013 ppt vohnout&team-enviro_grids
GI2013 ppt vohnout&team-enviro_gridsGI2013 ppt vohnout&team-enviro_grids
GI2013 ppt vohnout&team-enviro_gridsIGN Vorstand
 
Session19 Globus
Session19 GlobusSession19 Globus
Session19 GlobusISSGC Summer School
 
Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...
Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...
Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...California Wildlife Conservation Board
 
GFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGeoSolutions
 
Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...
Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...
Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...IMGS
 
Geobliki: A Platform For Emergency Response
Geobliki: A Platform For Emergency ResponseGeobliki: A Platform For Emergency Response
Geobliki: A Platform For Emergency ResponsePat Cappelaere
 
Geomajas introduction, BeJUG, March 2012
Geomajas introduction, BeJUG, March 2012Geomajas introduction, BeJUG, March 2012
Geomajas introduction, BeJUG, March 2012Joachim Van der Auwera
 
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)Introduction to the Globus SaaS (GlobusWorld Tour - STFC)
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)Globus
 
GIS framework for developing countries
GIS framework for developing countriesGIS framework for developing countries
GIS framework for developing countriesAchini Samuditha
 
Osgeo.wageningen kickoff event nov2012
Osgeo.wageningen kickoff event nov2012Osgeo.wageningen kickoff event nov2012
Osgeo.wageningen kickoff event nov2012pvangenuchten
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

More Related Content

Similar to GeoShield Project @ Swiss Geoscience Meeting 2011

GI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformGI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformIGN Vorstand
 
D2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDI
D2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDID2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDI
D2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDIenvirogrids-blacksee
 
OGC Update for State of Geospatial Tech at T-Rex
OGC Update for State of Geospatial Tech at T-RexOGC Update for State of Geospatial Tech at T-Rex
OGC Update for State of Geospatial Tech at T-RexGeorge Percivall
 
Geonuris ep introduction 3.0 english sg
Geonuris ep introduction 3.0 english sgGeonuris ep introduction 3.0 english sg
Geonuris ep introduction 3.0 english sgSTLogic
 
Introducing the Geomajas Open Source framework for building spatial web appli...
Introducing the Geomajas Open Source framework for building spatial web appli...Introducing the Geomajas Open Source framework for building spatial web appli...
Introducing the Geomajas Open Source framework for building spatial web appli...MapWindow GIS
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeoSolutions
 
2013 09-01 enviroinfo presentation - final
2013 09-01 enviroinfo presentation - final2013 09-01 enviroinfo presentation - final
2013 09-01 enviroinfo presentation - finalDenis Havlik
 
Dissemination of the UAE solar resource atlas over the web: preliminary results
Dissemination of the UAE solar resource atlas over the web: preliminary resultsDissemination of the UAE solar resource atlas over the web: preliminary results
Dissemination of the UAE solar resource atlas over the web: preliminary resultsJacinto Estima
 
Gi2013 vohnout&team-enviro grids
Gi2013 vohnout&team-enviro gridsGi2013 vohnout&team-enviro grids
Gi2013 vohnout&team-enviro gridsKarel Charvat
 
GI2013 ppt vohnout&team-enviro_grids
GI2013 ppt vohnout&team-enviro_gridsGI2013 ppt vohnout&team-enviro_grids
GI2013 ppt vohnout&team-enviro_gridsIGN Vorstand
 
Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...
Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...
Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...California Wildlife Conservation Board
 
GFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGeoSolutions
 
Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...
Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...
Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...IMGS
 
Geobliki: A Platform For Emergency Response
Geobliki: A Platform For Emergency ResponseGeobliki: A Platform For Emergency Response
Geobliki: A Platform For Emergency ResponsePat Cappelaere
 
Geomajas introduction, BeJUG, March 2012
Geomajas introduction, BeJUG, March 2012Geomajas introduction, BeJUG, March 2012
Geomajas introduction, BeJUG, March 2012Joachim Van der Auwera
 
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)Introduction to the Globus SaaS (GlobusWorld Tour - STFC)
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)Globus
 
GIS framework for developing countries
GIS framework for developing countriesGIS framework for developing countries
GIS framework for developing countriesAchini Samuditha
 
Osgeo.wageningen kickoff event nov2012
Osgeo.wageningen kickoff event nov2012Osgeo.wageningen kickoff event nov2012
Osgeo.wageningen kickoff event nov2012pvangenuchten
 

Similar to GeoShield Project @ Swiss Geoscience Meeting 2011 (20)

D2.11 Remote Sensing Services
D2.11 Remote Sensing ServicesD2.11 Remote Sensing Services
D2.11 Remote Sensing Services
 
GI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformGI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platform
 
D2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDI
D2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDID2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDI
D2.10 Grid-enabled Spatial Data Infrastructure serving GEOSS, INSPIRE, and UNSDI
 
OGC Update for State of Geospatial Tech at T-Rex
OGC Update for State of Geospatial Tech at T-RexOGC Update for State of Geospatial Tech at T-Rex
OGC Update for State of Geospatial Tech at T-Rex
 
Geonuris ep introduction 3.0 english sg
Geonuris ep introduction 3.0 english sgGeonuris ep introduction 3.0 english sg
Geonuris ep introduction 3.0 english sg
 
Introducing the Geomajas Open Source framework for building spatial web appli...
Introducing the Geomajas Open Source framework for building spatial web appli...Introducing the Geomajas Open Source framework for building spatial web appli...
Introducing the Geomajas Open Source framework for building spatial web appli...
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 Redux
 
2013 09-01 enviroinfo presentation - final
2013 09-01 enviroinfo presentation - final2013 09-01 enviroinfo presentation - final
2013 09-01 enviroinfo presentation - final
 
Dissemination of the UAE solar resource atlas over the web: preliminary results
Dissemination of the UAE solar resource atlas over the web: preliminary resultsDissemination of the UAE solar resource atlas over the web: preliminary results
Dissemination of the UAE solar resource atlas over the web: preliminary results
 
Gi2013 vohnout&team-enviro grids
Gi2013 vohnout&team-enviro gridsGi2013 vohnout&team-enviro grids
Gi2013 vohnout&team-enviro grids
 
GI2013 ppt vohnout&team-enviro_grids
GI2013 ppt vohnout&team-enviro_gridsGI2013 ppt vohnout&team-enviro_grids
GI2013 ppt vohnout&team-enviro_grids
 
Session19 Globus
Session19 GlobusSession19 Globus
Session19 Globus
 
Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...
Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...
Navy's GIS Solution for Decision Support and Service-wide Data-Sharing, Paper...
 
GFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork Presentation
 
Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...
Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...
Intergraph’s Server Offering_Richard Goodman - Intergraph Geospatial World To...
 
Geobliki: A Platform For Emergency Response
Geobliki: A Platform For Emergency ResponseGeobliki: A Platform For Emergency Response
Geobliki: A Platform For Emergency Response
 
Geomajas introduction, BeJUG, March 2012
Geomajas introduction, BeJUG, March 2012Geomajas introduction, BeJUG, March 2012
Geomajas introduction, BeJUG, March 2012
 
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)Introduction to the Globus SaaS (GlobusWorld Tour - STFC)
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)
 
GIS framework for developing countries
GIS framework for developing countriesGIS framework for developing countries
GIS framework for developing countries
 
Osgeo.wageningen kickoff event nov2012
Osgeo.wageningen kickoff event nov2012Osgeo.wageningen kickoff event nov2012
Osgeo.wageningen kickoff event nov2012
 

Recently uploaded

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 

Recently uploaded (20)

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 

GeoShield Project @ Swiss Geoscience Meeting 2011

  • 1. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 1 GeoShield project Managing authentication and permissions to OGC services Presenting the new GeoServer Resource Access Manager plug-in and the Sensor Observation Service protection Milan P. Antonovic, Institute of Earth science - SUPSI Massimiliano Cannata , Institute of Earth science - SUPSI 12 November 2011
  • 2. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 2 Presentation outline • Introduction to the Institute of earth science – SUPSI – OGC implementations used – The need of data protection • Presenting GeoShield – GeoShield’s protection strategies – Web administration interface – OGC Services covered by GeoShield – The Sensor Observation Service protection – The GeoServer Resource Access Manager plug-in • Access rule application process • Data access rule application – GeoServer Resource Access Manager plug-in demo – Next improvements 12 November 2011
  • 3. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 3 Introduction to the Institute of earth science – SUPSI Fields of activity: Focused on: • Land Planning • Government mandates • Hydrogeology – Geo databases maintenance • Hydrology – Web applications for decision making • Geology • Natural hazard • Geomatics • Water protection • Wells / Springs / Boreholes • Hydrological monitoring network • Interregional projects (EU, World Bank) • Training courses • Research projects 12 November 2011
  • 4. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 4 OGC implementations used Geografical data serving Monitoring data Data processing service 12 November 2011
  • 5. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 5 The need of data protection How to protect in a centralized way all the services?? Web application WMS Web Sensible data SOS Mixed data Public data WFS WPS 12 November 2011
  • 6. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 6 Presenting GeoShield • GeoShield is an Open Source solution for • Web administration interface authentication and authorization • Desktop like user interface management to OGC services • Sencha - Ext JS • Written in Java • OGC standards protected • WMS • Relies on: • WFS • Apache Commons • SOS • GeoTools • EclipseLink [Persistence API] • GeoServer plug-in: • PostgreSQL • Resource Access Manager • Flexjson (JSON parser) 12 November 2011
  • 7. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 7 GeoShield’s protection strategy HTTP basic authentication HTTPS Web GeoShield Security Proxy Compatibility with: • Web browsers • Desktop applications • Udig, QGIS, ArcGIS 12 November 2011 Web administration interface
  • 8. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 8 GeoShield’s PRE-processing protection strategy User GeoShield WFS service GetFeature Loading CQL for each layer GetFeature + OGC Filter The data Forwarding the data
  • 9. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 9 GeoShield’s POST-processing protection strategy User GeoShield OGC service GetCapabilities GetCapabilities Capabilities document 1. Parsing response 2. Adapt response according to user Capabilities document filter
  • 10. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 10 Web graphical user interface • Password protected • User friendly (Desktop-like Graphical User Iinterface) • Managing authorization for: – Users – Groups – Services – Permissions – Permitted requests 12 November 2011
  • 11. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 11 OGC Services covered by GeoShield Web Map Service 1.1.1: Standard protocol for serving georeferenced map images over the Internet • GeoServer (tested): – Filtering capability CQL (Common Query Language) • Others (not tested) – INCLUDE/EXCLUDE filters only • Requests: – GetCapabilities – GetMap – GetFeatureInfo – GetLegendGraphic 12 November 2011
  • 12. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 12 OGC Services covered by GeoShield Web Feature Service 1.1.0: Standard protocol allowing requests for geographical raw data over the Internet • Permissions definition: – Filtering capability CQL (Common Query Language) • Requests (Basic profile): – GetCapabilities – DescribeFeatureType – GetFeature • OutPutFormat: GML 12 November 2011
  • 13. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 13 OGC Services covered by GeoShield Sensor Observation Service 1.0.0: Standard protocol allowing requests for retrieving sensor observation data • Permissions definition: – Excluding / Including Offerings • Requests (Basic profile): – GetCapabilities – GetObservation – DescribeSensor • Response format: – text/xml;subtype='sensorML/1.0.0' 12 November 2011
  • 14. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 14 The Sensor Observation Service protection • This is the latest part of GeoShield improvement • Handle the basic implementation (core profile) • Permissions are based on the sos:ObservationOffering grouping of the sos:Capabilities document, GeoShield can exclude the access to: • Features • Procedures • ObservedProperties • Caching permissions in memory for better performance 12 November 2011
  • 15. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 15 <sos:Capabilities> [...] <sos:Contents> <sos:ObservationOfferingList> <sos:ObservationOffering gml:id="aaaa"> <gml:name>urn:x-ist::offering:aaaa</gml:name> <gml:boundedBy>[…]</gml:boundedBy> <sos:eventTime>[…]</sos:eventTime> <sos:procedure xlink:href="B_TRE" /> <sos:procedure xlink:href="H_TRE" /> <sos:procedure xlink:href="P_TRE" /> <sos:procedure xlink:href="T_TRE" /> <sos:observedProperty xlink:href="urn:ogc:def:property:x-ist::meteo:air:humidity"/> <sos:observedProperty xlink:href="urn:ogc:def:property:x-ist::meteo:air:pressure"/> <sos:observedProperty xlink:href="urn:ogc:def:property:x-ist::meteo:air:radiation"/> <sos:observedProperty xlink:href="urn:ogc:def:property:x-ist::meteo:air:rainfall"/> <sos:featureOfInterest xlink:href="urn:ogc:object:feature:x-ist::station:Trevano"/> </sos:ObservationOffering> <sos:ObservationOffering gml:id=“bbbb"> […] </sos:ObservationOffering> <sos:responseFormat>text/xml;subtype='sensorML/1.0.0'</sos:responseFormat> <sos:responseMode>inline</sos:responseMode> <sos:resultModel>om:Observation</sos:resultModel> </sos:ObservationOfferingList> </sos:Contents> </sos:Capabilities>
  • 16. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 16 GeoShield’s Sensor Observation Service protection strategy ObservationOffering 1: • Sensor 1 S1 • Sensor 2 S2 ObservationOffering 2: Group 1 S5 • Sensor 3 S4 • Sensor 4 (private) • Sensor 5 S3 ObservationOffering 3: S6 • Sensor 1 • Sensor 2 Group 2 • Sensor 5 • Sensor 6
  • 17. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 17 GeoServer Resource Access Manager plug-in • This year, GeoServer 2.1 version has introduced support for data filtering with an improved security framework: – The main feature is the availability to extend the internal Resource Access Manager with a plug-in • Benefits: – No more limited permission (yes/no definition) for each layer – Extended capabilities to implement granular data access rules • Filters based on geographical functions (BBOX, INTERSETC…) • Filters based on attributes • Include / Exclude filters • Workspace permissions – Integration with external users database – More reliable and stronger protection at data abstraction level 12 November 2011
  • 18. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 18 Access rule application process User GeoServer GeoShield 1. GetMap 2. Authentication 3. Authorization object 5. Error 401 - Unauthorized 4. User is authorized? User: foo.bar 5. Caching Password: xxxxxxx 6. Get Access Rule Ok Cancel 7. Rule Object 9. Map 8. Apply rule / Caching rule
  • 19. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 19 Benchmarking WMS GetMap • Tests are going to be run using JMeter on my Workstation: – Ubuntu 10.04, Intel Core Duo 2.4 GHz E4600, 4Gb RAM • Using a progression of 1, 2, 4, 8, 16 and 32 threads, each thread group doing 100, 200, 200, 400, 400, 800 requests respectively • Layer: topp:tasmania_water_bodies threads/requests 1/100 2/200 4/200 8/400 16/400 GeoServer* 79 71 79 102 316 GeoShield 291 315 653 3346 7837 (PROXY) GeoServer 134 151 190 332 1320 (PLUGIN) * without authentication 12 November 2011
  • 20. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 20 Installing the plug-in When GeoServer and GeoShield are installed, adding the Resource Access Manager plug-in is quite simple: 1. Copy the geoshield-1.0.jar file into the GeoServer’s WEB-INF/lib directory 2. Modify the web.xml file adding a Filter definition 3. Create the GEOSHIELD_USER 4. Configure the permissions on GeoShield 12 November 2011
  • 21. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 21 GeoServer Resource Access Manager plug-in Demo 12 November 2011
  • 22. DACD / IST / Managing authentication and permissions to OGC services with GeoShield 22 Next improvements • Extending security: – Web Processing Service – Web Applications • Web administration interface – Integration with GeoServer Web Interface – OpenLayers integration (Real Time Permission definition and test) • Release of the GeoShield stable version 1.0 (end of 2011) – Code refactoring – Better performance 12 November 2011
  • 23. DACD / IST / Managing authentication and permissions to OGC services with GeoShield Thank you Institute of Earth science http://www.ist.supsi.ch GeoShield project http://sites.google.com/site/geoshieldproject Milan P. Antonovic, Institute of Earth science - SUPSI Massimiliano Cannata, Institute of Earth science - SUPSI 12 November 2011