This document discusses security measures for integrating new smart services with existing service infrastructures in the SUNSHINE pilot project. It covers authentication using identification and validation of identity, authorization using role-based access control and attribute-based access control, and the system architecture for enforcing security policies. The architecture uses a reverse proxy, service proxy, XACML repository and engine, and components like OpenDJ LDAP and WSO2 Identity Server and Enterprise Service Bus.
S.2.f Specifications for Data Ingestion via Green ButtonSUNSHINEProject
This document provides specifications for implementing a Green Button web service to expose utility consumption data from pilot projects to the SUNSHINE platform. It describes the Green Button initiative, actors involved, and how it relates to the SUNSHINE scenario. It also provides instructions on installing and configuring the required software components, including the DataCustodian application, database, and web services to ingest and export meter reading data using XML formats. Security is implemented using the OAuth protocol to authorize third parties to access consumption data on behalf of pilot projects.
The document describes the meter data management service of the SUNSHINE project. The service collects data from various sensors in pilot buildings, including energy meter consumption data, indoor temperature readings, and weather data. It ingests the data through different interfaces, stores it in a standardized format in a Sensor Observation Service database, and provides access to the data through web services. Key components of the service include an FTP ingestion process, a GreenButton ingestion interface, a weather data ingestion process, and sensor data access interfaces.
This document describes the SUNSHINE project which aims to develop a platform and suite of services for improving energy efficiency in urban areas. It outlines 6 services the platform will provide: 1) a meter data management service, 2) a remote system management service, 3) a building efficiency pre-certification service, 4) a citizen-oriented alert and communication service, 5) a 3D web portal and apps, and 6) training materials. Each service has associated tasks and deliverables described in the SUNSHINE project. The platform will integrate data from buildings, sensors, meters and other systems to provide analytics, recommendations and alerts to citizens and operators.
The document provides specifications for web and mobile interfaces to access daily heating and cooling system usage suggestions for buildings and shelters. It outlines two main use cases - accessing daily suggestions, which would display the requested comfort profile, estimated internal temperatures, and suggested on/off times; and viewing or editing comfort profiles and system thresholds. Mockups are provided for interfaces that would display this information on a web client, mobile app, or via email. It also specifies the backend RESTful and SOS services that would power the interfaces, allowing getting, putting, and modifying data like comfort profiles and thresholds.
The document discusses security and privacy strategies for the SUNSHINE project. It outlines plans to update documentation to address new attack models and standards. The project uses an identity management system with role, attribute, and consent-based access control based on XACML/SAML. Next steps include further testing the implementation, analyzing user data to define access rules, and developing new standards through partnerships.
This document describes the components and interfaces of a lamp control service. It consists of multiple levels: a client interface, central server services for grouping and scheduling, and pilot-specific services for interacting with control devices. The document focuses on the interfaces between the client, central servers, and pilot services. It defines commands that can be sent between these levels for different use cases of long-term scheduling, exceptional scheduling, and instant commands. Interface specifics are provided for translating commands to the protocols understood by the PowerOne and Reverberi pilot systems.
S.1.a Data Model for Energy Map Data CollectionSUNSHINEProject
This document presents a data model for collecting building energy performance data as part of the Sunshine project. It includes classes, attributes, data types and domains for representing buildings and their characteristics. The model is based on INSPIRE specifications for buildings data. It defines two groups for basic building data needed for the project and an extended model with additional optional attributes. Mandatory attributes include a building ID, construction period, height, elevation, main use and energy performance validation data.
S.2.e Specifications for Data Ingestion via Sunshine FTPSUNSHINEProject
This document provides specifications for ingesting pilot consumption and sensor data via FTP into Sunshine's data repository. It describes the required meter mapping file format and consumption/sensor data file formats, including naming conventions and metadata to include. Meter mappings relate devices to buildings and define reading types and frequencies. Data files group timestamped readings and costs into CSVs with specified naming and formatting.
S.2.f Specifications for Data Ingestion via Green ButtonSUNSHINEProject
This document provides specifications for implementing a Green Button web service to expose utility consumption data from pilot projects to the SUNSHINE platform. It describes the Green Button initiative, actors involved, and how it relates to the SUNSHINE scenario. It also provides instructions on installing and configuring the required software components, including the DataCustodian application, database, and web services to ingest and export meter reading data using XML formats. Security is implemented using the OAuth protocol to authorize third parties to access consumption data on behalf of pilot projects.
The document describes the meter data management service of the SUNSHINE project. The service collects data from various sensors in pilot buildings, including energy meter consumption data, indoor temperature readings, and weather data. It ingests the data through different interfaces, stores it in a standardized format in a Sensor Observation Service database, and provides access to the data through web services. Key components of the service include an FTP ingestion process, a GreenButton ingestion interface, a weather data ingestion process, and sensor data access interfaces.
This document describes the SUNSHINE project which aims to develop a platform and suite of services for improving energy efficiency in urban areas. It outlines 6 services the platform will provide: 1) a meter data management service, 2) a remote system management service, 3) a building efficiency pre-certification service, 4) a citizen-oriented alert and communication service, 5) a 3D web portal and apps, and 6) training materials. Each service has associated tasks and deliverables described in the SUNSHINE project. The platform will integrate data from buildings, sensors, meters and other systems to provide analytics, recommendations and alerts to citizens and operators.
The document provides specifications for web and mobile interfaces to access daily heating and cooling system usage suggestions for buildings and shelters. It outlines two main use cases - accessing daily suggestions, which would display the requested comfort profile, estimated internal temperatures, and suggested on/off times; and viewing or editing comfort profiles and system thresholds. Mockups are provided for interfaces that would display this information on a web client, mobile app, or via email. It also specifies the backend RESTful and SOS services that would power the interfaces, allowing getting, putting, and modifying data like comfort profiles and thresholds.
The document discusses security and privacy strategies for the SUNSHINE project. It outlines plans to update documentation to address new attack models and standards. The project uses an identity management system with role, attribute, and consent-based access control based on XACML/SAML. Next steps include further testing the implementation, analyzing user data to define access rules, and developing new standards through partnerships.
This document describes the components and interfaces of a lamp control service. It consists of multiple levels: a client interface, central server services for grouping and scheduling, and pilot-specific services for interacting with control devices. The document focuses on the interfaces between the client, central servers, and pilot services. It defines commands that can be sent between these levels for different use cases of long-term scheduling, exceptional scheduling, and instant commands. Interface specifics are provided for translating commands to the protocols understood by the PowerOne and Reverberi pilot systems.
S.1.a Data Model for Energy Map Data CollectionSUNSHINEProject
This document presents a data model for collecting building energy performance data as part of the Sunshine project. It includes classes, attributes, data types and domains for representing buildings and their characteristics. The model is based on INSPIRE specifications for buildings data. It defines two groups for basic building data needed for the project and an extended model with additional optional attributes. Mandatory attributes include a building ID, construction period, height, elevation, main use and energy performance validation data.
S.2.e Specifications for Data Ingestion via Sunshine FTPSUNSHINEProject
This document provides specifications for ingesting pilot consumption and sensor data via FTP into Sunshine's data repository. It describes the required meter mapping file format and consumption/sensor data file formats, including naming conventions and metadata to include. Meter mappings relate devices to buildings and define reading types and frequencies. Data files group timestamped readings and costs into CSVs with specified naming and formatting.
SUNSHINE Project: Francesco Pignatelli, Maria Teresa BorzacchielloSUNSHINEProject
The document discusses the European Union Location Framework (EULF) project and its goals of promoting effective location-enabled e-government across Europe. It outlines EULF deliverables including recommendations, guidelines and pilot studies in sectors like transport, marine and energy. One such feasibility study examines how location data can support energy efficiency policies by analyzing data requirements and identifying opportunities for geospatial technologies to increase effectiveness of stakeholders and policymaking. The document concludes by discussing plans to implement an open data platform and workshop to help advance the energy pilot.
SUNSHINE Project: Romain Nouvel, Jean Marie BahuSUNSHINEProject
The document discusses the development of the CityGML ADE Energy, which extends the CityGML open standard for exchanging 3D urban data to include energy-related objects and attributes. It was developed through a participatory process with international experts over multiple phases. The Energy ADE has a modular structure including cores for construction/materials, occupancy, and energy/systems. It aims to enable data exchange and interoperability between urban energy stakeholders and tools. Initial applications show its potential to support various urban energy analyses. Collaboration will continue to harmonize concepts with CityGML 3.0 and INSPIRE developments.
This presentation contains the information with regard to the scalability and replicability analysis performed in InteGrid (H2020 project) in addition to the replication roadmap and best practices (recommendations) identified.
This document provides an agenda and background for an online webinar to share the results of a scalability and replicability analysis (SRA) conducted as part of the InteGrid project. The webinar will present results from functional, ICT, economic, and regulatory SRAs assessing how smart grid technologies developed in InteGrid may perform at larger scale or in different network conditions. The SRA aims to identify drivers, barriers, and constraints to deploying these technologies more widely. Results and a replication roadmap developed by the SRA will be made publicly available.
Standard geodata models for Energy Performance of Buildings: experiences from...Piergiorgio Cipriano
Presentation at the workshop "Benchmarking Energy Sustainability in Cities" organised by the Joint Research Centre of the European Commission (Torino, 25/11/2014):
http://iet.jrc.ec.europa.eu/energyefficiency/workshop/benchmarking-energy-sustainability-cities
Elecnor Deimos provides the Energy Suite, which consists of systems for rail infrastructure maintenance, economic exploitation, and real-time control. The suite automatically acquires real-time data from rail environments, allows for economic optimization, and enables remote control. It integrates systems for energy production monitoring, billing management, remote device control, inventory tracking, meteorological data collection, and other functions. For more details on Elecnor Deimos' Energy Suite for rail systems, contact their product information email.
1) This document discusses several research papers related to continuous data acquisition algorithms for smart grids using cloud-based technologies and smart meters.
2) It summarizes papers on cloud-based smart metering systems that use standardized communication between smart meters and servers stored in the cloud to optimize energy consumption. Another paper proposes a data collection algorithm that uses energy maps and clustering to reduce energy consumption and increase network lifetime.
3) A third paper discusses utilities using satellites to remotely collect meter data in real-time for accuracy. A final paper presents an algorithm for smart building power consumption scheduling that uses smart meters and dynamic pricing to incentivize shifting usage to low-cost time periods.
This document summarizes a presentation on smart metering in Europe. It discusses policy changes driving smart metering adoption, regulatory challenges around implementation, and business opportunities created by smart metering. Key points include: European Union directives and legislation are mandating smart metering to facilitate energy efficiency and markets; national regulatory approaches vary significantly; costs and benefits of smart metering need to be identified and quantified; and smart metering enables new business models and opportunities for consumers, suppliers, and network operators through demand response and improved system efficiency. Harmonization of technical standards and functional requirements is recommended to facilitate cost-effective regional adoption of smart metering.
VPS is a technology company that provides cloud-based energy management solutions, including Energy Savings as a Service (ESaaS), to various sectors including industrial, commercial, residential, and utilities. Over the past 25+ years, VPS has implemented its internationally recognized technology and solutions in over 25 countries across 5 continents, selling over 100k Internet of Things devices. VPS aims to build large virtual power plants across Europe by aggregating energy savings from all sectors to contribute to a low carbon economy and balance electric grids. Its core offering is the VPS Integrated Platform which provides real-time active demand management of energy consumption for industrial, commercial, and domestic clients.
GIS Based Power Distribution System: A Case study for the Junagadh Cityijsrd.com
In this paper power distribution data (poles, transformers and transmission lines) have been mapped using GPS and high resolution remote sensing images. These details have been put in GIS using ArcGIS 9.1 software. Various things like road network and land use are also superimposed on the power distribution system GIS layer. Various types of analysis like finding a pole or circuit of specific transformer can be done using GIS tools.
Calculation Tools & ICT Insights on energy saving: SAT-S, Save@Work, GreenSpe...ICT FOOTPRINT .eu
The 4th ICTFOOTPRINT free webinar has crucial information on ICT Calculation tools and Sustainable ICT insights on energy savings, on 23rd February 2017, 15:00 CET. All those who want to improve ICT energy efficiency in their business are welcome to join us in this exciting webinar.
After years of seemingly infinite IT resources, software developers are facing new efficiency challenges on smartphones and IoT devices. Mobile users want more features, but not less battery life. Thomas Corvaisier (CEO of GREENSPECTOR) introduced the concept of software eco-design, and tell us how it may help lowering the consumption of IT resources while preserving performance and user experience.
Frédéric Croisson, from Deloitte Sustainability, showcased the ICTFOOTPRINT.eu Self-Assessment Tool for Services (SAT-S), a useful, quick and easy-to-use tool that calculates the carbon footprint of your ICT services. The tool helps users not only to make informed decisions about how to make an ICT service sustainable, but also discover the impact of ICT devices & activities in terms of Green House Gas emissions and primary energy consumption.
Energy savings can be achieved thanks to simple sustainable daily practices, which can be implemented by organisations employees. Karen Robinson shared some sustainable ICT practices and introduce the save@work initiative, which encourages public sector employee’s to come together in teams to reduce the energy consumption of their building by making small changes to their everyday energy consuming behaviours. Adding an element of competition to the project has been a significant driver in encouraging teams to really examine and challenge those unconscious energy consuming behaviours. The scale of working in a large office has also highlighted those practices that on their own seem to make almost insignificant savings but when applied across an office of over 300 people, have a very different impact.
Smart Grids:Enterprise GIS For Distribution Loss Reduction in Electric Utilit...HIMADRI BANERJI
1. The document discusses implementing an Enterprise GIS system for two power distribution companies in Delhi, BRPL and BYPL, to help reduce distribution losses and improve customer service.
2. Key goals of implementing GIS include reducing outage times, stopping power theft, improving asset management, and achieving a zero fatality safety rate.
3. The implementation plan includes developing GIS data models, capturing network and customer data digitally, integrating GIS with other systems like SAP and SCADA, and providing network analysis tools.
4. Estimates show the project has a payback period of less than 1 year and will generate over $400 million in additional revenue over 3 years with returns of 138%, making
Intemodal Traveller Information - In-Timeboehmchen
The document discusses the In-Time project, which aims to reduce energy consumption through personalized intermodal traveler information on mobile devices. It describes the project concept of providing standardized real-time multimodal travel data to travelers. It also outlines the methodology for assessing the project's environmental impacts, such as reduced emissions from optimized traffic management and shifts to more sustainable modes of transportation.
the hybrid cloud[1] World Pipeline MagazineLayne Tucker
1. The document discusses a pilot project funded by the US Department of Transportation to test whether cloud and mobile technologies could improve pipeline risk management processes like damage prevention and integrity management.
2. The pilot project implemented ProStar's cloud-based geospatial solution called Transparent Earth to capture precise location data of buried pipelines using mobile devices, GPS, and pipe locators. This allowed real-time sharing of pipeline location and attribute data with field workers.
3. The pilot was successful, improving data collection, quality, and accessibility. Using cloud and mobile technologies enhanced workflows and supported compliance with new regulations.
Smart gas meters offer several advantages over traditional mechanical gas meters. They can record consumption with high accuracy, remotely report usage data, detect tampering, and enable prepayment options. Different technologies like ultrasonic, thermal, and charge flow based meters can enable smart functionality while eliminating issues with mechanical meters like moving parts and accuracy degradation. Communication systems like Zigbee, Bluetooth, and WiFi allow meters to transmit data wirelessly to utilities for automated meter reading and remote control of supply. Smart meters benefit both consumers through improved billing and utilities through lower operational costs and improved revenue collection.
BACS requirements in the revised EPBD: How to check compliance?Leonardo ENERGY
To support EU Member States in implementing the revised Energy Performance of Buildings Directive (EPBD), eu.bac has created a compliance checklist for Building Automation and Control System requirements related to the mandatory capabilities listed in Art.14 and Art.15.
The checklist provides a necessary reference list and highly detailed tool for building owners and managers, compliance inspectors, building designers, installers and policymakers.
In this slide deck:
1. The revised EPBD and the need for a tool to verify BACS compliance (Simone ALESSANDRI)
2. The EPBD BACS Compliance Verification Package (Bonnie BROOK)
3. Compliant BACS: prerequisite to the digital transformation of EU’s built environment (Andrei LITIU)
The document discusses decommissioning shared corporate services between the Department of Corrective Services and the Department of the Attorney General. It outlines the following key points:
1) The WA Government established the Office of the Government Chief Information Officer to consolidate and centralize IT procurement across agencies through a new shared services platform called GovNext aimed at reducing costs.
2) Transitioning to GovNext requires reengineering business and IT processes and formulating an adoption strategy aligned with goals and objectives.
3) The project developed a business-driven cloud adoption strategy and plan to segregate the DCS IT environment from shared services while ensuring service continuity and agility. It assessed applications for cloud suitability and documented target architectures.
Overview of the FlexPlan project. Focus on EU regulatory analysis and TSO-DSO...Leonardo ENERGY
Webinar recording at https://youtu.be/4s2GGlu-ylc
The FlexPlan project (https://flexplan-project.eu/) aims at establishing a new grid planning methodology making use of storage and flexible loads as an alternative to the build-up of new grid elements. After introducing the project, the webinar will focus on pan-European grid planning regulation and present practices of TSOs and DSOs.
Bruce Thompson on digital disruption and the environment OCESAdmin
Bruce Thompson talks about land capability mapping in the Victorian context at IPAA Public Sector Week session on digital disruption and the environment, sponsored by the Commissioner for Environmental Sustainability and Nous Group.
Telensa provides smart city applications and services using lighting infrastructure. They have connected 1 in 10 UK lights and provide services for smart lighting, parking, waste management, and traffic. Their network supports both mains-powered and battery-powered devices over a wide area without connectivity costs. They are a leading partner for City Verve Manchester, the UK's flagship smart city project, and are working on integrating applications like parking, lighting, and traffic data using open standards. Selecting the right network technology is important for supporting a variety of smart city services and platforms into the future.
This document describes the STRATEGIC project, which aims to increase adoption of cloud computing by governmental bodies. It will deliver a cloud-enabled infrastructure and services to allow governments to deploy existing online services to the cloud, reuse services across regions, and develop new composite services securely. The project will involve three pilot sites - Camden, the City of Genoa, and the Municipality of Stari Grad - with use cases like open data initiatives, cross-border authentication, and cloud-based certificate issuance. It will run from 2014-2016 with a total budget of over 4 million Euros, and seeks to address challenges like complex application requirements and cross-border service needs faced by governments.
Development of web-based surveillance system for Internet of Things (IoT) app...journalBEEI
With the advancement of wireless technology, our dependency on smart system has increases to a higher level than before. Without doubt, integration between different technologies becomes inevitable in order create affordable surveillance system. This paper presents the development of with web-based surveillance system with a dedicated Android-based mobile application using a Raspberry Pi and its supporting components i.e., Pi-Camera, PIR motion sensor, Ultrasonic sensor, web-based & mobile application. The designed system also utilizes Node-Red development tools as the platform to integrate all components of the system, MQTT as the communication protocol for data acquisition and ThingSpeak as the middleware. The proposed system can be implemented over the internet using any computer and mobile devices, at anywhere and anytime. The system can automatically stream live video viewed from the Android mobile application and the Raspberry Pi device can send an alert notification to users via email and SMS. The system can be one possible features in smart home system and is considered as an affordable solution, customizable and easy to implement in comparison with other commercial surveillance system products such as CCTV or IP Camera
SUNSHINE Project: Francesco Pignatelli, Maria Teresa BorzacchielloSUNSHINEProject
The document discusses the European Union Location Framework (EULF) project and its goals of promoting effective location-enabled e-government across Europe. It outlines EULF deliverables including recommendations, guidelines and pilot studies in sectors like transport, marine and energy. One such feasibility study examines how location data can support energy efficiency policies by analyzing data requirements and identifying opportunities for geospatial technologies to increase effectiveness of stakeholders and policymaking. The document concludes by discussing plans to implement an open data platform and workshop to help advance the energy pilot.
SUNSHINE Project: Romain Nouvel, Jean Marie BahuSUNSHINEProject
The document discusses the development of the CityGML ADE Energy, which extends the CityGML open standard for exchanging 3D urban data to include energy-related objects and attributes. It was developed through a participatory process with international experts over multiple phases. The Energy ADE has a modular structure including cores for construction/materials, occupancy, and energy/systems. It aims to enable data exchange and interoperability between urban energy stakeholders and tools. Initial applications show its potential to support various urban energy analyses. Collaboration will continue to harmonize concepts with CityGML 3.0 and INSPIRE developments.
This presentation contains the information with regard to the scalability and replicability analysis performed in InteGrid (H2020 project) in addition to the replication roadmap and best practices (recommendations) identified.
This document provides an agenda and background for an online webinar to share the results of a scalability and replicability analysis (SRA) conducted as part of the InteGrid project. The webinar will present results from functional, ICT, economic, and regulatory SRAs assessing how smart grid technologies developed in InteGrid may perform at larger scale or in different network conditions. The SRA aims to identify drivers, barriers, and constraints to deploying these technologies more widely. Results and a replication roadmap developed by the SRA will be made publicly available.
Standard geodata models for Energy Performance of Buildings: experiences from...Piergiorgio Cipriano
Presentation at the workshop "Benchmarking Energy Sustainability in Cities" organised by the Joint Research Centre of the European Commission (Torino, 25/11/2014):
http://iet.jrc.ec.europa.eu/energyefficiency/workshop/benchmarking-energy-sustainability-cities
Elecnor Deimos provides the Energy Suite, which consists of systems for rail infrastructure maintenance, economic exploitation, and real-time control. The suite automatically acquires real-time data from rail environments, allows for economic optimization, and enables remote control. It integrates systems for energy production monitoring, billing management, remote device control, inventory tracking, meteorological data collection, and other functions. For more details on Elecnor Deimos' Energy Suite for rail systems, contact their product information email.
1) This document discusses several research papers related to continuous data acquisition algorithms for smart grids using cloud-based technologies and smart meters.
2) It summarizes papers on cloud-based smart metering systems that use standardized communication between smart meters and servers stored in the cloud to optimize energy consumption. Another paper proposes a data collection algorithm that uses energy maps and clustering to reduce energy consumption and increase network lifetime.
3) A third paper discusses utilities using satellites to remotely collect meter data in real-time for accuracy. A final paper presents an algorithm for smart building power consumption scheduling that uses smart meters and dynamic pricing to incentivize shifting usage to low-cost time periods.
This document summarizes a presentation on smart metering in Europe. It discusses policy changes driving smart metering adoption, regulatory challenges around implementation, and business opportunities created by smart metering. Key points include: European Union directives and legislation are mandating smart metering to facilitate energy efficiency and markets; national regulatory approaches vary significantly; costs and benefits of smart metering need to be identified and quantified; and smart metering enables new business models and opportunities for consumers, suppliers, and network operators through demand response and improved system efficiency. Harmonization of technical standards and functional requirements is recommended to facilitate cost-effective regional adoption of smart metering.
VPS is a technology company that provides cloud-based energy management solutions, including Energy Savings as a Service (ESaaS), to various sectors including industrial, commercial, residential, and utilities. Over the past 25+ years, VPS has implemented its internationally recognized technology and solutions in over 25 countries across 5 continents, selling over 100k Internet of Things devices. VPS aims to build large virtual power plants across Europe by aggregating energy savings from all sectors to contribute to a low carbon economy and balance electric grids. Its core offering is the VPS Integrated Platform which provides real-time active demand management of energy consumption for industrial, commercial, and domestic clients.
GIS Based Power Distribution System: A Case study for the Junagadh Cityijsrd.com
In this paper power distribution data (poles, transformers and transmission lines) have been mapped using GPS and high resolution remote sensing images. These details have been put in GIS using ArcGIS 9.1 software. Various things like road network and land use are also superimposed on the power distribution system GIS layer. Various types of analysis like finding a pole or circuit of specific transformer can be done using GIS tools.
Calculation Tools & ICT Insights on energy saving: SAT-S, Save@Work, GreenSpe...ICT FOOTPRINT .eu
The 4th ICTFOOTPRINT free webinar has crucial information on ICT Calculation tools and Sustainable ICT insights on energy savings, on 23rd February 2017, 15:00 CET. All those who want to improve ICT energy efficiency in their business are welcome to join us in this exciting webinar.
After years of seemingly infinite IT resources, software developers are facing new efficiency challenges on smartphones and IoT devices. Mobile users want more features, but not less battery life. Thomas Corvaisier (CEO of GREENSPECTOR) introduced the concept of software eco-design, and tell us how it may help lowering the consumption of IT resources while preserving performance and user experience.
Frédéric Croisson, from Deloitte Sustainability, showcased the ICTFOOTPRINT.eu Self-Assessment Tool for Services (SAT-S), a useful, quick and easy-to-use tool that calculates the carbon footprint of your ICT services. The tool helps users not only to make informed decisions about how to make an ICT service sustainable, but also discover the impact of ICT devices & activities in terms of Green House Gas emissions and primary energy consumption.
Energy savings can be achieved thanks to simple sustainable daily practices, which can be implemented by organisations employees. Karen Robinson shared some sustainable ICT practices and introduce the save@work initiative, which encourages public sector employee’s to come together in teams to reduce the energy consumption of their building by making small changes to their everyday energy consuming behaviours. Adding an element of competition to the project has been a significant driver in encouraging teams to really examine and challenge those unconscious energy consuming behaviours. The scale of working in a large office has also highlighted those practices that on their own seem to make almost insignificant savings but when applied across an office of over 300 people, have a very different impact.
Smart Grids:Enterprise GIS For Distribution Loss Reduction in Electric Utilit...HIMADRI BANERJI
1. The document discusses implementing an Enterprise GIS system for two power distribution companies in Delhi, BRPL and BYPL, to help reduce distribution losses and improve customer service.
2. Key goals of implementing GIS include reducing outage times, stopping power theft, improving asset management, and achieving a zero fatality safety rate.
3. The implementation plan includes developing GIS data models, capturing network and customer data digitally, integrating GIS with other systems like SAP and SCADA, and providing network analysis tools.
4. Estimates show the project has a payback period of less than 1 year and will generate over $400 million in additional revenue over 3 years with returns of 138%, making
Intemodal Traveller Information - In-Timeboehmchen
The document discusses the In-Time project, which aims to reduce energy consumption through personalized intermodal traveler information on mobile devices. It describes the project concept of providing standardized real-time multimodal travel data to travelers. It also outlines the methodology for assessing the project's environmental impacts, such as reduced emissions from optimized traffic management and shifts to more sustainable modes of transportation.
the hybrid cloud[1] World Pipeline MagazineLayne Tucker
1. The document discusses a pilot project funded by the US Department of Transportation to test whether cloud and mobile technologies could improve pipeline risk management processes like damage prevention and integrity management.
2. The pilot project implemented ProStar's cloud-based geospatial solution called Transparent Earth to capture precise location data of buried pipelines using mobile devices, GPS, and pipe locators. This allowed real-time sharing of pipeline location and attribute data with field workers.
3. The pilot was successful, improving data collection, quality, and accessibility. Using cloud and mobile technologies enhanced workflows and supported compliance with new regulations.
Smart gas meters offer several advantages over traditional mechanical gas meters. They can record consumption with high accuracy, remotely report usage data, detect tampering, and enable prepayment options. Different technologies like ultrasonic, thermal, and charge flow based meters can enable smart functionality while eliminating issues with mechanical meters like moving parts and accuracy degradation. Communication systems like Zigbee, Bluetooth, and WiFi allow meters to transmit data wirelessly to utilities for automated meter reading and remote control of supply. Smart meters benefit both consumers through improved billing and utilities through lower operational costs and improved revenue collection.
BACS requirements in the revised EPBD: How to check compliance?Leonardo ENERGY
To support EU Member States in implementing the revised Energy Performance of Buildings Directive (EPBD), eu.bac has created a compliance checklist for Building Automation and Control System requirements related to the mandatory capabilities listed in Art.14 and Art.15.
The checklist provides a necessary reference list and highly detailed tool for building owners and managers, compliance inspectors, building designers, installers and policymakers.
In this slide deck:
1. The revised EPBD and the need for a tool to verify BACS compliance (Simone ALESSANDRI)
2. The EPBD BACS Compliance Verification Package (Bonnie BROOK)
3. Compliant BACS: prerequisite to the digital transformation of EU’s built environment (Andrei LITIU)
The document discusses decommissioning shared corporate services between the Department of Corrective Services and the Department of the Attorney General. It outlines the following key points:
1) The WA Government established the Office of the Government Chief Information Officer to consolidate and centralize IT procurement across agencies through a new shared services platform called GovNext aimed at reducing costs.
2) Transitioning to GovNext requires reengineering business and IT processes and formulating an adoption strategy aligned with goals and objectives.
3) The project developed a business-driven cloud adoption strategy and plan to segregate the DCS IT environment from shared services while ensuring service continuity and agility. It assessed applications for cloud suitability and documented target architectures.
Overview of the FlexPlan project. Focus on EU regulatory analysis and TSO-DSO...Leonardo ENERGY
Webinar recording at https://youtu.be/4s2GGlu-ylc
The FlexPlan project (https://flexplan-project.eu/) aims at establishing a new grid planning methodology making use of storage and flexible loads as an alternative to the build-up of new grid elements. After introducing the project, the webinar will focus on pan-European grid planning regulation and present practices of TSOs and DSOs.
Bruce Thompson on digital disruption and the environment OCESAdmin
Bruce Thompson talks about land capability mapping in the Victorian context at IPAA Public Sector Week session on digital disruption and the environment, sponsored by the Commissioner for Environmental Sustainability and Nous Group.
Telensa provides smart city applications and services using lighting infrastructure. They have connected 1 in 10 UK lights and provide services for smart lighting, parking, waste management, and traffic. Their network supports both mains-powered and battery-powered devices over a wide area without connectivity costs. They are a leading partner for City Verve Manchester, the UK's flagship smart city project, and are working on integrating applications like parking, lighting, and traffic data using open standards. Selecting the right network technology is important for supporting a variety of smart city services and platforms into the future.
This document describes the STRATEGIC project, which aims to increase adoption of cloud computing by governmental bodies. It will deliver a cloud-enabled infrastructure and services to allow governments to deploy existing online services to the cloud, reuse services across regions, and develop new composite services securely. The project will involve three pilot sites - Camden, the City of Genoa, and the Municipality of Stari Grad - with use cases like open data initiatives, cross-border authentication, and cloud-based certificate issuance. It will run from 2014-2016 with a total budget of over 4 million Euros, and seeks to address challenges like complex application requirements and cross-border service needs faced by governments.
Development of web-based surveillance system for Internet of Things (IoT) app...journalBEEI
With the advancement of wireless technology, our dependency on smart system has increases to a higher level than before. Without doubt, integration between different technologies becomes inevitable in order create affordable surveillance system. This paper presents the development of with web-based surveillance system with a dedicated Android-based mobile application using a Raspberry Pi and its supporting components i.e., Pi-Camera, PIR motion sensor, Ultrasonic sensor, web-based & mobile application. The designed system also utilizes Node-Red development tools as the platform to integrate all components of the system, MQTT as the communication protocol for data acquisition and ThingSpeak as the middleware. The proposed system can be implemented over the internet using any computer and mobile devices, at anywhere and anytime. The system can automatically stream live video viewed from the Android mobile application and the Raspberry Pi device can send an alert notification to users via email and SMS. The system can be one possible features in smart home system and is considered as an affordable solution, customizable and easy to implement in comparison with other commercial surveillance system products such as CCTV or IP Camera
The SOCIOTAL project aims to create a citizen-centric Internet of Things by encouraging citizen participation and control over IoT devices and data. The project will develop tools and frameworks to address challenges around trust, privacy, and governance for a large-scale, crowd-sourced IoT infrastructure. It will also study barriers to citizen participation in IoT and design intuitive interfaces to empower citizens. The project will pilot services in two cities to demonstrate value to communities.
STRATEGIC is a project that focus on the migration to the cloud and the development of cloud services used by public bodies, by offering secure and privacy friendly localization, adaptation and governance of public cloud services.
Digital policing applications and services catalogueRobin Brooke
This document provides a summary of digital policing applications and services from Microsoft. It introduces applications like custody observation, evidence collection, and non-urgent crime reporting that can help police forces address challenges around budget cuts and changing citizen expectations. The applications are designed for Windows 8 and Windows Phone 8 and can integrate with existing police systems. The goal is to deliver impactful changes within months through an agile approach focused on user needs.
IRJET- Ambulance Detection and Traffic Control SystemIRJET Journal
This document proposes an ambulance detection and traffic control system to reduce traffic congestion delays for emergency vehicles. The system uses a GPS module in ambulances to transmit location data via WiFi to the cloud. This data is then sent to smart traffic control systems equipped with Raspberry Pi computers. The traffic control systems can dynamically adjust traffic light timing based on ambulance locations to provide clear routes for emergency vehicles and reduce response times. The low-cost system has the potential to be implemented across an entire city and decrease casualties from congested traffic situations.
A major problem in day to day life is parking of vehicles especially the car parking at an appropriate place. And this issue indirectly leads to traffic congestion. This paper presents the basic concept of using server or cloud based smart parking services in smart cities as an important application of the Internet of Things (IoT) paradigm. This system will be accessible through a mobile app or through the webpage provided and can be used to monitor or find the empty slots in that area.
Presentation on ICT trends in developments and what this means for the agri-food business, focussing on the FIspace platform. The presentation was part of the mastercourse Hortibusiness in which about 20 entrepreneurs from the horticultural business are participating.
Cyber security for smart cities an architecture model for public transportAndrey Apuhtin
This document provides an overview of cyber security considerations for public transport systems in smart cities. It defines key stakeholders and interactions between public transport operators and other entities. The document presents an architecture model showing how these interactions mature as cities become smarter. It identifies cyber threats, including intentional attacks and accidents, and recommends good practices for public transport operators to enhance cyber security. These include supporting a harmonized security framework, increasing knowledge sharing and spending on security, and clearly defining security roles and responsibilities across stakeholders.
Smart Cities, IoT, SDN, 5G Networks, Cloud Computing… Managing Complexity wit...Bristol Is Open
Service & Content Providers’ Perspective of Smart Cities -How to enrich citizen experience using a pervasive urban SDN connectivity environment, Ramon Casellas
The document provides an overview of the SocIoTal project, which aims to create a socially aware, citizen-centric Internet of Things. The 3-year project is funded by the European Commission and coordinated by the University of Surrey. It brings together partners from 6 European countries. The project's goals are to encourage citizen participation in the IoT, provide direct benefits to citizens and communities, and give citizens control over access to IoT data. It will develop frameworks for governance, trust, privacy, and citizen empowerment and conduct pilots of IoT services in two cities.
This document discusses smart infrastructure security. It notes that cities are rapidly deploying smart technologies through sensors and networks, but these systems raise new cybersecurity questions. Experts are working to help secure these systems and reduce risks. The document advocates for a collaborative approach between experts worldwide to best predict and eliminate security issues given the complex interconnected nature of smart infrastructure.
The document discusses how cities are implementing smart infrastructure technologies like sensors and networked devices to improve services but also raises security concerns as these systems are vulnerable to cyber threats. It describes how Surat city launched a Picture Intelligence Unit using facial recognition technology connected to CCTV cameras to help identify criminals and detect suspicious activity in real-time, leading to a 27% reduction in crime. The document advocates for a collaborative approach between experts worldwide to help secure these smart city systems and ensure public safety.
Seminar TIK Indosat - 17/12/'14 - Presentasi PT Telkom - Alip PriyonoIwan S
Indonesia is looking to become a leading digital economy by 2020 through its Indonesia Digital Network (IDN) 2020 initiative. IDN 2020 aims to improve Indonesia's digital infrastructure and connectivity, and transform the country into a top 40 network readiness ranking by the World Economic Forum. A key part of realizing IDN 2020 is developing Indonesia into a regional Telecommunication-Information-Media-Edutainment-Services (TIMES) hub and an API platform/factory to attract more digital content and accelerate content creation locally. These developments will help build out Indonesia's digital ecosystem and drive economic growth through improved broadband connectivity across the country.
Maurizio Bianchi will give a presentation on April 28th from 4:00pm in Room Asia D on technologies and services for a smart world. The presentation will discuss applications of the Internet of Things for smart cities, including smart grids, mobility, and health. It will also cover advances in miniaturization and integration that are accelerating the use of embedded ICT in physical objects ranging from clothes to homes, cars, and public spaces. Finally, it will address how the Internet of Things can create a global, hyper-connected society characterized by more autonomous systems.
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
Cloud Security Alliance EMEA Congress
Using cloud services: Compliance with the Security Requirements of the Spanish Public Sector
Text of the presentation by Miguel A. Amutio
Implementation of vehicle ventilation system using node mcu esp8266 for remot...Conference Papers
This document summarizes an implementation of a vehicle ventilation system using a NodeMCU microcontroller as an Internet of Things platform. Temperature and rain sensors connected to the microcontroller collect data on vehicle conditions. A mobile application allows users to remotely monitor sensor readings and control vehicle accessories like windows and fans. Test results found that activating the ventilation system reduced average vehicle temperature by up to 12.4 degrees Celsius. The system provides a low-cost solution for remote monitoring of vehicle temperature.
Implementation of vehicle ventilation system using node mcu esp8266 for remot...Journal Papers
This document summarizes an implementation of a vehicle ventilation system using a NodeMCU microcontroller as an Internet of Things platform. Temperature and rain sensors connected to the microcontroller collect data on vehicle conditions. A mobile application allows users to remotely monitor sensor readings and control vehicle accessories like windows and fans. Test results found that activating the ventilation system reduced average vehicle temperature by up to 12.4 degrees Celsius. The system provides a low-cost solution for remote monitoring of vehicle temperature.
Cyber security and resilience of intelligent public transportAndrey Apuhtin
The document discusses cyber security and resilience in intelligent public transport systems. It provides an overview of intelligent public transport environments, the threats, vulnerabilities and risks they face from a cyber security perspective. It then outlines good practices for securing intelligent public transport, including technical, policy and organizational recommendations. Finally, it identifies gaps in cyber security for intelligent public transport and provides recommendations to decision makers, transport operators, and manufacturers/solution providers to help address these gaps.
Servizio Gestione Flussi Dati Energetici EdificiSUNSHINEProject
The document describes a Sensor Data Management service that was proposed as part of the Sunshine project. The service ingests energy consumption, indoor temperature, and weather data from various sources and stores it in a centralized database. It then visualizes the correlations between consumption and weather variables to help energy managers analyze building energy behavior. The service was demonstrated by analyzing consumption data from two pilot buildings in Ferrara, Italy.
S.2.g Meter and Sensor Data Management ServiceSUNSHINEProject
During the development of the SUNSHINE platform for building energy management, a Sensor Data Management Service was implemented to collect, store, and analyze various sensor data from pilot buildings. The service extends beyond traditional meter data to also manage indoor temperature, weather, and other sensor readings. It ingests data from different sources via FTP, Green Button, and WFS protocols and stores it uniformly in a PostgreSQL/PostGIS database following the Sensor Observation Service standard. Analysis of energy use data from two schools in Ferrara, Italy identified weekly and seasonal consumption patterns related to outdoor temperature variations.
The document discusses collaboration between OGC, bSI, and ISO TC 59 to jointly develop geospatial and BIM standards. It focuses initially on infrastructure design where civil engineering uses both geospatial and BIM concepts. It proposes a joint conceptual model between bSI and OGC to develop standards that are more easily integrated and avoid information loss when moving between models. The collaboration is important for solving business problems by reducing time spent converting data between standards.
S.1.b Building Energy Pre Certification ServiceSUNSHINEProject
In 2012, the Municipality of Ferrara, Italy signed up to the Covenant of Mayors to reduce greenhouse gas emissions by 25% by 2020 through increased energy efficiency and renewable energy. One action is the SUNSHINE project, which aims to implement an automatic building energy pre-certification service using open geodata to estimate building energy performance at large scale. The municipal departments were involved in modeling geodata on building energy properties. A mobile app was also created to check the accuracy of building properties like age, use, heights during on-site audits.
This document describes a research project that aims to develop a web-based system to automatically calculate and visualize large-scale energy performance maps of residential buildings in a city. The system would use existing data sources, an extended version of the TABULA/EPISCOPE project for calculating building energy parameters, and CityGML and WebGL standards for data storage and visualization. Preliminary results are presented for a service that assesses building energy performance at scale and visualizes the results in an intuitive 3D interface to help citizens, governments, and organizations analyze building energy efficiency across a city.
S.2.4 Validation Activities for Scenario 2 (case Ferrara)SUNSHINEProject
The document analyzes historical consumption and weather data from two buildings heated by district heating in Ferrara, Italy. It examines daily and seasonal profiles of consumption, temperature, and heating system usage. It also tests a heating system suggestion service that predicts optimal heating turn-on/off times using weather forecasts, evaluating its performance on past data from the two buildings. The analysis found inverse relationships between consumption and temperature as expected, and that the suggestion service accurately predicted turn-on/off times for most out-of-average temperature days.
This document describes the SUNSHINE project which aims to develop a platform and suite of services for improving energy efficiency in urban areas. It outlines 6 services the platform will provide: 1) a meter data management service, 2) a remote system management service, 3) a building efficiency pre-certification service, 4) a citizen-oriented alert and communication service, 5) a 3D web portal and apps, and 6) security and privacy enforcement. Each service has associated tasks and deliverables described in the SUNSHINE project documentation.
The document discusses a mobile application called Map4Data that was created to conduct field surveys for building typology and energy efficiency data collection. The app allows surveyors to view buildings on a map, select individual buildings, and fill out property forms with attributes like construction period, height, use, and energy refurbishment level. It sources data from existing topographic and cadastral databases but aims to verify and supplement incomplete or inaccurate records through field surveys. The document provides instructions on using the app and an example of survey progress with over 1,000 buildings surveyed over 27 hours.
This document describes a model for calculating the energy performance of buildings based on European laws and standards. It outlines the key factors considered in the model such as heating energy needs, domestic hot water needs, and how building characteristics are determined. Validation of the model requires consideration of factors like actual building age and refurbishment. The model allows users to input location data and building characteristics to simulate energy performance.
This document discusses data models for energy efficiency projects. It explains that data models are like recipes that specify ingredients and how to present them. It provides examples of ingredients like buildings data, cadastral data, and energy resources that are relevant to energy efficiency. The document also discusses standards like INSPIRE that can be used to structure this data and notes open data sources that can provide some of these ingredients. However, it acknowledges that current data coverage is incomplete and that harmonizing various data sources is needed to fully understand energy usage and effectively target efficiency projects.
This document discusses the data needed to create an energy map as part of the SUNSHINE project. Mandatory data includes 2D building footprints and attributes like a unique ID, construction period, height, elevation, and main use. Validation data from energy certifications or real consumption is also required at the building level. Optional attributes like the nature, number of units and floors, and refurbishment level can increase accuracy. The next steps will describe providing this data to the SUNSHINE platform to generate the first energy map and more details are in the technical module.
This document introduces Scenario 1 of the SUNSHINE project, which aims to estimate the heating energy needs of residential buildings at a large scale using available spatial data and building properties. It describes using software modules to model and import open geographic data, verify data completeness and correctness, compute energy needs, and visualize/simulate results. The goal is to provide tools to facilitate energy planning and monitoring. The scenario also details estimating typical building heat transmission coefficients and energy consumption based on factors like construction period, U-values, degree days, building shape, and more.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
1. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
Annex to D4.6 – Remote System Management service #2
Security Layer
WP 4 – Integration of SUNSHINE pilot smart urban services
Task 4.9 – Integration of new smart services with existing service infrastructures
Task 4.2 – Meter data management service
Task 4.3 – Remote system management service
Revision: v.1.0
Authors:
Stefano Pezzi (SGIS)
Luca Giovannini (SGIS)
2. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
Dissemination level PU (public)
Contributor(s) Stefano Pezzi (SGIS)
Reviewer(s) Federico Prandi (GRAPHITECH)
Editor(s) Raffaele De Amicis (GRAPHITECH)
Partner in charge(s) SGIS
Due date 31/03/2015
Submission Date 31/03/2015
REVISION HISTORY AND STATEMENT OF ORIGINALITY
Revision Date Author Organisation Description
0.1 26/02/2015 Stefano Pezzi SGIS Document creation
1.0 20/03/2015 Stefano Pezzi SGIS Document finalization
Statement of originality:
This deliverable contains original unpublished work except where clearly indicated otherwise.
Acknowledgement of previously published material and of the work of others has been made
through appropriate citation, quotation or both.
Moreover, this deliverable reflects only the author’s views. The European Community is not liable
for any use that might be made of the information contained herein.
3. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
Table of content
Table of content................................................................................................................................. 3
Acronyms............................................................................................................................................ 3
1 Introduction................................................................................................................................. 5
2 Authentication............................................................................................................................. 6
3 Authorization............................................................................................................................... 6
3.1 RBAC...................................................................................................................................... 6
3.2 ABAC ..................................................................................................................................... 8
3.2.1 XACML.......................................................................................................................... 10
4 Architecture............................................................................................................................... 13
4.1 Services categories.............................................................................................................. 14
4.1.1 SOAP API ...................................................................................................................... 14
4.1.2 POX API ........................................................................................................................ 14
4.1.3 RPC URI-tunneling........................................................................................................ 15
4.1.4 RESTful......................................................................................................................... 15
4.2 Type of Sunshine services................................................................................................... 15
4.3 XACML model for Sunshine’s services................................................................................ 16
4.3.1 Subject ......................................................................................................................... 16
4.3.2 Resource ...................................................................................................................... 17
4.3.3 Action........................................................................................................................... 18
4.4 Implementation .................................................................................................................. 19
4.4.1 Reverse proxy and firewall .......................................................................................... 20
4.4.2 The service proxy......................................................................................................... 20
4.4.3 XACML repository and engine ..................................................................................... 22
4.4.4 Mutual Authentication ................................................................................................ 22
4.5 Software components......................................................................................................... 23
4.5.1 OpenDJ LDAP ............................................................................................................... 23
4.5.2 WSO2 Identity Server .................................................................................................. 24
4.5.3 WSO2 Enterprise Service Bus ...................................................................................... 24
Acronyms
4. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
ABAC
Attribute Based Access Control
CSW
Catalogue Service for the Web
ESB
Enterprise Service Bus
HATEOAS
Hypermedia As The engine Of Application State
HR
Human Resource
IBAC
Identity Based Access Control
LDAP
Lightweight Directory Access Protocol
PAP
Policy Administration Point
PDP
Policy Decision Point
PEP
Policy Enforcement Point
PIP
Policy Information Point
POX
Plain Old XML
RBAC
Role Based Access Control
RPC
Remote Procedure Call
REST
REpresentational State Transfer
SSL
Secure Socket Layer
SOA
Service Oriented Architecture
SOAP
Simple Object Access Protocol
SoD
Separation of Duties
SOS
Sensor Observation Service
SPS
Sensor Planning Service
URI
Uniform Resource Identifier
WFS
Web Feature Service
WMS
Web Map Service
WSDL
Web Services Description Language
XACML
eXtensible Access Control Manipulation Language
5. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
1 Introduction
Security is a regularly desired characteristic of the interaction that happens between an
information system and a user. Talking about security, there are three concepts that must
be well understood:
Identification
Authentication
Authorization
Identification deals with stating to the system who you are by supplying your identity data,
which is a user name or a code. It’s like saying your name at the telephone when you call
someone.
Authentication is instead the way to prove that you are who you are asserting you are. The
most common way is to provide a password together with your username, that is
something that is shared between you and the system and no one else should know.
Another way to authenticate yourself is not by telling it to the system, but by presenting to
the system something that you own: a smart card, an ID card or an RSA token, for instance.
Finally, you could present to the system something that you are rather then you have: i.e.
your fingerprint or other bio-based features like the retina scan.
Authorization is what you can do with the system once it knows who you are and trusts
your identity.
The paradigm of identification-authentication-authorization applied to the IT is quite
natural to understand because it is clearly borrowed from the every-day life, even if
sometimes some of these steps are hidden or slightly altered: for example, when you
receive a phone call from a friend, you authenticate him by his voice; but when you buy
some cigarette, probably the shopkeeper doesn’t ask you your ID card because he can
recognize directly from your aspect some characteristics of your identity on which the
tobacco vending authorization is based: an automatic vending machine would have
requested your card, instead.
6. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
2 Authentication
Authentication is the validation of someone’s stated identity. To validate we need some
sort of proof, something only the use know, have or are. This is sometimes called a factor
and it can be a password, a pin code, a card (that you insert, swipe or present), a driver’s
license, your biometric profile (e.g. fingerprint) or even a combination of all three.
The proof is basically more or less a sort of “guarantee” for the system that you are in fact
the person you state you are. The word guarantee is between quotes since many of the
things that we consider as proof, like a password can sometimes easily be guessed, stolen
or handed over. The quality of the proof depends on the inalienability, in this case meaning
how easy it is for others to use (e.g. impossible to take away or give up).
3 Authorization
The most widespread authorization model in IT world is the RBAC, Role Based Access
Control, but it is also a static and old-fashioned model that is not fitting anymore the
growing needs of new software architectures based on services, cloud and new type of
clients.
3.1 RBAC
Role-based access control is an approach used to restrict access to authenticated users
based on their role rather than on their identity. It is the first attempt to overpass the access
control lists, a rudimentary mechanism for authorization were each user was assigned to
one or more lists with the enabled user for the different functionalities of a system (IBAC
security model). Roles decoupled the concept of identity from that of authorization: a user
was enabled to functionality because of his/her role and not because of being someone.
In RBAC user assignment and permission assignment can be done separately and
independently, and this is very important because this separation reflects the reality of
7. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
organizations. More over RBAC implements the principle of separation of duties1, with the
possibility of enforcing rules that prevent the association of a user to roles that create
conflict of interest2.
It is used by the majority of enterprises with more than 500 users. As said before, with the
coming of SOA architecture, RBAC has shown the limitations of this schema, in particular:
RBAC does not know the concept of context. If someone has a role, then he will get the
permissions associated with that role. There is no restriction in place based on the
concept of context. A context could be the channel used (internet, LAN), time of day,
legal entity, the user agent (browser, mobile phone) etc. An account using a wireless
home PC might not deserve the same permissions as the same account in an office
using a centrally managed workplace. But such a concept does not exist in RBAC terms
(unless you define lots of extra roles: developers working at home, developers working
in the office...but what if developer works usually at the company’s premises and
seldom from home?).
A big issue (but that is not specifically related to SOA) is that there is no possibility for
a fine user profiling. An example is authorization based on the skills of an employee
instead of the single fact that the user is connected to a role. RBAC doesn’t know the
difference between junior or senior employees within the same role, unless you define
separate roles. And creating almost duplicated roles is not the right way to implement
RBAC.
In RBAC to define authorizations you still have to manage every user account and bind
these accounts to roles. Unknown accounts can only be linked to a default role, like
guest or customer. But users coming in through the internet channel are not only guests
or customers, but they can also be employees, partners, external service providers, you
name it. There may be plenty accounts you don't want to manage, because they don’t
belong to your security domain. Unless you manage different portals for different roles
and have some form of identity management within each portal environment, RBAC is
of no use. Federation could be a solution, but that only limits interaction possibilities
to trusted partners you federate with. Besides, most federation solutions use shadow
1
Separation or segregation of duties (SoD) is a general security concept (that can be applied to Information
Technology as well) that states the need of having more than one person to accomplish a single task in
order to prevent possible abuses, errors and fraudulent behaviors.
2
A user, for instance, can’t be associated to a “purchasing” role and to an “approving” role at the same
time and RBAC helps in defining roles that are mutually exclusive.
8. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
accounts within the security domains, thereby creating a new identity management
problem because of all duplications.
3.2 ABAC
ABAC, Attributes Based Access Control, is a "next generation" authorization model that
provides a dynamic, context-aware and fine-grained solution. Today’s systems are complex
and various and roles are no longer sufficient for dealing with such a complexity unless
producing a plethora of roles that makes the system impossible to be managed. Whilst
RBAC is based on a single-dimensional3 characterization of the authorized entities into
roles, ABAC introduces a multidimensional categorization where dimensions can be added
with no limits.
Attributes are characteristics of the three main entities involved in the security mechanism:
subject attributes
resource attributes
action attributes
A fourth group of attributes comes from the “environment” in which the access request
was done.
The subject is the user requesting the access to an information asset. Among the attributes
that describe a subject are the user name or id (this brings back IBAC model to ABAC) and
role of the user (and this brings back RBAC model too). These attributes usually are stored
in the LDAP directory or in HR management system.
The resource is the information asset on which the user wants to do something. The type
of resource can be very different depending on which information system we are talking
about.
A sensor can be a resource in the case of Sunshine’s platform and an example of a
resource’s attribute can be the pilot that owns the sensor. If the subject’s attributes can be
quite standard and furthermore they are retrieved from standard containers, resources’
attributes strongly depend on the application context.
The action is what the user wants to perform. Common actions’ attributes are the
read/write type of action because this characteristic is shared by almost every information
system, but in Sunshine’s context we can make a more detailed modelization, in particular
for the OGC services that are characterized by well-known operations.
3
Actually RBAC has evolved introducing few more dimensions.
9. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
The environment is the context in which an access request is made and common attributes
are the time in which the request happens or the location of the requestor in that moment,
the type of device that is being used, the level of protection of the channel or protocol
used, etc.
These are the input parameters used by the ABAC model, but the proper authorization is
expressed by means of a rule or, better, by a policy that is a set of rules. That’s why this
model sometimes is called ruled-based or policy-based access control.
The rules are stored in a repository and are processed by a rule engine that takes as input
the so-called request context.
Figure 1 - Basic concepts of ABAC4
Most of the advantages of ABAC reside among the disadvantages of RBAC, but not only
and here we have listed some of them even from the theoretical point of view:
fine grained authorization
minimum information usage; authorization decision can be made only on
strictly necessary attributes, avoiding the unveiling of other details that
potentially could be used for incorrect actions; the needed attributes can be
calculated ad hoc (i.e. to apply an authorization rule based on the age of the user,
it could be enough to know if the user is over or under 18 y, and not to know
exactly his/her birthday);
4
Source: www.axiomatics.com
10. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
3.2.1 XACML
XACML is an OASIS’ standard that was first ratified in 2003 (v.1.0) and last reviewed in January
2013 (v.3.0). It specifies an XML coding for implementing an ABAC authorization model. This
means that XACML responds to a long list of requirements where the most important are shown
below:
1. provide a method to encode rules and policies and their combinations;
2. provide a method to encode a decision request/response.
3. provide a data flow model for the authorization process that represents its reference
architecture.
A high level sketch of the XACML ecosystem is drawn in Figure 2 which shows on the right side the
role of the main components5
that appears as boxes on the left one. The user icons represent the
entity asking for the access to the resource (the document icon) and the administrator of the
authorization policies.
Figure 2 - The XACML ecosystem6
The full data flow diagram is shown in Figure 3. To understand it, it’s worth introducing some
XACML jargon7
:
5
The PRP was mentioned in the first versions of the standards and even though in the latest is not present
anymore, merged into the PDP.
6
Source: www.axiomatics.com
7
XACML terms are not always the same used in “ISO/IEC 10181-3 – Open System Interconnection- Security
framework for open systems: Access control framework – Part 3”, but they have a clear correspondence.
11. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
PAP (Policy Administration Point): The system component that creates a policy or a policy set.
Usually, it is implemented with a repository and a GUI that offers functionalities
to create a policy in an assisted way, test it, insert it into the repository, activate
or deactivate it and generally manage a store that can become very dense of
rules.
PDP (Policy Decision Point) The system component that evaluates applicable policy and renders
an authorization decision.
PEP (Policy Enforcement Point) The system component that performs access control, by making
decision requests and enforcing authorization decisions.
PIP (Policy Information Point) It is a component that is able to look for any attribute the context
handler needs to let the PDP evaluate the policies. Therefore it is a general
source of attributes and can be implemented by standard or custom the
software. An example of PIP can be even a LDAP where is possible to retrieve all
the attributes related to the subject.
resource The device or data element for which the access is required.
policy A set of rules that define a single access-control strategy for a resource.
context handler The component that produce a XACML encoded access request starting from the
native request (decision request). It handles also the response of the PDP
eventually transforming it into the canonical XACML response format from a
native one. It interacts with PIP to retrieve the attributes needed by the PDP.
obligation It is not the main answer of the PDP about the access request, but a directive to
the PEP that must be processed before or after the access being approved. An
example can be the sending of a notification to the resource’s owner that is
being accessed (in case of the allow option) or the logging of the unauthorized
request (when the evaluation of the request brings to a deny).
attribute A generic characteristic of the resource or the subject or the action or, finally of
the environment.
The Security Framework defines the basic concepts of access control and the abstract specification of an
open security mechanism.
12. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
3.2.1.1 Data flow model
Figure 3 - XACML data flow8
The model operates by the following steps.
1. PAPs write policies and policy sets and make them available to the PDP. These policies or
policy sets represent the complete policy for a specified target.
2. The access requester sends a request for access to the PEP.
3. The PEP sends the request for access to the context handler in its native request format,
optionally including attributes of the subjects, resource, action, environment and other
categories.
4. The context handler constructs an XACML request context, optionally adds attributes, and
sends it to the PDP.
8
source: http://docs.oasis-open.org/
13. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
5. The PDP requests any additional subject, resource, action, environment and other categories
(not shown) attributes from the context handler.
6. The context handler requests the attributes from a PIP.
7. The PIP obtains the requested attributes.
8. The PIP returns the requested attributes to the context handler.
9. Optionally, the context handler includes the resource in the context.
10. The context handler sends the requested attributes and (optionally) the resource to the PDP.
The PDP evaluates the policy.
11. The PDP returns the response context (including the authorization decision) to the context
handler.
12. The context handler translates the response context to the native response format of the
PEP. The context handler returns the response to the PEP.
13. The PEP fulfils the obligations.
14. (Not shown) If access is permitted, then the PEP permits access to the resource; otherwise, it
denies access.
This is the complete data flow with all the optional variants.
3.2.1.2 Sunshine’s flow model
In Sunshine context some aspects of the general flow are not implemented because in this
context not necessary. Some of these peculiarities are listed below:
1. PIP is not implemented as a real separated component and all the attributes are retrieved by
the context handler or by some custom classes that the context handler can execute.
2. Context handler and PDP actually overlap.
3. There’s no necessity of using obligations, so the PDP response will be always a simple allow or
deny.
In the next chapter the Sunshine architecture will be described in details.
4 Architecture
The Sunshine’s platform architecture is service oriented and, moreover, we have different kind of
services that are exposed by the system.
Services are used by the Sunshine’s client application, but are available for others applications
too.
In this context services must be secured and an authentication service must be made available to
client applications. The authentication service must also be equipped with auxiliary services in
order to let the users manage their own accounts (change password, change user’s details,
manage password expiration).
14. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
4.1 Services categories
HTTP-based APIs are growing more and more, and Sunshine’s platform is a good example of their
intensive utilization. By now, the basis of comparison for the various type of APIs are RESTful
services, but a quite subjective definition of the typology of the services makes easily the use of
terms like “almost RESTful”, “quite RESTful” and so on. Therefore we wish to introduce a clear
classification in order to avoid miscomprehensions. This classification takes the RESTful features
as parameters of evaluation, that is:
1. Clear identification of the resources. Instead of talking to a single endpoint, clients make
request to the targeted resources.
2. Management of the resources by means of HTTP verbs. HTTP offers several methods,
some safe and some that can change the status of the targeted resource. RESTful services
use these verbs in the most coherent manner, at least for the CRUD operations: i.e. GET
for read operations, POST for insert ones, DELETE for deletions and PUT for modifications.
3. Self-descriptive messages (stateless and use of HTTP headers)
4. Hypermedia controls (HATEOAS): response messages contain links that tell the client what
it can do with the resource in that particular status. This is a particular useful feature that
decouples the client from the URI scheme used by the server: actions can be added or
changed.
4.1.1 SOAP API
This kind of services is not RESTful at all. No resources are identified by URIs, but only the service
endpoint has one. Operations are not mapped into HTTP verbs, but are contained inside the SOAP
body. Messages are not understandable by relaying parties. The interface is described by a
specific document WSDL and HTTP is used just as (one of the possible) transport.
4.1.2 POX API
These are services that exchange messages encoded in XML, but not wrapped inside a SOAP
envelope or other messaging protocol like AtomPub.
Apparently more simpler then SOAP, actually transfers to the application the tasks carried
out by the infrastructure components.
For the REST features, they have the same score of SOAP APIs.
15. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
4.1.3 RPC URI-tunneling
These types of APIs expose resources, but the operations are tunnelled through action
parameters inside the URIs: in particular write/delete operation can be tunnelled through safe
HTTP operation like GET. Often this category is referred to as a “KVP encoded GET request”.
4.1.4 RESTful
RESTful APIs should satisfy each level depicted in §4.1, but normally the HATEOAS level is the less
implemented and its specification still have some gaps (no hints on the verbs that have to be used
with suggested URIs, not clear URI qualification relationships …). So in this context we use the
RESTful (Level2) notation to denote APIs that satisfy all RESTful constraints but the last.
4.2 Type of Sunshine services
All OGC APIs can be classified as RPC RI-tunneling APIs as they use GET and POST HTTP methods
regardless the safeness of the operations requested (an SOS’ GetCapabilities can be requested
through a POST even if it is indeed a safe operation).
When using GET method, resources can be seen as part of the URIs even if when using POST they
are completely hidden inside its XML payload and in such sense OGC services are more similar to
POX APIs.
Moreover OWS services implementation often
RESTful
(Level2)
RESTful
(Level 3)
SOAP POX RPC URI-
tunneling
OGC WMS X X
OGC WFS X X X
OGC SOS X X X
OGC SPS X X X
OGC CSW X X X
grouping X
scheduling X
GB ThirdParty X
Table 1 - List of Sunshine's services
The importance of satisfy or not RESTful principles is related to the easiness of defining rules for
the evaluating authorization and of developing software that compose the XACML context. In
fact, when compliance to RESTful specifications is guaranteed, retrieving resources (explicitly part
of the URI) and understanding if a request is safe or unsafe (simply looking at the HTTP verb) is
very simple. Moreover the characteristic of the messages of being self-explaining and
16. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
understandable by intermediate parties (like secure layer components) allows a pluggable secure
architecture.
Of course, seen other types of APIs can be secured, but the relaying parts must look inside
messages and have the specific knowledge of the service to deduce the resources involved and
the actions: without understanding what is doing a POST of RESTful API to a certain resource, I
can classify this operation as unsafe and adequately protect it, while a GetObservation sent with a
POST of the encoded XML request must be parsed to be identified like a safe operation.
4.3 XACML model for Sunshine’s services
In order to apply the XACML authorization mechanism to the Sunshine’s platform, we did an
analysis of which attributes were needed to base the authorization decision on. In this analysis
base on the use cases, the environment is not involved, while the other entities are (subject,
resource, action).
We also focused on the opportunity of creating an abstraction-layer that insulates the policy-
writer from the details of the application domain. To achieve this goal, that is also one of the
requirements of the XACML specifications, in the case of OGC services, we have defined the
resources and the actions (and the relative attributes) strictly following the OGC information
model (ORM, OGC Reference Model).
For the RESTful services, for the actions we naturally borrowed the different HTTP verbs in which
these services express themselves.
4.3.1 Subject
For the subject, besides the standard attributes that are used in the LDAP’s inetOrgPerson Object
Class (the most general and widespread object class that holds attributes about people) like:
givenname
sn
mail
uid
user
password9
we defined other properties by means of a subsidiary class with these attributes:
Class: project, external
Category: reviewer, tech partner, pilot
Typology: administrator, manager, reader
Pilot: Trento, Rovereto, Zagreb, …
9
Password is a special kind of attribute that you can never get from a LDAP server.
17. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
Partner: Sinergis, Graphitec, Hepesco, …
4.3.2 Resource
Resources depends on the type of service: for OGC services we started from the information
model that is at the fundament of the OGC specifications and for the RESTful services we had to
consider the specific domain that is faced by the single service. As the concept of resource is tight
with that of RESTful service, this is quite a trivial process to do.
4.3.2.1 OGC Services
For OGC services resources are shown in the following table:
Type of OGC service correlated resource workspace codespace
WMS Layer (list of pilots’
code)
n/a
WFS FeatureType (list of pilots’
code)
n/a
SOS Procedure n/a n/a
FeatureOfInterest n/a (list of pilots’
code)
Offering n/a n/a
Observation n/a (list of pilots’
code)
SPS
We also define an attribute called “workspace” that is not really defined by the ORM model (it’s
the qualifier of the full qualified name of the Layer or the FeatureType); this applies only to WMS
and WFS services, while for SOS service there is a similar concept that is used only for Observation
and for Feature of Interest. Note that the range of these two similar attributes is not properly the
same, but they can be correlated to each other.
4.3.2.2 RESTful Services
Type of RESTful service related managed resource
grouping Group
Device
scheduling
18. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
4.3.3 Action
Actions are kept as general as possible, in order to fulfil the goal of an abstraction layer: for
RESTful services this is well accomplished because we use the generic HTTP verb, but for OGC
services we use the service’s operations. However this can be considered sufficiently general as
we are talking about standard services.
4.3.3.1 OGC Services
The actions defined for OGC services correspond to the operations offered by the services. The
attributes related to all kind of OGC services are:
service (WFS, CSW, WMS …)
operation (GetCapabilities, GetMap …)
version
type (read, write)
Those that depend on the type of service are:
SOS/GetCapabilities
o section (ServiceIdentification, ServiceProvider, OperationsMetadata, Contents)
service operation version type
WMS GetCapabilities 1.1.0, 1.3.0 read
WMS GetMap read
WMS GetFeatureInfo read
WFS GetCapabilities read
WFS GetFeatures read
WFS DescribeFeatureType read
WFS Transaction write
CSW GetRecordById 2.0.2 read
CSW GetRecords 2.0.2 read
SOS GetCapabilities 2.0 read
SOS DescribeSensor 2.0 read
SOS GetObservations 2.0 read
SOS InsertObservation 2.0 write
SOS GetResultTemplate 2.0 read
SOS InsertResultTemplate 2.0 write
SPS write
Table 2 - Attributes extracted for OGC services actions
19. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
4.3.3.2 RESTful Services
For RESTful services the actions overlaps completely with the HTTP verbs that the service may
use, that is:
GET
POST
PUT
DELETE
We do not include those verbs like PATCH or HEAD that are not used by the large part of RESTful
service and aren’t used at all by the Sunshine’s services.
For these services we do no advise the need of defining any attributes, but we think that the
action itself is enough in order to define the access decision.
4.4 Implementation
To implement the security layer and in particular to put in place the XACML model, we did
introduce in the system architecture three open source software components that play the
following roles:
user directory
XACML repository and engine (PAP &PDP)
service proxy (PEP)
20. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
Figure 4 - High level security layer architecture
In the diagram of Figure 4 all service interfaces (secured or unsecured, inside or outside) are
exposed by means of an SSL protocol and configured in such a way that is not possible to bypass
the security policy. In other words, even from inside the LAN you can’t call directly the back-end
services (that would be unsecured) because the service proxy server and the back-end service
server are mutually authenticated.
4.4.1 Reverse proxy and firewall
The backend services are all installed in the private network behind a firewall and they are
exposed on the internet via a reverse proxy. To be precise, the reverse proxy forwards the
request not directly to the backend services, but to the ESB that acts like a further proxy and have
the request make another hop before reaching the real service provider.
The reverse proxy is implemented with the specific configuration directive for the Apache web
server that creates an additional security layer albeit rather weak.
The reverse proxy also delivers TLS encryption for secure communication, supporting HTTPS
protocol for almost all services. However this feature is not exploited as a single point in which
concentrate the TLS encryption for several hosts, because also many of the outbound request
towards to backend services are encrypted, especially those forwarded to the ESB.
4.4.2 The service proxy
In respect to the theoretical XACML data flow, in Sunshine’s architecture the PEP’s role is played
by WSO2 Enterprise Service Bus.
21. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
As every Service Bus does, WSO2 ESB offers a great variety of features, but in this context we take
advantage of few of them, in particular the routing and the mediation functionalities and the
support to a generic authorization mechanism. Routing is the capacity of directing the incoming
request messages throughout various units of processing that are hosted by the ESB and that can
be assembled into sequences of elaborations and/or to an external end-point. Mediation is all
kind of processing that happens to the message between the client that issued the request and
the final back-end service provider.
Figure 5 - Role of WSO2 ESB
Generally speaking, an ESB can act like a proxy for a back-end service and usually, before passing
the incoming request to the final executor, some other steps can be applied. This is the mediation
feature that in WSO2 jargon is implemented by defining a mediation sequence (or simply
sequence), that is a list of mediators that are executed in order. A mediator is a unit of
processing that acts on a message that has entered the service bus, doing whatever the developer
wants. Various kinds of mediators are already available in WSO2 ESB and you have only to
configure their specific parameters in order to use them. A special type of mediator is the
Entitlement Mediator that intercepts requests and evaluates the actions performed by the user
against an XACML policy. This mediator is able to produce an XACML request context to be sent
to a PDP that will respond with a permit/deny answer and that the mediator will enforce in
respect to the client access request.
22. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
Besides telling the Entitlement mediator which XACML policies evaluator is to be contacted, you
must instruct by telling it:
which sequence execute in the “permit” scenario;
which sequence to execute in the “deny” scenario.
For the sake of completeness, the XACML authorization response is not exactly of the on/off type:
in XACML there is also the possibility to receive an obligation or advice from the PDP that is an
additional action to be executed before or after an access is permitted. Consequently the
mediator can be instructed with a sequence to be executed synchronously that elaborates the
obligations and that returns a further consent/deny to be considered for the final access
authorization.
The Entitlement Mediator is capable of extracting standard attributes from the incoming message
to create a XACML request context, but since we need custom attribute we had to use an
extension hook given by WSO2 ESB. In fact, it is possible write a custom java class that is used
instead of the default implementation to extract the attributes to enable the policy evaluation.
4.4.3 XACML repository and engine
Another important component of the architecture is the PDP that receives the XACML context
request from the Entitlement Mediator. Although WSO2 ESB support a standard protocol to
communicate with a PDP (WS-XACML, Web Service Profile for XACML) it is not widely accepted
and so, even though in theory we could choose another vendor component for playing the PDP
role, our choice fell on WSO2 Identity Server (WSO2 IS). Doing so, we configured the
communication to happen via a proprietary protocol (Thrift API).
WSO2 IS is a complete identity server that offers different kind of features and XACML support is
just one of these. In the Sunshine’s context we use it just playing this role, that is, as a PDP, but
also as PAP. WSO2 IS offers a GUI for creating in an assisted way rules and policies and then
storing them in a repository.
4.4.4 Mutual Authentication
To complete the securization of the architecture, the potential gap of security that regards the
communication between the ESB and the backend services, is covered with mutual authentication
of the servers or better certificate-based mutual authentication or two-way authentication.
This technique allows each of the two servers involved to be sure of other’s identity even if they
resides in the same internal LAN. In this configuration the connection between ESB and back-end
server only if the client (ESB) trusts the server’s digital certificate and the server (the application
server where the back-end services are deployed) trusts the client’s certificate. The exchange of
certificates is carried out by means of TLS and the certificates are located in their respective
keystores.
23. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
In Figure 6 the dialogue that is established between the two parts is described: in our case the
only difference is that no certificate authority is involved in the passages, but the certificates are
self-signed ones and are checked against their trust stores.
Figure 6 - Mutual TLS authentication
4.5 Software components
4.5.1 OpenDJ LDAP
OpenDJ is a fork of former project, OpenDS, and has similar roots as the Oracle Unified Directory,
as it was inherited from Sun Microsystems.
OpenDJ is an LDAP directory server written completely in Java. All modules are 100% Java based
and require at least Java 6. OpenJDK 8 compatible. This software is released under the CDDL
license and it has good documentation and worldwide commercial support.
24. WP4 – Integration of SUNSHINE pilot smart urban services
D4.6 Remote System Management service #2
CIP-ICT-PSP-2012-6 – 325161
"This project is partially funded under the ICT Policy Support Programme (ICT PSP) as part of the
Competitiveness and Innovation Framework Programme by the European Community"
(http://ec.europa.eu/ict_psp).
4.5.2 WSO2 Identity Server
WSO2 Identity Server provides sophisticated security and identity management of enterprise web
applications, services, and APIs. Identity Server acts as an Enterprise Identity Bus able to manage
identities over systems and networks, both locally and in the cloud.
WSO2 Server IS, has nine steps about its process flow:
1. The service provider sends an authentication request to the identity server.
2. The inbound authentication components forwards to message to the authentication
framework after the processing it.
3. The authentication framework sends it to the local authenticator component and/or
the federated authenticator component.
4. If federated authenticators are use the request is sent to the external applications.
5. The local authenticators and federated authenticators sent a response back to the
authentication framework.
6. If there are any provisioning requests the response is sent to provisioning framework.
7. The user store is updated based on the provisioning request.
8. The response is sent back to the inbound authentication component.
9. And finally the response is sent back to the service provider.
Below there are some features which WSO2 IS provides: System and User Identity Management,
User and Groups Provisioning, User and Groups Management, Entitlements Management and
XACML 2.0/3.0 Support.
4.5.3 WSO2 Enterprise Service Bus
An enterprise service bus (ESB) is a software architecture construct that enables communication
among various applications. The advantage is that instead of having to make each of your
applications communicate directly with each other in all their various formats, each application
simply communicates with the ESB, which handles transforming and routing the messages to their
appropriate destinations. WSO2 ESB is 100% open source and is released under Apache Software
License Version 2.0, one of the most business-friendly licenses available today. . Using WSO2 ESB
you can perform filtering, transforming, and routing SOAP, binary, plain XML, and text messages
that pass through systems by HTTP, HTTPS, mail, etc.