SlideShare a Scribd company logo

COBWEB Authentication Workshop

Download as PPT, PDF
EDINA, University of Edinburgh
EDINA, University of Edinburgh

The document summarizes a workshop on applying federated authentication standards like SAML to the GEOSS system. It introduces the COBWEB project and its goals of integrating crowdsourced environmental data. The workshop covered previous work using SAML, related work in GEOSS, and COBWEB's initial plans to pilot federated authentication for accessing data from multiple sources. Attendees were encouraged to participate in future COBWEB authentication activities.

Related slideshows

Who is doing what, and how do we know? [PEPRS]
Who is doing what, and how do we know? [PEPRS]Who is doing what, and how do we know? [PEPRS]
Who is doing what, and how do we know? [PEPRS]
 
Engaging researchers in RDM & Open Data at Edinburgh University
Engaging researchers in RDM & Open Data at Edinburgh UniversityEngaging researchers in RDM & Open Data at Edinburgh University
Engaging researchers in RDM & Open Data at Edinburgh University
 
6th COBWEB Consortium Meeting
6th COBWEB Consortium Meeting6th COBWEB Consortium Meeting
6th COBWEB Consortium Meeting
 
1 of 23
COBWEB Authentication Workshop Weds 21st Nov, 2012, GEO-IX Plenary, Foz do Iguaçu, Brazil. Chris Higgins, Andreas Matheus, Project Coordinator, Technical Coordinator, EDINA National Data Centre, Secure Dimensions GmbH. University of Edinburgh. am@secure-dimensions.de chris.higgins@ed.ac.uk
Welcome and objectives of the workshop
COBWEB consortium objectives • Stakeholder engagement – First time project at a GEOSS meeting – Have we understood the authentication issues? • Guaging interest in our plans – Help with prioritising • Seeking expressions of interest in working with us • Sanity checking • Is the direction of travel right? • Architecture Implementation Pilot – 6 coming…
Audience objectives • “how access management federation technology, principally the OASIS standard Security Assertion Markup Language (SAML), may be applied in a GEOSS context” • Opportunity to engage in some discussion with people who have been working in this area for a while • COBWEB might assist in getting some of your R&D requirements met…
Schedule 1 1000- Welcome and objectives 1010 2 1010- Quick introduction to COBWEB 1020 3 1020- Previous Access Management Federation work 1040 by this team 4 1040- Previous related work GEOSS 1110 5 1110- Initial COBWEB plans and discussion 1130 6 1130- Possible future COBWEB activities and 1150 discussion 7 1150- Wrap-up 1200
Why put effort into federated access control? • Authentication is the process of verifying that claims made concerning a subject, eg, identity, who is attempting to access a resource are true, ie, authentic • Frequently, SDI content and service providers need to know who is accessing their valuable, secure, protected, etc, data • The ability for a group of organisations with common objectives, ie, a federation, to securely exchange authentication information is a powerful SDI enabler • Even more so if removing some of the barriers to interoperability…
Federation Service Providers SP SP SP IdP IdP Identity Providers Organisations SP SP Coordinating Centre IdP SP SP SP Authenticates here Users SP SP SP IdP SP IdP SP SP
Quick introduction to COBWEB
Introduction to COBWEB • Project started 1st Nov, 2012 and will run for 4 yrs • Funded under the European Commission’s Framework Programme 7 (Grant No: 308513) • Crowdsourced environmental data • Introduce quality measures and reduce uncertainty • Fusion of crowdsourced data with reference data… • Spatial Data Infrastructure - like initiatives – National SDI’s in UK, Greece and Germany – INSPIRE – GEOSS
Project Partners University of Edinburgh UK (Scotland) University of Nottingham UK (England) Aberystwyth University UK (Wales) Welsh Assembly Government UK (Wales) Environment Systems Limited UK (Wales) Ecodyfi UK (Wales) Open Geospatial Consortium (Europe) Limited UK University College Dublin Ireland Technische Universitaet Dresden Germany Secure Dimensions GmbH Germany University of Western Greece Greece OIKOM – Environmental Studies Ltd Greece GeoCat BV Netherlands
Essential context - GEOSS • COBWEB is obliged to work within GEOSS framework • common methodologies and standards for data archiving, discovery and access • Section on collaboration with GEOSS and FP7-ENV-2012 cluster projects added to project description • “Data collected should be made available through the GEOSS without any restrictions”
Whats all this got to do with AuthN? • “…addressing questions of privacy…” • COBWEB about environmental, not personal data • Some kinds of protected data that may be encountered during the project: • Personal information, eg, expert or novice observer • Location protected species • Reference data from European National Mapping and Cadastral Agencies • Conflated data
FP7-ENV-2012 observatories Name Lead Topic CITI-SENSE Nilu (Norway) Air quality WeSenseIt University of Water Sheffield (UK) Management Citclops Barcelona Digital Coast and ocean Centre Tecnològic optical (Spain) monitoring Omniscientis Spacebel Odour (Belgium) monitoring COBWEB UEDIN (UK) Various
Essential context - WNBR • UNESCO Man and Biosphere Programmes (MAB) World Network of Biosphere Reserves – Sites of excellence to foster harmonious integration of people and nature for sustainable development through participation, knowledge sharing, poverty reduction and human well-being improvements, cultural values and society's ability to cope with change, thus contributing to the Millennium Development Goals • 610 reserves in 117 countries
Not the World Naked Bike Ride
Previous Security Assertion Markup Language (SAML) work by this team
Previous related work GEOSS
Initial COBWEB plans and discussion
Possible future COBWEB activities and discussion
Separation of concerns Layer Appl. Applications Service Bus Authorisation Layers eCommerce RM electronic licence negotiation Access Management Federation Service Layer View Download Transf. InvokeSD Registry Service Discovery Service Service Service Service Service Layer Data Service Data Set Spatial Data Sets Registers Metadata Metadata INSPIRE Annex Thematic DS Framework for harmonized DS
Other possibilities • Service chaining. More advanced architecture patterns • Inter-federation interoperability – different scales – different countries – different sectors
Wrap-up
Conclusions • We want to pilot Access Management Federation (AMF) technology within GEOSS – We strongly recommend building on existing infrastructure, eg, existing AMFs • Is your organisation interested in participating or knowing more? • If so, contact either of the following or find us at the COBWEB stand here at GEO-IX: chris.higgins@ed.ac.uk andreas.matheus@secure-dimensions.de

More Related Content

COBWEB Authentication Workshop

  • 1. COBWEB Authentication Workshop Weds 21st Nov, 2012, GEO-IX Plenary, Foz do Iguaçu, Brazil. Chris Higgins, Andreas Matheus, Project Coordinator, Technical Coordinator, EDINA National Data Centre, Secure Dimensions GmbH. University of Edinburgh. am@secure-dimensions.de chris.higgins@ed.ac.uk
  • 2. Welcome and objectives of the workshop
  • 3. COBWEB consortium objectives • Stakeholder engagement – First time project at a GEOSS meeting – Have we understood the authentication issues? • Guaging interest in our plans – Help with prioritising • Seeking expressions of interest in working with us • Sanity checking • Is the direction of travel right? • Architecture Implementation Pilot – 6 coming…
  • 4. Audience objectives • “how access management federation technology, principally the OASIS standard Security Assertion Markup Language (SAML), may be applied in a GEOSS context” • Opportunity to engage in some discussion with people who have been working in this area for a while • COBWEB might assist in getting some of your R&D requirements met…
  • 5. Schedule 1 1000- Welcome and objectives 1010 2 1010- Quick introduction to COBWEB 1020 3 1020- Previous Access Management Federation work 1040 by this team 4 1040- Previous related work GEOSS 1110 5 1110- Initial COBWEB plans and discussion 1130 6 1130- Possible future COBWEB activities and 1150 discussion 7 1150- Wrap-up 1200
  • 6. Why put effort into federated access control? • Authentication is the process of verifying that claims made concerning a subject, eg, identity, who is attempting to access a resource are true, ie, authentic • Frequently, SDI content and service providers need to know who is accessing their valuable, secure, protected, etc, data • The ability for a group of organisations with common objectives, ie, a federation, to securely exchange authentication information is a powerful SDI enabler • Even more so if removing some of the barriers to interoperability…
  • 7. Federation Service Providers SP SP SP IdP IdP Identity Providers Organisations SP SP Coordinating Centre IdP SP SP SP Authenticates here Users SP SP SP IdP SP IdP SP SP
  • 9. Introduction to COBWEB • Project started 1st Nov, 2012 and will run for 4 yrs • Funded under the European Commission’s Framework Programme 7 (Grant No: 308513) • Crowdsourced environmental data • Introduce quality measures and reduce uncertainty • Fusion of crowdsourced data with reference data… • Spatial Data Infrastructure - like initiatives – National SDI’s in UK, Greece and Germany – INSPIRE – GEOSS
  • 10. Project Partners University of Edinburgh UK (Scotland) University of Nottingham UK (England) Aberystwyth University UK (Wales) Welsh Assembly Government UK (Wales) Environment Systems Limited UK (Wales) Ecodyfi UK (Wales) Open Geospatial Consortium (Europe) Limited UK University College Dublin Ireland Technische Universitaet Dresden Germany Secure Dimensions GmbH Germany University of Western Greece Greece OIKOM – Environmental Studies Ltd Greece GeoCat BV Netherlands
  • 11. Essential context - GEOSS • COBWEB is obliged to work within GEOSS framework • common methodologies and standards for data archiving, discovery and access • Section on collaboration with GEOSS and FP7-ENV-2012 cluster projects added to project description • “Data collected should be made available through the GEOSS without any restrictions”
  • 12. Whats all this got to do with AuthN? • “…addressing questions of privacy…” • COBWEB about environmental, not personal data • Some kinds of protected data that may be encountered during the project: • Personal information, eg, expert or novice observer • Location protected species • Reference data from European National Mapping and Cadastral Agencies • Conflated data
  • 13. FP7-ENV-2012 observatories Name Lead Topic CITI-SENSE Nilu (Norway) Air quality WeSenseIt University of Water Sheffield (UK) Management Citclops Barcelona Digital Coast and ocean Centre Tecnològic optical (Spain) monitoring Omniscientis Spacebel Odour (Belgium) monitoring COBWEB UEDIN (UK) Various
  • 14. Essential context - WNBR • UNESCO Man and Biosphere Programmes (MAB) World Network of Biosphere Reserves – Sites of excellence to foster harmonious integration of people and nature for sustainable development through participation, knowledge sharing, poverty reduction and human well-being improvements, cultural values and society's ability to cope with change, thus contributing to the Millennium Development Goals • 610 reserves in 117 countries
  • 15. Not the World Naked Bike Ride
  • 16. Previous Security Assertion Markup Language (SAML) work by this team
  • 18. Initial COBWEB plans and discussion
  • 19. Possible future COBWEB activities and discussion
  • 20. Separation of concerns Layer Appl. Applications Service Bus Authorisation Layers eCommerce RM electronic licence negotiation Access Management Federation Service Layer View Download Transf. InvokeSD Registry Service Discovery Service Service Service Service Service Layer Data Service Data Set Spatial Data Sets Registers Metadata Metadata INSPIRE Annex Thematic DS Framework for harmonized DS
  • 21. Other possibilities • Service chaining. More advanced architecture patterns • Inter-federation interoperability – different scales – different countries – different sectors
  • 23. Conclusions • We want to pilot Access Management Federation (AMF) technology within GEOSS – We strongly recommend building on existing infrastructure, eg, existing AMFs • Is your organisation interested in participating or knowing more? • If so, contact either of the following or find us at the COBWEB stand here at GEO-IX: chris.higgins@ed.ac.uk andreas.matheus@secure-dimensions.de

Editor's Notes

  1. Always speculative: Might just want to find out what authentication is about and why it important
  2. Not just SDI, many kinds of information infrastructure require access control Typically, authentication is a pre-requisite. Some use cases where you don’t, eg, public Barriers to interoperability include; cost, vendor lock-in, lack of a support community, not standards based, etc Return later to those last points
  3. This diagram adapted from the Switch website Single Sign On
  4. And we know that GEOSS has some outstanding issues in this area
  5. Still an unknown and will meet with Martin Price in Dec? Relationship with GEOSS? Ask if anyone knows of any history here. Don’t want to reinvent the wheel
  6. Don’t want to reinvent the wheel!
  7. G2C, G2B use cases