AAA (All Aviation Abbreviations) AAA · AAA (All Aviation Abbreviations)
AAA-architecture for INSPIRE Standards & technologies
description
Transcript of AAA-architecture for INSPIRE Standards & technologies
![Page 1: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/1.jpg)
www.jrc.ec.europa.eu
Serving societyStimulating innovationSupporting legislation
Danny Vandenbroucke & Ann CrabbéKU Leuven (SADL)
AAA-architecture for INSPIREStandards & technologies
![Page 2: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/2.jpg)
Outline• Background & context
• Defining AAA and AMF
• Overview of relevant standards
• Overview of technologies
• AMF: how it works ...
![Page 3: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/3.jpg)
Outline• Background & context
• Defining AAA and AMF
• Overview of relevant standards
• Overview of technologies
• AMF: how it works ...
![Page 4: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/4.jpg)
Background and context
• INSPIRE Directive entered into force 15 May 2007 Cross-border and cross-sector sharing of interoperable
spatial data resources SOA based architecture
18.113 data sets– > 1316 providers
7.088 services– > 1546 providers
![Page 5: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/5.jpg)
Background & context• Public access to the spatial data through services
The goal is to have as few access barriers as possible (direct access, free, ...)
• Public access can be limited for particular reasons Discovery service
– “such access would adversely affect international relations, public security or national defence”
Viewing, download, ... services and e-commerce– Because of IPR, privacy, protection of particular habitats, ...– E.g. Downloading data can be set-up through a controlled
access mechanism and payment scheme Need for secure access ...
![Page 6: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/6.jpg)
Outline• Background & context
• Defining AAA and AMF
• Overview of relevant standards
• Overview of technologies
• AMF: how it works ...
![Page 7: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/7.jpg)
AAA and AMF• Defining AAA
Authentication– Verification that a potential partner in a conversation is
capable of representing a person or organisation Authorisation
– Determination whether a subject is allowed to have the specified type of access to a particular resource
Accounting or rights management – Tracking and controlling the use of content, rights, licences
and associated information
![Page 8: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/8.jpg)
AAA and AMF
• Defining Access Management Federation Federated authentication and local authorization
Identity providersService providersCoordination Center
![Page 9: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/9.jpg)
AAA and AMF• AMF is a dynamic concept
An organization can join the federation – by applying to the coordination centre as a service provider,
an identity provider or both It becomes a trusted party
– the CC checks technical compliance according to the policies and procedures of the federation
The CC will add the organization’s credentials to the federation metadata– is an XML file hosted online by the CC that defines the circle
of trust of the federation Single Sign-On
– ensures that the user gets a session established with all service providers of the federation
![Page 10: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/10.jpg)
Outline• Background & context
• Defining AAA and AMF
• Overview of relevant standards
• Overview of technologies
• AMF: how it works ...
![Page 11: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/11.jpg)
Standards• There are many (related) standards
General ICT with few exceptions
CommunicationAuthenticationAuthorization
![Page 12: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/12.jpg)
Standards
• Secure communication HTTP protocol (IETF RFC 2616) with an encription protocol
such as TLS (Transport Security Layer – IEF RFC 6176)– HTTPS (IETF RFC 2818)
• Authentication Redirection to IdP, login, forward attributes to SP Security Assertion Markup Language (SAML)
– Protocol for communicating user authentication, entitlement and attribute information
– Metadata – trusted SP & IdP, SAML endpoints, public keys, ... OpenID exist as alternative protocol
![Page 13: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/13.jpg)
Standards Higgins et al., 2014; Chadwick, 2008
![Page 14: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/14.jpg)
Standards• Authorization
Managed at the SP side based on access rights to a resource– Based on attributes – e.g. User ID, role, ...
eXtensible Access Control Markup Language (XACML)– GeoXACML allows geographical functions
OAuth as an alternative but ...Table 1 – Comparison of different authorization standards
Standard What? Pro Con XACML XML-based open standard by OASIS General purpose Complexity GeoXACML Geo-extension to XACML As XACML but with ability to index
Rules and Policie based on geospatial conditions
Complexity
OAuth Category or scoped based decisions Enable to act “on behalf of” Simplicity may not support complicated rights
![Page 15: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/15.jpg)
Outline• Background & context
• Defining AAA and AMF
• Overview of relevant standards
• Overview of technologies
• AMF: how it works ...
![Page 16: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/16.jpg)
Technologies• Authentication information can be stored and
managed in different ways E.g. LDAP, Kerberos, PKI, ...
• For implementing SAML many tools exist (OSS and proprietary) Extensive list with supported protocols and roles in report Shibboleth (Internet2)
– Supports IdP, SP, discovery– Supports additional encryption capacity– Attributes described in Java or from databases– Additional attributes can be defined
![Page 17: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/17.jpg)
Outline• Background & context
• Defining AAA and AMF
• Overview of relevant standards
• Overview of technologies
• AMF: how it works ...
![Page 18: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/18.jpg)
AMF: how it works ...
1
2
34
5
6
78
9
10
11
![Page 19: AAA-architecture for INSPIRE Standards & technologies](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681610e550346895dd0659e/html5/thumbnails/19.jpg)
THANK YOU ! QUESTIONS ?