Citizen Observatory Framework with Access Management Federation

In GEOSS

10th October, 2013,Neusiedl am See

ENVIP’2013

Bart De LathouwerInteroperability Program

bdelathouwer@opengeospatial.orgOGC

The bare bones…

• Project started 1st Nov, 2012 and will run for 4 yrs• Funded under the European Commission’s

Framework Programme 7 (Grant No: 308513)• Crowd sourced environmental data to aid decision

making• Introduce quality measures and reduce uncertainty• Fusion of crowdsourced data with reference data…• Spatial Data Infrastructure - like initiatives

– National SDI’s in UK, Greece and Germany– INSPIRE– GEOSS

FP7-ENV-2012 observatories

Name Lead Topic

Citclops Barcelona Digital Centre Tecnològic (Spain)

Coast and ocean optical monitoring

WeSenseIt University of Sheffield (UK)

Water Management

CITI-SENSE Nilu (Norway) Air quality

Omniscientis Spacebel (Belgium) Odour monitoring

COBWEB UEDIN (UK) Environment

Essential context – WNBR

• UNESCO Man and Biosphere Programs (MAB) World Network of Biosphere Reserves– Sites of excellence to foster harmonious integration

of people and nature for sustainable development through participation, knowledge sharing, poverty reduction and human well-being improvements, cultural values and society's ability to cope with change, thus contributing to the Millennium Development Goals

• 610 reserves in 117 countries

COBWEB Biosphere Reserves

1. UK (Wales): Biosffer Dyfi

2. Germany: Wadden See and Hallig Islands

3. Greece:– Mount Olympus– Gorge of Samaria

Left open possibility of expansion to further BRs later in project

Why the need for Authentication?

• Not all observers are created equal– Occasional observer– Scientific observer– Influence on the quality indicator of the

observation

• Not all observations should have unrestricted access– Endangered species

Authentication and Single Sign-On

• Recommendations– Federated solution (lightest impact on GCI)

• OpenID and SAML-2 to be used– Data provider support for a set of “trusted”

OpenID identity servers to be used with SAML-2 user management systems• USA Gov. has such a list (Google &VeriSign)• INSPIRE doesn’t have such a list

– Authentication is the current primary goal• Access control is a future interest

– User interaction is the current primary goal• Programmatic authentication is a future interest

7

Authentication and Single Sign-On

• The AIP-6 access management federation includes: – SAML-2 Service Provider (SP)– SAML-2 Identity Provider (IdP)– SAML-2 Discovery Service (DS)– SAML-2 / OpenID Trust Gateway

AIP-6 Access Management Federation 20 Sept 2013

*: Consortium of Universities for the Advancement of Hydrologic Science

Service Provider (SP) Identity Provider (IdP)Discovery Service (DS)

“GEOSS user” Single-Sign-On

Trust Gateway (TG) to OpenID

Google

OpenId

NASA Ames

ESA

Secure Dimensions

CUAHSI*

INPE

University of Edinburgh

Kst. GDI.DE

AIP-6 Federation

• GEOSS AIP-6 Data Sharing activity– Work is being done under the COBWEB project

• Currently the following participants– EDINA – University of Edinburgh (https://cobweb.edina.ac.uk)

• SP, IdP, Trust Gateway to Google OpenID, Hosting federation metadata

– Secure Dimensions GmbH (https://aip6.secure-dimensions.de) • SP, IdP, DS, WMS, WCS

– Kst. GDI.DE (https://sp.gdi-de.org) • SP, IdP, (INSPIRE services to come)

– CUAHSI (https://geoss.cuahsi.org) • SP, (WMS, WFS, SOS to come), OpenLayers client showing protected

WCS from NASA and Secure Dimensions (/secure/bf.html) – NASA Ames (https://sggate.arc.nasa.gov)

• SP, IdP, WMS, WCS

Copyright © 2013 Open Geospatial Consortium

Want to know more?

• COBWEB– Coordinator: Chris Higgins

chris.higgins (at) ed.ac.uk

• OGC Security DWG– Chair: Andreas Matheus

andreas.matheus (at) secure-dimensions.de

Thank you. Questions?