COBWEB Authentication Workshop

Weds 21st Nov, 2012,GEO-IX Plenary,

Foz do Iguaçu, Brazil.

Chris Higgins,Project Coordinator,EDINA National Data Centre,University of Edinburgh.chris.higgins@ed.ac.uk

Andreas Matheus,Technical Coordinator,Secure Dimensions GmbH.am@secure-dimensions.de

Welcome and objectives of the workshop

COBWEB consortium objectives

• Stakeholder engagement– First time project at a GEOSS meeting– Have we understood the authentication issues?

• Guaging interest in our plans– Help with prioritising

• Seeking expressions of interest in working with us

• Sanity checking• Is the direction of travel right?• Architecture Implementation Pilot – 6

coming…

Audience objectives

• “how access management federation technology, principally the OASIS standard Security Assertion Markup Language (SAML), may be applied in a GEOSS context”

• Opportunity to engage in some discussion with people who have been working in this area for a while

• COBWEB might assist in getting some of your R&D requirements met…

Schedule1 1000-

1010Welcome and objectives

2 1010-1020

Quick introduction to COBWEB

3 1020-1040

Previous Access Management Federation work by this team

4 1040-1110

Previous related work GEOSS

5 1110-

1130

Initial COBWEB plans and discussion

6 1130-1150

Possible future COBWEB activities and discussion

7 1150-1200

Wrap-up

Why put effort into federated access control?

• Authentication is the process of verifying that claims made concerning a subject, eg, identity, who is attempting to access a resource are true, ie, authentic

• Frequently, SDI content and service providers need to know who is accessing their valuable, secure, protected, etc, data

• The ability for a group of organisations with common objectives, ie, a federation, to securely exchange authentication information is a powerful SDI enabler

• Even more so if removing some of the barriers to interoperability…

SP

SPIdP

IdP

IdP

IdP

SP

SP

SP

SP

SP

SP

SP

SPSP

Coordinating

Centre

Federation Service Providers

Identity Providers

Users

Organisations

IdP

SP

SP

SP

Authenticates here

Quick introduction to COBWEB

Introduction to COBWEB

• Project started 1st Nov, 2012 and will run for 4 yrs• Funded under the European Commission’s

Framework Programme 7 (Grant No: 308513)• Crowdsourced environmental data• Introduce quality measures and reduce uncertainty• Fusion of crowdsourced data with reference data…• Spatial Data Infrastructure - like initiatives

– National SDI’s in UK, Greece and Germany– INSPIRE– GEOSS

Project Partners

University of Edinburgh UK (Scotland)

University of Nottingham UK (England)

Aberystwyth University UK (Wales)

Welsh Assembly Government UK (Wales)

Environment Systems Limited UK (Wales)

Ecodyfi UK (Wales)

Open Geospatial Consortium (Europe) Limited UK

University College Dublin Ireland

Technische Universitaet Dresden Germany

Secure Dimensions GmbH Germany

University of Western Greece Greece

OIKOM – Environmental Studies Ltd Greece

GeoCat BV Netherlands

Essential context - GEOSS

• COBWEB is obliged to work within GEOSS framework

• common methodologies and standards for data archiving, discovery and access

• Section on collaboration with GEOSS and FP7-ENV-2012 cluster projects added to project description

• “Data collected should be made available through the GEOSS without any restrictions”

Whats all this got to do with AuthN?

• “…addressing questions of privacy…”• COBWEB about environmental, not personal

data• Some kinds of protected data that may be

encountered during the project:• Personal information, eg, expert or novice

observer• Location protected species• Reference data from European National Mapping

and Cadastral Agencies• Conflated data

FP7-ENV-2012 observatories

Name Lead Topic

CITI-SENSE Nilu (Norway) Air quality

WeSenseIt University of Sheffield (UK)

Water Management

Citclops Barcelona Digital Centre Tecnològic (Spain)

Coast and ocean

optical monitoring

Omniscientis Spacebel (Belgium)

Odour monitoring

COBWEB UEDIN (UK) Various

Essential context - WNBR

• UNESCO Man and Biosphere Programmes (MAB) World Network of Biosphere Reserves– Sites of excellence to foster harmonious integration of

people and nature for sustainable development through participation, knowledge sharing, poverty reduction and human well-being improvements, cultural values and society's ability to cope with change, thus contributing to the Millennium Development Goals

• 610 reserves in 117 countries

Not the World Naked Bike Ride

Previous Security Assertion Markup Language (SAML) work by this team

Previous related work GEOSS

Initial COBWEB plans and discussion

Possible future COBWEB activities and discussion

RegistersService Metadata

Data Set Metadata

Registry Service Discovery Service

Applications

InvokeSDService

Transf. Service

Spatial Data Sets

INSPIRE Annex

Thematic DS

Framework for harmonized DS

ViewService

DownloadService

Dat

a La

yer

Ser

vice

La

yer

App

l. La

yer

Access Management Federation

Service Bus

RM

La

yers

electronic licence negotiation

eCommerce

Separation of concerns

Authorisation

Other possibilities

• Service chaining. More advanced architecture patterns

• Inter-federation interoperability– different scales– different countries– different sectors

Wrap-up

Conclusions

• We want to pilot Access Management Federation (AMF) technology within GEOSS– We strongly recommend building on existing

infrastructure, eg, existing AMFs

• Is your organisation interested in participating or knowing more?

• If so, contact either of the following or find us at the COBWEB stand here at GEO-IX:

chris.higgins@ed.ac.uk andreas.matheus@secure-dimensions.de