SlideShare a Scribd company logo

Previous work on Access Management Federations

Download as PPTX, PDF
EDINA, University of Edinburgh
EDINA, University of Edinburgh
1 of 12
Previous work on Access Management Federations Andreas Matheus Secure Dimensions
Previous work by this team • SEE-GEO • The eContentPlus ESDIN work • OGC Web Services Shibboleth Interoperability Experiment • German Spatial Data Infrastructure 2007 ... 2012 ... 2016 (Concept) Secure Dimensions Previous work on Access Management Federations 2
SEE-GEO • SEcurE access to GEOspatial services • UK JISC funded process in 2007 • Cross border map (Germany / The Netherlands) • Secure WFS with styled layer descriptor – Depending on style and origin of rescue centre maps is loaded or access is denied Secure Dimensions Previous work on Access Management Federations 3
eContentPlus ESDIN • eContentPlus project (http://www.esdin.eu/) • Participants from all over Europe • Establish a pan-European access management federation with NMCAsservices: – OGC WMS – OGC WFS – ... Secure Dimensions Previous work on Access Management Federations 4
Shibboleth IE • OGC Interoperability Experiment – 2011 – OGC® Engineering Report for the OWS Shibboleth Interoperability Experiment – https://portal.opengeospatial.org/files/?artifact_id=478 52 • Objectives – Use of the access management federation with OGC Web Services using SAML 2 authentication – Implement SAML 2 Enhanced Client & Proxy Profile in Desktop GIS product Secure Dimensions Previous work on Access Management Federations 5
Shibboleth IE • OGC Interoperability Experiment 2011 • Participants – Cadcorp, Envitia, con terra, snowflake, JRC • Objective – Connect to protected OGC Web Services provided by esdin and German SDI prototype federation – Implement SAML 2 Enhanced Client Proxy Profile • Result – Desktop GIS: Cadcorp, Envitia, snowflake – Browser based Client: JRC – Client Proxy: con terra Secure Dimensions Previous work on Access Management Federations 6
INSPIRE 2011 Workshop • INSPIRE annual conference 2011 Edinburgh • Objective was to introduce the use of Access Management Federation with SAML2 to protect OGC Web Services – Access Management Federation prototype • The result confirmedthat the introduced concept is INSPIRE conformant Secure Dimensions Previous work on Access Management Federations 7
Prototype Federation German SDI • https://sp.gdi-de.org Secure Dimensions Previous work on Access Management Federations 8
Prototype Federation German SDI application WMS GetFeatureInfo loaded from IdP SP WMS GetMap Secure Dimensions (secure-dimensions.net) GDI.DE (gdi-de.org) login with SP IHK Bavaria (win.bihk.de) DS GDI.DE SP (gdi-de.org) GDI.BY (gdi-by.org) Secure Dimensions Previous work on Access Management Federations 9
Conclusion from previous work • Access Management Federation based on SAML is a productive solution for sharing protected resources in various countries around the world – https://www.aai.dfn.de/links/ [German Federation] • Strength – Single-Sign-On support – High level of assurance about real user identity – Exchange of SAML user credentials support privacy and anonymity of the user – Managed list of trusted entities = federation Secure Dimensions Previous work on Access Management Federations 10
Conclusion from previous work • Protected services can be consumed via – Web Browser (e.g. OpenLayers) applications – Desktop GIS applications • Web Browser with full support*1 – IE 10, Google Chrome, Firefox, Safari • Desktop GIS must implement SAML2 ECP – Cadcorp, Envitia got tested successfully during Shibboleth IE – QGIS (open source GIS) SAML2 extension provided by Secure Dimensions *1: This is the list of tested web browsers Secure Dimensions Previous work on Access Management Federations 11
Thank You It is important, to do security right... Secure Dimensions GmbH Holistic Geosecurity Dr. Andreas Matheus Waxensteinstr. 28 D-81377 München, Germany Phone +49 (0)89 38151813-0 Mobile +49 (0)160 1066366 Telefax +49 (0)89 38151813-9 Email am@secure-dimensions.com Web www.secure-dimensions.com Secure Dimensions Previous work on Access Management Federations Slide 12

Recommended

Geospatial Tech in Teaching
Geospatial Tech in TeachingGeospatial Tech in Teaching
Geospatial Tech in TeachingEDINA, University of Edinburgh
 
Discover edina programmefinalmeeting-28-sep-2012
Discover edina programmefinalmeeting-28-sep-2012Discover edina programmefinalmeeting-28-sep-2012
Discover edina programmefinalmeeting-28-sep-2012EDINA, University of Edinburgh
 
Using Social Media to Communicate Your Research
Using Social Media to Communicate Your ResearchUsing Social Media to Communicate Your Research
Using Social Media to Communicate Your ResearchEDINA, University of Edinburgh
 
Rosacea Treatment At Home
Rosacea Treatment At HomeRosacea Treatment At Home
Rosacea Treatment At HomeKevin Brown
 
Geology Digimap
Geology DigimapGeology Digimap
Geology DigimapEDINA, University of Edinburgh
 
JISC MediaHub
JISC MediaHubJISC MediaHub
JISC MediaHubEDINA, University of Edinburgh
 
BIL Corporate
BIL CorporateBIL Corporate
BIL Corporatebschandru
 
AIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC CorporationAIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC CorporationShadrach White
 

Recommended

Geospatial Tech in Teaching
Geospatial Tech in TeachingGeospatial Tech in Teaching
Geospatial Tech in TeachingEDINA, University of Edinburgh
 
Discover edina programmefinalmeeting-28-sep-2012
Discover edina programmefinalmeeting-28-sep-2012Discover edina programmefinalmeeting-28-sep-2012
Discover edina programmefinalmeeting-28-sep-2012EDINA, University of Edinburgh
 
Using Social Media to Communicate Your Research
Using Social Media to Communicate Your ResearchUsing Social Media to Communicate Your Research
Using Social Media to Communicate Your ResearchEDINA, University of Edinburgh
 
Rosacea Treatment At Home
Rosacea Treatment At HomeRosacea Treatment At Home
Rosacea Treatment At HomeKevin Brown
 
Geology Digimap
Geology DigimapGeology Digimap
Geology DigimapEDINA, University of Edinburgh
 
JISC MediaHub
JISC MediaHubJISC MediaHub
JISC MediaHubEDINA, University of Edinburgh
 
BIL Corporate
BIL CorporateBIL Corporate
BIL Corporatebschandru
 
AIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC CorporationAIIM Cloud Webinar - EMC Corporation
AIIM Cloud Webinar - EMC CorporationShadrach White
 
How to use hybrid cloud to migrate and deploy unified business applications i...
How to use hybrid cloud to migrate and deploy unified business applications i...How to use hybrid cloud to migrate and deploy unified business applications i...
How to use hybrid cloud to migrate and deploy unified business applications i...Eric D. Schabell
 
A deep intelligence framework for online video processing
A deep intelligence framework for online video processingA deep intelligence framework for online video processing
A deep intelligence framework for online video processingieeepondy
 
Asset anywhere
Asset anywhereAsset anywhere
Asset anywherePrashanth Panduranga
 
Geotech presentation 2012
Geotech presentation 2012Geotech presentation 2012
Geotech presentation 2012Pradipta Sen
 
Evolving Domains, Problems and Solutions for Long Term Digital Preservation
Evolving Domains, Problems and Solutions for Long Term Digital PreservationEvolving Domains, Problems and Solutions for Long Term Digital Preservation
Evolving Domains, Problems and Solutions for Long Term Digital PreservationSCAPE Project
 
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in PragueContinuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in PragueRoman Pickl
 
Keynote Client Connectivity And The Cloud
Keynote Client Connectivity And The CloudKeynote Client Connectivity And The Cloud
Keynote Client Connectivity And The CloudGoogleTecTalks
 
Modern Thinking área digital MSKM 21/09/2017
Modern Thinking área digital MSKM 21/09/2017Modern Thinking área digital MSKM 21/09/2017
Modern Thinking área digital MSKM 21/09/2017MSMK - Madrid School of Marketing
 
ITCV
ITCVITCV
ITCVMark Sharman
 
ParisfxLab - Cloud4Media
ParisfxLab - Cloud4MediaParisfxLab - Cloud4Media
ParisfxLab - Cloud4MediaFrançois Hanat
 
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...DataBench
 
Cloudify 10m
Cloudify 10mCloudify 10m
Cloudify 10mGuy Korland
 
Cloud Innovation Tour - Design Track
Cloud Innovation Tour - Design TrackCloud Innovation Tour - Design Track
Cloud Innovation Tour - Design TrackLaurenWendler
 
Resume-pierre-stephane-us
Resume-pierre-stephane-usResume-pierre-stephane-us
Resume-pierre-stephane-usStephane Pierre
 
Continuous Code Quality with the sonar ecosystem
Continuous Code Quality with the sonar ecosystemContinuous Code Quality with the sonar ecosystem
Continuous Code Quality with the sonar ecosystemRoman Pickl
 
Isovalent-kloia Cilium Workshop
Isovalent-kloia Cilium WorkshopIsovalent-kloia Cilium Workshop
Isovalent-kloia Cilium Workshopkloia
 
Chris Kemp: NASA Nebula
Chris Kemp: NASA NebulaChris Kemp: NASA Nebula
Chris Kemp: NASA NebulaGovCloud Network
 
CloudStack EU user group - fast SAP provisioning
CloudStack EU user group - fast SAP provisioningCloudStack EU user group - fast SAP provisioning
CloudStack EU user group - fast SAP provisioningShapeBlue
 
GI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformGI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformIGN Vorstand
 
Access Control in ESDIN: Shibboleth
Access Control in ESDIN: ShibbolethAccess Control in ESDIN: Shibboleth
Access Control in ESDIN: ShibbolethEDINA, University of Edinburgh
 
The Making of the English Landscape:
The Making of the English Landscape: The Making of the English Landscape:
The Making of the English Landscape: EDINA, University of Edinburgh
 
Spatial Data, Spatial Humanities
Spatial Data, Spatial HumanitiesSpatial Data, Spatial Humanities
Spatial Data, Spatial HumanitiesEDINA, University of Edinburgh
 

More Related Content

Similar to Previous work on Access Management Federations

How to use hybrid cloud to migrate and deploy unified business applications i...
How to use hybrid cloud to migrate and deploy unified business applications i...How to use hybrid cloud to migrate and deploy unified business applications i...
How to use hybrid cloud to migrate and deploy unified business applications i...Eric D. Schabell
 
A deep intelligence framework for online video processing
A deep intelligence framework for online video processingA deep intelligence framework for online video processing
A deep intelligence framework for online video processingieeepondy
 
Geotech presentation 2012
Geotech presentation 2012Geotech presentation 2012
Geotech presentation 2012Pradipta Sen
 
Evolving Domains, Problems and Solutions for Long Term Digital Preservation
Evolving Domains, Problems and Solutions for Long Term Digital PreservationEvolving Domains, Problems and Solutions for Long Term Digital Preservation
Evolving Domains, Problems and Solutions for Long Term Digital PreservationSCAPE Project
 
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in PragueContinuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in PragueRoman Pickl
 
Keynote Client Connectivity And The Cloud
Keynote Client Connectivity And The CloudKeynote Client Connectivity And The Cloud
Keynote Client Connectivity And The CloudGoogleTecTalks
 
ParisfxLab - Cloud4Media
ParisfxLab - Cloud4MediaParisfxLab - Cloud4Media
ParisfxLab - Cloud4MediaFrançois Hanat
 
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...DataBench
 
Cloud Innovation Tour - Design Track
Cloud Innovation Tour - Design TrackCloud Innovation Tour - Design Track
Cloud Innovation Tour - Design TrackLaurenWendler
 
Resume-pierre-stephane-us
Resume-pierre-stephane-usResume-pierre-stephane-us
Resume-pierre-stephane-usStephane Pierre
 
Continuous Code Quality with the sonar ecosystem
Continuous Code Quality with the sonar ecosystemContinuous Code Quality with the sonar ecosystem
Continuous Code Quality with the sonar ecosystemRoman Pickl
 
Isovalent-kloia Cilium Workshop
Isovalent-kloia Cilium WorkshopIsovalent-kloia Cilium Workshop
Isovalent-kloia Cilium Workshopkloia
 
CloudStack EU user group - fast SAP provisioning
CloudStack EU user group - fast SAP provisioningCloudStack EU user group - fast SAP provisioning
CloudStack EU user group - fast SAP provisioningShapeBlue
 
GI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformGI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformIGN Vorstand
 

Similar to Previous work on Access Management Federations (20)

How to use hybrid cloud to migrate and deploy unified business applications i...
How to use hybrid cloud to migrate and deploy unified business applications i...How to use hybrid cloud to migrate and deploy unified business applications i...
How to use hybrid cloud to migrate and deploy unified business applications i...
 
A deep intelligence framework for online video processing
A deep intelligence framework for online video processingA deep intelligence framework for online video processing
A deep intelligence framework for online video processing
 
Asset anywhere
Asset anywhereAsset anywhere
Asset anywhere
 
Geotech presentation 2012
Geotech presentation 2012Geotech presentation 2012
Geotech presentation 2012
 
Evolving Domains, Problems and Solutions for Long Term Digital Preservation
Evolving Domains, Problems and Solutions for Long Term Digital PreservationEvolving Domains, Problems and Solutions for Long Term Digital Preservation
Evolving Domains, Problems and Solutions for Long Term Digital Preservation
 
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in PragueContinuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague
Continuous Code Quality with the Sonar Ecosystem @GeeCON 2017 in Prague
 
Keynote Client Connectivity And The Cloud
Keynote Client Connectivity And The CloudKeynote Client Connectivity And The Cloud
Keynote Client Connectivity And The Cloud
 
Modern Thinking área digital MSKM 21/09/2017
Modern Thinking área digital MSKM 21/09/2017Modern Thinking área digital MSKM 21/09/2017
Modern Thinking área digital MSKM 21/09/2017
 
ITCV
ITCVITCV
ITCV
 
ParisfxLab - Cloud4Media
ParisfxLab - Cloud4MediaParisfxLab - Cloud4Media
ParisfxLab - Cloud4Media
 
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
 
Cloudify 10m
Cloudify 10mCloudify 10m
Cloudify 10m
 
Cloud Innovation Tour - Design Track
Cloud Innovation Tour - Design TrackCloud Innovation Tour - Design Track
Cloud Innovation Tour - Design Track
 
Resume-pierre-stephane-us
Resume-pierre-stephane-usResume-pierre-stephane-us
Resume-pierre-stephane-us
 
Continuous Code Quality with the sonar ecosystem
Continuous Code Quality with the sonar ecosystemContinuous Code Quality with the sonar ecosystem
Continuous Code Quality with the sonar ecosystem
 
Isovalent-kloia Cilium Workshop
Isovalent-kloia Cilium WorkshopIsovalent-kloia Cilium Workshop
Isovalent-kloia Cilium Workshop
 
Chris Kemp: NASA Nebula
Chris Kemp: NASA NebulaChris Kemp: NASA Nebula
Chris Kemp: NASA Nebula
 
CloudStack EU user group - fast SAP provisioning
CloudStack EU user group - fast SAP provisioningCloudStack EU user group - fast SAP provisioning
CloudStack EU user group - fast SAP provisioning
 
GI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platformGI2012 buono-cnr-geo-platform
GI2012 buono-cnr-geo-platform
 
Access Control in ESDIN: Shibboleth
Access Control in ESDIN: ShibbolethAccess Control in ESDIN: Shibboleth
Access Control in ESDIN: Shibboleth
 

More from EDINA, University of Edinburgh

We have the technology... We have the data... What next?
We have the technology... We have the data... What next?We have the technology... We have the data... What next?
We have the technology... We have the data... What next?EDINA, University of Edinburgh
 
Reference Rot in Theses: A HiberActive Pilot - 10x10 session for Repository F...
Reference Rot in Theses: A HiberActive Pilot - 10x10 session for Repository F...Reference Rot in Theses: A HiberActive Pilot - 10x10 session for Repository F...
Reference Rot in Theses: A HiberActive Pilot - 10x10 session for Repository F...EDINA, University of Edinburgh
 
If I Googled You, What Would I Find? Managing your digital footprint - Nicola...
If I Googled You, What Would I Find? Managing your digital footprint - Nicola...If I Googled You, What Would I Find? Managing your digital footprint - Nicola...
If I Googled You, What Would I Find? Managing your digital footprint - Nicola...EDINA, University of Edinburgh
 
Managing your Digital Footprint : Taking control of the metadata and tracks a...
Managing your Digital Footprint : Taking control of the metadata and tracks a...Managing your Digital Footprint : Taking control of the metadata and tracks a...
Managing your Digital Footprint : Taking control of the metadata and tracks a...EDINA, University of Edinburgh
 
Social media and blogging to develop and communicate research in the arts and...
Social media and blogging to develop and communicate research in the arts and...Social media and blogging to develop and communicate research in the arts and...
Social media and blogging to develop and communicate research in the arts and...EDINA, University of Edinburgh
 
Enhancing your research impact through social media - Nicola Osborne
Enhancing your research impact through social media - Nicola OsborneEnhancing your research impact through social media - Nicola Osborne
Enhancing your research impact through social media - Nicola OsborneEDINA, University of Edinburgh
 
Social Media in Marketing in Support of Your Personal Brand - Nicola Osborne
Social Media in Marketing in Support of Your Personal Brand - Nicola OsborneSocial Media in Marketing in Support of Your Personal Brand - Nicola Osborne
Social Media in Marketing in Support of Your Personal Brand - Nicola OsborneEDINA, University of Edinburgh
 
Best Practice for Social Media in Teaching & Learning Contexts - Nicola Osborne
Best Practice for Social Media in Teaching & Learning Contexts - Nicola OsborneBest Practice for Social Media in Teaching & Learning Contexts - Nicola Osborne
Best Practice for Social Media in Teaching & Learning Contexts - Nicola OsborneEDINA, University of Edinburgh
 
Introduction to Edinburgh University Data Library and national data services
Introduction to Edinburgh University Data Library and national data servicesIntroduction to Edinburgh University Data Library and national data services
Introduction to Edinburgh University Data Library and national data servicesEDINA, University of Edinburgh
 
Digimap for Schools: Introduction to an ICT based cross curricular resource f...
Digimap for Schools: Introduction to an ICT based cross curricular resource f...Digimap for Schools: Introduction to an ICT based cross curricular resource f...
Digimap for Schools: Introduction to an ICT based cross curricular resource f...EDINA, University of Edinburgh
 

More from EDINA, University of Edinburgh (20)

The Making of the English Landscape:
The Making of the English Landscape: The Making of the English Landscape:
The Making of the English Landscape:
 
Spatial Data, Spatial Humanities
Spatial Data, Spatial HumanitiesSpatial Data, Spatial Humanities
Spatial Data, Spatial Humanities
 
Land Cover Map 2015
Land Cover Map 2015Land Cover Map 2015
Land Cover Map 2015
 
We have the technology... We have the data... What next?
We have the technology... We have the data... What next?We have the technology... We have the data... What next?
We have the technology... We have the data... What next?
 
Reference Rot in Theses: A HiberActive Pilot - 10x10 session for Repository F...
Reference Rot in Theses: A HiberActive Pilot - 10x10 session for Repository F...Reference Rot in Theses: A HiberActive Pilot - 10x10 session for Repository F...
Reference Rot in Theses: A HiberActive Pilot - 10x10 session for Repository F...
 
GeoForum EDINA report 2017
GeoForum EDINA report 2017GeoForum EDINA report 2017
GeoForum EDINA report 2017
 
If I Googled You, What Would I Find? Managing your digital footprint - Nicola...
If I Googled You, What Would I Find? Managing your digital footprint - Nicola...If I Googled You, What Would I Find? Managing your digital footprint - Nicola...
If I Googled You, What Would I Find? Managing your digital footprint - Nicola...
 
Moray housemarch2017
Moray housemarch2017Moray housemarch2017
Moray housemarch2017
 
Uniof stirlingmarch2017secondary
Uniof stirlingmarch2017secondaryUniof stirlingmarch2017secondary
Uniof stirlingmarch2017secondary
 
Uniof glasgow jan2017_secondary
Uniof glasgow jan2017_secondaryUniof glasgow jan2017_secondary
Uniof glasgow jan2017_secondary
 
Managing your Digital Footprint : Taking control of the metadata and tracks a...
Managing your Digital Footprint : Taking control of the metadata and tracks a...Managing your Digital Footprint : Taking control of the metadata and tracks a...
Managing your Digital Footprint : Taking control of the metadata and tracks a...
 
Social media and blogging to develop and communicate research in the arts and...
Social media and blogging to develop and communicate research in the arts and...Social media and blogging to develop and communicate research in the arts and...
Social media and blogging to develop and communicate research in the arts and...
 
Enhancing your research impact through social media - Nicola Osborne
Enhancing your research impact through social media - Nicola OsborneEnhancing your research impact through social media - Nicola Osborne
Enhancing your research impact through social media - Nicola Osborne
 
Social Media in Marketing in Support of Your Personal Brand - Nicola Osborne
Social Media in Marketing in Support of Your Personal Brand - Nicola OsborneSocial Media in Marketing in Support of Your Personal Brand - Nicola Osborne
Social Media in Marketing in Support of Your Personal Brand - Nicola Osborne
 
Best Practice for Social Media in Teaching & Learning Contexts - Nicola Osborne
Best Practice for Social Media in Teaching & Learning Contexts - Nicola OsborneBest Practice for Social Media in Teaching & Learning Contexts - Nicola Osborne
Best Practice for Social Media in Teaching & Learning Contexts - Nicola Osborne
 
SCURL and SUNCAT serials holdings comparison service
SCURL and SUNCAT serials holdings comparison serviceSCURL and SUNCAT serials holdings comparison service
SCURL and SUNCAT serials holdings comparison service
 
Big data in Digimap
Big data in DigimapBig data in Digimap
Big data in Digimap
 
Introduction to Edinburgh University Data Library and national data services
Introduction to Edinburgh University Data Library and national data servicesIntroduction to Edinburgh University Data Library and national data services
Introduction to Edinburgh University Data Library and national data services
 
Digimap for Schools: Introduction to an ICT based cross curricular resource f...
Digimap for Schools: Introduction to an ICT based cross curricular resource f...Digimap for Schools: Introduction to an ICT based cross curricular resource f...
Digimap for Schools: Introduction to an ICT based cross curricular resource f...
 
Digimap Update - Geoforum 2016 - Guy McGarva
Digimap Update - Geoforum 2016 - Guy McGarvaDigimap Update - Geoforum 2016 - Guy McGarva
Digimap Update - Geoforum 2016 - Guy McGarva
 

Previous work on Access Management Federations

  • 1. Previous work on Access Management Federations Andreas Matheus Secure Dimensions
  • 2. Previous work by this team • SEE-GEO • The eContentPlus ESDIN work • OGC Web Services Shibboleth Interoperability Experiment • German Spatial Data Infrastructure 2007 ... 2012 ... 2016 (Concept) Secure Dimensions Previous work on Access Management Federations 2
  • 3. SEE-GEO • SEcurE access to GEOspatial services • UK JISC funded process in 2007 • Cross border map (Germany / The Netherlands) • Secure WFS with styled layer descriptor – Depending on style and origin of rescue centre maps is loaded or access is denied Secure Dimensions Previous work on Access Management Federations 3
  • 4. eContentPlus ESDIN • eContentPlus project (http://www.esdin.eu/) • Participants from all over Europe • Establish a pan-European access management federation with NMCAsservices: – OGC WMS – OGC WFS – ... Secure Dimensions Previous work on Access Management Federations 4
  • 5. Shibboleth IE • OGC Interoperability Experiment – 2011 – OGC® Engineering Report for the OWS Shibboleth Interoperability Experiment – https://portal.opengeospatial.org/files/?artifact_id=478 52 • Objectives – Use of the access management federation with OGC Web Services using SAML 2 authentication – Implement SAML 2 Enhanced Client & Proxy Profile in Desktop GIS product Secure Dimensions Previous work on Access Management Federations 5
  • 6. Shibboleth IE • OGC Interoperability Experiment 2011 • Participants – Cadcorp, Envitia, con terra, snowflake, JRC • Objective – Connect to protected OGC Web Services provided by esdin and German SDI prototype federation – Implement SAML 2 Enhanced Client Proxy Profile • Result – Desktop GIS: Cadcorp, Envitia, snowflake – Browser based Client: JRC – Client Proxy: con terra Secure Dimensions Previous work on Access Management Federations 6
  • 7. INSPIRE 2011 Workshop • INSPIRE annual conference 2011 Edinburgh • Objective was to introduce the use of Access Management Federation with SAML2 to protect OGC Web Services – Access Management Federation prototype • The result confirmedthat the introduced concept is INSPIRE conformant Secure Dimensions Previous work on Access Management Federations 7
  • 8. Prototype Federation German SDI • https://sp.gdi-de.org Secure Dimensions Previous work on Access Management Federations 8
  • 9. Prototype Federation German SDI application WMS GetFeatureInfo loaded from IdP SP WMS GetMap Secure Dimensions (secure-dimensions.net) GDI.DE (gdi-de.org) login with SP IHK Bavaria (win.bihk.de) DS GDI.DE SP (gdi-de.org) GDI.BY (gdi-by.org) Secure Dimensions Previous work on Access Management Federations 9
  • 10. Conclusion from previous work • Access Management Federation based on SAML is a productive solution for sharing protected resources in various countries around the world – https://www.aai.dfn.de/links/ [German Federation] • Strength – Single-Sign-On support – High level of assurance about real user identity – Exchange of SAML user credentials support privacy and anonymity of the user – Managed list of trusted entities = federation Secure Dimensions Previous work on Access Management Federations 10
  • 11. Conclusion from previous work • Protected services can be consumed via – Web Browser (e.g. OpenLayers) applications – Desktop GIS applications • Web Browser with full support*1 – IE 10, Google Chrome, Firefox, Safari • Desktop GIS must implement SAML2 ECP – Cadcorp, Envitia got tested successfully during Shibboleth IE – QGIS (open source GIS) SAML2 extension provided by Secure Dimensions *1: This is the list of tested web browsers Secure Dimensions Previous work on Access Management Federations 11
  • 12. Thank You It is important, to do security right... Secure Dimensions GmbH Holistic Geosecurity Dr. Andreas Matheus Waxensteinstr. 28 D-81377 München, Germany Phone +49 (0)89 38151813-0 Mobile +49 (0)160 1066366 Telefax +49 (0)89 38151813-9 Email am@secure-dimensions.com Web www.secure-dimensions.com Secure Dimensions Previous work on Access Management Federations Slide 12