1 / 18

Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Interoperability Experiment

Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Interoperability Experiment. International Cartographic Conference, Paris, July, 2011 Chris Higgins, IE Manager, chris.higgins@ed.ac.uk. EDINA. EDINA. A National Data Centre for Tertiary Education since 1995

emi-boyer
Télécharger la présentation

Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Interoperability Experiment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Interoperability Experiment International Cartographic Conference, Paris, July, 2011 Chris Higgins, IE Manager, chris.higgins@ed.ac.uk

  2. EDINA EDINA • A National Data Centre for Tertiary Education since 1995 to enhance the productivity of research, learning and teaching in UK higher and further education • Focus is on services but also undertake r&D • EDINA provides technical support in the operation of the UK Access Management Federation • Approx 8 million users • 837 Member Organisations

  3. ESDIN Project ESDIN Project • European Spatial Data Infrastructure Network • An eContentplus Best Practice Network project • September 2008 to March 2011 • Coordinated by EuroGeographics • Key goal: help member states prepare their data for INSPIRE Annex 1 spatial data themes and improve access • Been taking forward as the European Location Framework

  4. Steps towards... • Our users; students, lecturers, etc, getting access to INSPIRE compliant services: • for research • for education • Our UK users getting access to European data • And European academic sector users getting access to UK data • Better understanding of academia as a market for NMCA data

  5. Key vehicle - PTB • European Persistent Geospatial Test-Bed for Research and Teaching • http://sdi-testbed.eu/ • A joint initiative between: • OGC • Association GI Laboratories Europe (AGILE) • EuroSDR

  6. PTB Objectives • To act as a research test-bed for collaborative European research in geospatial interoperability, • To aid the assessment of the current standards for geospatial interoperability in terms of research compatibility, completeness, consistency and ease of use and extensibility • To provide an environment for teaching standards and techniques for geospatial interoperability • To provide a resource to AGILE/EuroSDR/OGC for the coordination of research requirements as well as definition, testing, validation and development of open standards

  7. So whats the problem? • Many of the most valuable SDI resources are protected • These resources frequently in different admin domains • Example: Article 19 of the INSPIRE Directive ”…Member States may limit public access…etc, etc”. • No widely accept standard for securing these protected geospatial resources • Consequence: lots of point solutions • Major interoperability barrier, eg, how can a X-Border application consume protected OWS while having to deal with multiple different access control mechanism? • Make everything open? or, • Access Management Federations (AMF’s)? or, …?

  8. What can Access Management Federations do for us? Fundamental requirement: information on who is accessing your valuable resource = authentication An AMF allows secure sharing of authentication information across administrative domains The members of the federation form a circle of trust and agree to a set of policies and technologies Provides Single Sign On My X-Border appl can now access a protected resource in country A, be challenged for credentials at home institution. Now I can also access additional federation resources (if authorised) in country A, B, C, …, without needing to re-authenticate

  9. IdP IdP IdP IdP IdP Federation Service Providers SP SP SP Identity Providers Organisations SP SP Coordinating Centre SP SP SP Authenticates here Users SP SP SP SP SP SP

  10. One Solution - Shibboleth Internet2 consortium Open source package for web Single Sign On across admin boundaries based on standards: Security Assertion Markup Language (SAML)‏ Organisations can exchange user information and make security assertions by obeying privacy policies Devolved authentication – maintain and leverage existing user management Enables finer grained authorisation through use of attributes

  11. Coordinating Centre IdP IdP IdP IdP IdP IdP INSPIRE Federation OWS Providers WMS WFS WMS Member State organisations, eg, NMCAs WFS WMS WMS WFS WFS Key organisations, eg. EEA, JRC WMS WFS WMS WFS

  12. What we set out to in the Shibboleth IE • Previous work by the same team had shown it was possible to protect WMS with Shibb so that: • No mods required to OGC interfaces • No mods required to main Shibb download • BUT mods required to OWS clients • Provide OGC software producing community with means and opportunity of modifying OWS client software to be able to work with Shibboleth AMF’s • Emphasis on desktop OWS client software • Provide participants with the opportunity to demonstrate their software in action.

  13. Shibboleth IE - How • Use the test ESDIN Federation to provide participants with services to develop against • Provide an open source reference implementation of a modified desktop client conformant with the SAML ECP Profile • http://esdin.fgi.fi/wiki/index.php/Esdin:AuthIE:Client • Provide some technical support, eg, with OpenLayers clients conformant with the Web Browser SSO Profile • Regular telcons • Technology Integration Experiment event • Workshop at INSPIRE 2011

  14. How has the academic sector helped • Shibboleth used primarily in academic sector • https://www.aai.dfn.de/links/ • https://spaces.internet2.edu/display/SHIB/ShibbolethFederations • The Persistent Testbed allowed the sector to provide a “united” front – valuable mandate • Academia is neutral; not selling anything, no hidden agenda. Our aim is to improve provision of services to European students

  15. Aiming for mutual benefits • Real world SDI R&D requirements • Resources • Data Public Sector Academic sector Virtuous Circle • Better educated graduates • Future customers/employees used to using high quality public sector reference data via Geospatial Web Services • R&D requirements get met

  16. Some options for going forward: One Federation and every every legally mandated organisation joins Multiple federations: one in each country and one pan-European One federation: one organisation in each country, the INSPIRE point of contact joins the single pan-European federation and acts as the gateway for all the other legally mandated organisations in the country that are standing up INSPIRE services Multiple federations: one in each country and inter-federation interoperability ensures SSO

  17. Some priorities for going forward… • Take steps to encourage widespread use of Shibboleth for securing SDI’s • Maximise benefits of connections between existing federations and emerging geospatial federations • Maintain and strengthen united academic sector bloc in respect of SDI development • Maintain dialogue and continue to collaborate with key organisations like Eurogeographics, JRC, EEA, etc • If use of Shibboleth for securing SDI operationalised: • good for students: • good for business • good for content providers • good for Europe

  18. Questions? http://igibs.blogs.edina.ac.uk/ Additional comments, questions, suggestions, etc, on blog very welcome Or email: chris.higgins@ed.ac.uk

More Related