SlideShare uma empresa Scribd logo

Shibboleth and INSPIRE

JISC GECO
JISC GECO

Presentation on Shibboleth, the authorisation standard used by UK academia via the UK Access Management Federation, and the EU INSPIRE Directive. Produced by the IGIBS project team and staff from the Geo Services group at EDINA.

Tecnologia
1 de 25
Baixar para ler offline
Shibboleth Access Management Federations as an Organisational Model for SDI C.I.Higgins, M.Koutroumpas, A.Seales, EDINA National Datacentre, Scotland A.Matheus, University of the Bundeswehr, Germany INSPIRE Conference 2011, Wednesday 29th June
ESDIN Project • An eContentplus Best Practice Network project • Resourced EDINA’s to investigate ESDI and Access Control – Principally using OGC Interoperability Experiments • September 2008 to March 2011 • Coordinated by EuroGeographics • Key goal: help member states prepare their data for INSPIRE Annex 1 spatial data themes and improve access • Been taking forward as the European Location Framework
ESDIN project info (www.esdin.eu) The Finnish Geodetic Lantmäteriet Institute Statens kartverk Helsinki University of National Land Survey of Kort & Matrikelstyrelsen Technology Finland IGN Belgium Kadaster EDINA, University Edinburgh Geodan Software Development & Universität Münster Technology 1Spatial Bundesamt für Interactive Instruments Kartographie und Geodäsie EuroGeographics Bundesamt für Eich- und Vermessungswesen IGN France Institute of Geodesy, Cartography and Remote Sensing National Agency for Cadastre and National Technical Real Estate Publicity University Romania of Athens
EDINA • A National Data Centre for Tertiary Education since 1995 to enhance the productivity of research, learning and teaching in UK higher and further education (mission statement) • Focus is on services but also undertake r&D • Shibboleth used primarily in academic sector – https://www.aai.dfn.de/links/ – https://spaces.internet2.edu/display/SHIB/ShibbolethFederations • EDINA provides technical support in the operation of the UK Access Management Federation – Approx 8 million users – 837 Member Organisations (IdPs and SPs)
So whats the problem? • Many of the most valuable SDI resources are protected • These resources frequently in different admin domains – Example: Article 19 of the INSPIRE Directive ” Member States may limit public access etc, etc”. • Many accepted standards for securing these protected geospatial resources but no consensus which to use – Consequence: lots of point solutions • Major interoperability barrier, eg, how can a X-Border application consume protected OWS while having to deal with multiple different access control mechanism? – Make everything open? or – Scale back ambitions? or – Access Management Federations (AMF’s)? or, ?
What can Access Management Federations do for us? • Fundamental requirement: information on who is accessing your valuable resource = authentication • An AMF allows secure sharing of authentication information across administrative domains • The members of the federation form a circle of trust and agree to a set of policies and technologies • Provides Single Sign On • My X-Border appl can now access a protected resource in country A, be challenged for credentials at home institution. Now I can also access additional federation resources (if authorised) in country A, B, C, , without needing to re- authenticate
One Solution - Shibboleth • Internet2 consortium • Open source package for web Single Sign On across admin boundaries based on standards: – Security Assertion Markup Language (SAML) • Organisations can exchange user information and make security assertions by obeying privacy policies • Devolved authentication – maintain and leverage existing user management • Enables finer grained authorisation through use of attributes
Federation Service Providers SP SP SP IdP IdP Identity Providers Organisations SP SP Coordinating Centre IdP SP SP SP Authenticates here Users SP SP SP IdP SP IdP SP SP
• Paper submitted to the International Journal SDI Research to accompany this presentation • Premise is that a concomitant security infrastructure is necessary to realise SDI objectives where protected resources are involved • Table 1 posits: “Twelve required attributes for a solution to securing SDI”
1. Based on open security interoperability standards – Security Assertion Markup Language (SAML) from OASIS
2. Works across administrative domains – Fundamental reason for Access Management Federations
3. Single Sign On – Basic Use Case for SAML – Principals authenticate at one web site, access the resource of interest, and are then able to access additional protected resources at other web sites without having to re-authenticate
4. Does not require any changes to the OGC interfaces being protected – OGC Interoperability Experiments have demonstrated use with range of familiar industry implementations, eg, geoserver, mapserver, Snowflake – No need for SOAP bindings
5. Requires minimal changes to the OGC Web Service clients – SAML 2 ECP must be implemented – Reference implementation available – 6 organisations through OGC Interoperability Experiment have made changes – Some products now commercially available – Browser relatively easy, desktop harder – Took weeks, not months
6. Proven production strength – Already in daily use by millions – Possibly already in your country
7. Satisfies data privacy requirements – What set of SAML assertions are required for pan-European SDI authorisation decisions?
8. Flexible in order to accommodate a wide variety of different use cases – Different SAML workflows • Portal flow • Service Provider flow – SAML already used by GI community • European Space Agency “User Management Interfaces for Earth Observation Services” • Where are the interoperability points?
9. Should be an open source “reference implementation” – Shibboleth
10. Not geospatial specific and in widespread mainstream IT use – Leverage broad participation in technology development – Stay flexible as much as possible – Maximise potential for interoperability
11. Should, in so far as is possible, be built on information systems already in place – Huge amount of prior investment in identity management – Organisations know best how to manage their users – Many Shibb Federations in place already in academic sector across Europe • A source of expertise, collaboration and potentially extremely valuable interoperability link across sectors
12. Should not be centralised – No huge databases with users credentials – Needs to be decentralised to scale
Hard From the European Interoperability Framework for Pan-European eGovernment Services (http://ec.europa.eu/idabc/servlets/Docb0db.pdf?id=31597)
INSPIRE Federation OWS Providers WMS WFS IdP WMS IdP Member State organisations, eg, NMCAs Coordinating WFS Centre WMS IdP WMS IdP WFS WFS WMS Key IdP IdP organisations, WFS eg. EEA, JRC WMS WFS
Some options for going forward: 1. One Federation and every every legally mandated organisation joins 2. Multiple federations: one in each country and one pan- European 3. One federation: one organisation in each country, the INSPIRE point of contact joins the single pan-European federation and acts as the gateway for all the other legally mandated organisations in the country that are standing up INSPIRE services 4. Multiple federations: one in each country and inter- federation interoperability ensures SSO
All material will be available from: http://igibs.blogs.edina.ac.uk/inspire2011/ Comments, questions, suggestions, etc, on blog very welcome Or email: chris.higgins@ed.ac.uk

Recomendados

Shibboleth
ShibbolethShibboleth
Shibbolethericwilliammarshall
 
Athens to Shibboleth at Totton College
Athens to Shibboleth at Totton CollegeAthens to Shibboleth at Totton College
Athens to Shibboleth at Totton CollegeJISC RSC Southeast
 
IWMW 2005: Inter-institutional Authorisation using Shibboleth Myths, Lies and...
IWMW 2005: Inter-institutional Authorisation using Shibboleth Myths, Lies and...IWMW 2005: Inter-institutional Authorisation using Shibboleth Myths, Lies and...
IWMW 2005: Inter-institutional Authorisation using Shibboleth Myths, Lies and...IWMW
 
Shibboleth - A technical perspective
Shibboleth - A technical perspectiveShibboleth - A technical perspective
Shibboleth - A technical perspectiveJISC RSC Southeast
 
All Things eduroam
All Things eduroamAll Things eduroam
All Things eduroamChris Phillips
 
Caenti Huelva2007 Scientific Posters
Caenti Huelva2007 Scientific PostersCaenti Huelva2007 Scientific Posters
Caenti Huelva2007 Scientific PostersTerritorial Intelligence
 
Cebit joanna kowalska_geoportal
Cebit joanna kowalska_geoportalCebit joanna kowalska_geoportal
Cebit joanna kowalska_geoportallocalglobal
 
Introduction to the COBWEB project
Introduction to the COBWEB projectIntroduction to the COBWEB project
Introduction to the COBWEB projectEDINA, University of Edinburgh
 

Recomendados

Shibboleth
ShibbolethShibboleth
Shibbolethericwilliammarshall
 
Athens to Shibboleth at Totton College
Athens to Shibboleth at Totton CollegeAthens to Shibboleth at Totton College
Athens to Shibboleth at Totton CollegeJISC RSC Southeast
 
IWMW 2005: Inter-institutional Authorisation using Shibboleth Myths, Lies and...
IWMW 2005: Inter-institutional Authorisation using Shibboleth Myths, Lies and...IWMW 2005: Inter-institutional Authorisation using Shibboleth Myths, Lies and...
IWMW 2005: Inter-institutional Authorisation using Shibboleth Myths, Lies and...IWMW
 
Shibboleth - A technical perspective
Shibboleth - A technical perspectiveShibboleth - A technical perspective
Shibboleth - A technical perspectiveJISC RSC Southeast
 
All Things eduroam
All Things eduroamAll Things eduroam
All Things eduroamChris Phillips
 
Caenti Huelva2007 Scientific Posters
Caenti Huelva2007 Scientific PostersCaenti Huelva2007 Scientific Posters
Caenti Huelva2007 Scientific PostersTerritorial Intelligence
 
Cebit joanna kowalska_geoportal
Cebit joanna kowalska_geoportalCebit joanna kowalska_geoportal
Cebit joanna kowalska_geoportallocalglobal
 
Introduction to the COBWEB project
Introduction to the COBWEB projectIntroduction to the COBWEB project
Introduction to the COBWEB projectEDINA, University of Edinburgh
 
Eurogeographics´Geospatial Contribution to the Digital Agenda for Europe
Eurogeographics´Geospatial Contribution to the Digital Agenda for EuropeEurogeographics´Geospatial Contribution to the Digital Agenda for Europe
Eurogeographics´Geospatial Contribution to the Digital Agenda for EuropeEsri
 
Proposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government DatasetsProposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government DatasetsAravind Sesagiri Raamkumar
 
Remetey janssenbampsfinalc
Remetey janssenbampsfinalcRemetey janssenbampsfinalc
Remetey janssenbampsfinalcRemetey-Fülöpp Gábor
 
GIS for National Mapping and Charting
GIS for National Mapping and ChartingGIS for National Mapping and Charting
GIS for National Mapping and ChartingEsri
 
Open data and Collaborative Governance (the UW lecture)
Open data and Collaborative Governance (the UW lecture)Open data and Collaborative Governance (the UW lecture)
Open data and Collaborative Governance (the UW lecture)Yannis Charalabidis
 
COBWEB Authentication Workshop
COBWEB Authentication WorkshopCOBWEB Authentication Workshop
COBWEB Authentication WorkshopEDINA, University of Edinburgh
 
10 unite-goncalves
10 unite-goncalves10 unite-goncalves
10 unite-goncalvesDigital Business Innovation Community
 
CV EU english 01022015
CV EU english 01022015CV EU english 01022015
CV EU english 01022015Massimiliano Lorenzini
 
2011-EuroGI
2011-EuroGI2011-EuroGI
2011-EuroGIgeorchestra
 
Parametric studies for the AEC domain using InteliGrid platform
Parametric studies for the AEC domain using InteliGrid platformParametric studies for the AEC domain using InteliGrid platform
Parametric studies for the AEC domain using InteliGrid platformMatevz Dolenc
 
European Transport Conference
European Transport ConferenceEuropean Transport Conference
European Transport ConferenceGuitts Isel
 
Presentation implementacion Project IGIS Serbia
Presentation implementacion Project IGIS SerbiaPresentation implementacion Project IGIS Serbia
Presentation implementacion Project IGIS SerbiaVladimir Milenkovic
 
National Grid Singapore (Jon Lau Khee Erng)
National Grid Singapore (Jon Lau Khee Erng)National Grid Singapore (Jon Lau Khee Erng)
National Grid Singapore (Jon Lau Khee Erng)James Chan
 
Open Data : Lessons from the field
Open Data : Lessons from the fieldOpen Data : Lessons from the field
Open Data : Lessons from the fieldYannis Charalabidis
 
Open Data Platforms: Characteristics and Challenges
Open Data Platforms: Characteristics and ChallengesOpen Data Platforms: Characteristics and Challenges
Open Data Platforms: Characteristics and ChallengesYannis Charalabidis
 
MCS GEOTECH (P) LTD gis solutions
MCS GEOTECH (P) LTD gis solutionsMCS GEOTECH (P) LTD gis solutions
MCS GEOTECH (P) LTD gis solutionsMCS GEOTECH (P) LTD
 
GIS platforms: the power of interoperability
GIS platforms: the power of interoperabilityGIS platforms: the power of interoperability
GIS platforms: the power of interoperabilityglobal
 
academic-industry networks in science; instrumental community; AFM
academic-industry networks in science; instrumental community; AFMacademic-industry networks in science; instrumental community; AFM
academic-industry networks in science; instrumental community; AFMChristine Luk
 
Gsi’s activities for geospatial information applications 08092012 (final)
Gsi’s activities for geospatial information applications 08092012 (final)Gsi’s activities for geospatial information applications 08092012 (final)
Gsi’s activities for geospatial information applications 08092012 (final)Taichi Furuhashi
 
European Location Framework
European Location FrameworkEuropean Location Framework
European Location FrameworkAntti Jakobsson
 
Classifying historical business directory data: issues of translation between...
Classifying historical business directory data: issues of translation between...Classifying historical business directory data: issues of translation between...
Classifying historical business directory data: issues of translation between...JISC GECO
 
Locating Londons Past - Jamie McLauglin
Locating Londons Past - Jamie McLauglinLocating Londons Past - Jamie McLauglin
Locating Londons Past - Jamie McLauglinJISC GECO
 

Mais conteúdo relacionado

Semelhante a Shibboleth and INSPIRE

Eurogeographics´Geospatial Contribution to the Digital Agenda for Europe
Eurogeographics´Geospatial Contribution to the Digital Agenda for EuropeEurogeographics´Geospatial Contribution to the Digital Agenda for Europe
Eurogeographics´Geospatial Contribution to the Digital Agenda for EuropeEsri
 
Proposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government DatasetsProposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government DatasetsAravind Sesagiri Raamkumar
 
GIS for National Mapping and Charting
GIS for National Mapping and ChartingGIS for National Mapping and Charting
GIS for National Mapping and ChartingEsri
 
Open data and Collaborative Governance (the UW lecture)
Open data and Collaborative Governance (the UW lecture)Open data and Collaborative Governance (the UW lecture)
Open data and Collaborative Governance (the UW lecture)Yannis Charalabidis
 
Parametric studies for the AEC domain using InteliGrid platform
Parametric studies for the AEC domain using InteliGrid platformParametric studies for the AEC domain using InteliGrid platform
Parametric studies for the AEC domain using InteliGrid platformMatevz Dolenc
 
European Transport Conference
European Transport ConferenceEuropean Transport Conference
European Transport ConferenceGuitts Isel
 
Presentation implementacion Project IGIS Serbia
Presentation implementacion Project IGIS SerbiaPresentation implementacion Project IGIS Serbia
Presentation implementacion Project IGIS SerbiaVladimir Milenkovic
 
National Grid Singapore (Jon Lau Khee Erng)
National Grid Singapore (Jon Lau Khee Erng)National Grid Singapore (Jon Lau Khee Erng)
National Grid Singapore (Jon Lau Khee Erng)James Chan
 
Open Data : Lessons from the field
Open Data : Lessons from the fieldOpen Data : Lessons from the field
Open Data : Lessons from the fieldYannis Charalabidis
 
Open Data Platforms: Characteristics and Challenges
Open Data Platforms: Characteristics and ChallengesOpen Data Platforms: Characteristics and Challenges
Open Data Platforms: Characteristics and ChallengesYannis Charalabidis
 
MCS GEOTECH (P) LTD gis solutions
MCS GEOTECH (P) LTD gis solutionsMCS GEOTECH (P) LTD gis solutions
MCS GEOTECH (P) LTD gis solutionsMCS GEOTECH (P) LTD
 
GIS platforms: the power of interoperability
GIS platforms: the power of interoperabilityGIS platforms: the power of interoperability
GIS platforms: the power of interoperabilityglobal
 
academic-industry networks in science; instrumental community; AFM
academic-industry networks in science; instrumental community; AFMacademic-industry networks in science; instrumental community; AFM
academic-industry networks in science; instrumental community; AFMChristine Luk
 
Gsi’s activities for geospatial information applications 08092012 (final)
Gsi’s activities for geospatial information applications 08092012 (final)Gsi’s activities for geospatial information applications 08092012 (final)
Gsi’s activities for geospatial information applications 08092012 (final)Taichi Furuhashi
 
European Location Framework
European Location FrameworkEuropean Location Framework
European Location FrameworkAntti Jakobsson
 

Semelhante a Shibboleth and INSPIRE (20)

Eurogeographics´Geospatial Contribution to the Digital Agenda for Europe
Eurogeographics´Geospatial Contribution to the Digital Agenda for EuropeEurogeographics´Geospatial Contribution to the Digital Agenda for Europe
Eurogeographics´Geospatial Contribution to the Digital Agenda for Europe
 
Proposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government DatasetsProposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government Datasets
 
Remetey janssenbampsfinalc
Remetey janssenbampsfinalcRemetey janssenbampsfinalc
Remetey janssenbampsfinalc
 
GIS for National Mapping and Charting
GIS for National Mapping and ChartingGIS for National Mapping and Charting
GIS for National Mapping and Charting
 
Open data and Collaborative Governance (the UW lecture)
Open data and Collaborative Governance (the UW lecture)Open data and Collaborative Governance (the UW lecture)
Open data and Collaborative Governance (the UW lecture)
 
COBWEB Authentication Workshop
COBWEB Authentication WorkshopCOBWEB Authentication Workshop
COBWEB Authentication Workshop
 
10 unite-goncalves
10 unite-goncalves10 unite-goncalves
10 unite-goncalves
 
CV EU english 01022015
CV EU english 01022015CV EU english 01022015
CV EU english 01022015
 
2011-EuroGI
2011-EuroGI2011-EuroGI
2011-EuroGI
 
Parametric studies for the AEC domain using InteliGrid platform
Parametric studies for the AEC domain using InteliGrid platformParametric studies for the AEC domain using InteliGrid platform
Parametric studies for the AEC domain using InteliGrid platform
 
European Transport Conference
European Transport ConferenceEuropean Transport Conference
European Transport Conference
 
Presentation implementacion Project IGIS Serbia
Presentation implementacion Project IGIS SerbiaPresentation implementacion Project IGIS Serbia
Presentation implementacion Project IGIS Serbia
 
National Grid Singapore (Jon Lau Khee Erng)
National Grid Singapore (Jon Lau Khee Erng)National Grid Singapore (Jon Lau Khee Erng)
National Grid Singapore (Jon Lau Khee Erng)
 
Open Data : Lessons from the field
Open Data : Lessons from the fieldOpen Data : Lessons from the field
Open Data : Lessons from the field
 
Open Data Platforms: Characteristics and Challenges
Open Data Platforms: Characteristics and ChallengesOpen Data Platforms: Characteristics and Challenges
Open Data Platforms: Characteristics and Challenges
 
MCS GEOTECH (P) LTD gis solutions
MCS GEOTECH (P) LTD gis solutionsMCS GEOTECH (P) LTD gis solutions
MCS GEOTECH (P) LTD gis solutions
 
GIS platforms: the power of interoperability
GIS platforms: the power of interoperabilityGIS platforms: the power of interoperability
GIS platforms: the power of interoperability
 
academic-industry networks in science; instrumental community; AFM
academic-industry networks in science; instrumental community; AFMacademic-industry networks in science; instrumental community; AFM
academic-industry networks in science; instrumental community; AFM
 
Gsi’s activities for geospatial information applications 08092012 (final)
Gsi’s activities for geospatial information applications 08092012 (final)Gsi’s activities for geospatial information applications 08092012 (final)
Gsi’s activities for geospatial information applications 08092012 (final)
 
European Location Framework
European Location FrameworkEuropean Location Framework
European Location Framework
 

Mais de JISC GECO

Classifying historical business directory data: issues of translation between...
Classifying historical business directory data: issues of translation between...Classifying historical business directory data: issues of translation between...
Classifying historical business directory data: issues of translation between...JISC GECO
 
Locating Londons Past - Jamie McLauglin
Locating Londons Past - Jamie McLauglinLocating Londons Past - Jamie McLauglin
Locating Londons Past - Jamie McLauglinJISC GECO
 
The past is a different county: they map things differently there: Mapping an...
The past is a different county: they map things differently there: Mapping an...The past is a different county: they map things differently there: Mapping an...
The past is a different county: they map things differently there: Mapping an...JISC GECO
 
AddressingHistory - Crowdsourcing the Past - Stuart Macdonald
AddressingHistory - Crowdsourcing the Past - Stuart MacdonaldAddressingHistory - Crowdsourcing the Past - Stuart Macdonald
AddressingHistory - Crowdsourcing the Past - Stuart MacdonaldJISC GECO
 
Localising Wartime Past: London's Blitz - Stepping into Time - Dr Catherine (...
Localising Wartime Past: London's Blitz - Stepping into Time - Dr Catherine (...Localising Wartime Past: London's Blitz - Stepping into Time - Dr Catherine (...
Localising Wartime Past: London's Blitz - Stepping into Time - Dr Catherine (...JISC GECO
 
Visualising Urban Geographies - Stuart Nichol
Visualising Urban Geographies - Stuart NicholVisualising Urban Geographies - Stuart Nichol
Visualising Urban Geographies - Stuart NicholJISC GECO
 
Digital Exposure of English Place-Names (DEEP) -Stuart Dunn
Digital Exposure of English Place-Names (DEEP) -Stuart DunnDigital Exposure of English Place-Names (DEEP) -Stuart Dunn
Digital Exposure of English Place-Names (DEEP) -Stuart DunnJISC GECO
 
Trading Consequences - Claire Grover
Trading Consequences - Claire GroverTrading Consequences - Claire Grover
Trading Consequences - Claire GroverJISC GECO
 
The NLS Historical Maps API - Chris Fleet
The NLS Historical Maps API - Chris FleetThe NLS Historical Maps API - Chris Fleet
The NLS Historical Maps API - Chris FleetJISC GECO
 
Putting Medical Officer of Health Reports on the map - Natalie Pollecutt, Wel...
Putting Medical Officer of Health Reports on the map - Natalie Pollecutt, Wel...Putting Medical Officer of Health Reports on the map - Natalie Pollecutt, Wel...
Putting Medical Officer of Health Reports on the map - Natalie Pollecutt, Wel...JISC GECO
 
Mapping the Republic of Letters - Nicole Coleman, Stanford University
Mapping the Republic of Letters - Nicole Coleman, Stanford UniversityMapping the Republic of Letters - Nicole Coleman, Stanford University
Mapping the Republic of Letters - Nicole Coleman, Stanford UniversityJISC GECO
 
Training Non-GIS Experts in the Use of Geospatial Tools & Technologies at Sta...
Training Non-GIS Experts in the Use of Geospatial Tools & Technologies at Sta...Training Non-GIS Experts in the Use of Geospatial Tools & Technologies at Sta...
Training Non-GIS Experts in the Use of Geospatial Tools & Technologies at Sta...JISC GECO
 
Geospatial Outreach and Support at Stanford University - Julie Sweetkind-Sing...
Geospatial Outreach and Support at Stanford University - Julie Sweetkind-Sing...Geospatial Outreach and Support at Stanford University - Julie Sweetkind-Sing...
Geospatial Outreach and Support at Stanford University - Julie Sweetkind-Sing...JISC GECO
 
The INSPIRE Directive - A Quick Overview
The INSPIRE Directive - A Quick OverviewThe INSPIRE Directive - A Quick Overview
The INSPIRE Directive - A Quick OverviewJISC GECO
 
A Decision Tree for INSPIRE Compliance
A Decision Tree for INSPIRE ComplianceA Decision Tree for INSPIRE Compliance
A Decision Tree for INSPIRE ComplianceJISC GECO
 
Presentation on INSPIRE and Higher Education (1 of 2)
Presentation on INSPIRE and Higher Education (1 of 2)Presentation on INSPIRE and Higher Education (1 of 2)
Presentation on INSPIRE and Higher Education (1 of 2)JISC GECO
 
Presentation on INSPIRE and Higher Education (2 of 2)
Presentation on INSPIRE and Higher Education (2 of 2)Presentation on INSPIRE and Higher Education (2 of 2)
Presentation on INSPIRE and Higher Education (2 of 2)JISC GECO
 
The EU INSPIRE Directive: An Infrastructure for Spatial Information in the Eu...
The EU INSPIRE Directive: An Infrastructure for Spatial Information in the Eu...The EU INSPIRE Directive: An Infrastructure for Spatial Information in the Eu...
The EU INSPIRE Directive: An Infrastructure for Spatial Information in the Eu...JISC GECO
 
Collaborative by Nature - Chris Higgins, IGIBS & EDINA
Collaborative by Nature - Chris Higgins, IGIBS & EDINACollaborative by Nature - Chris Higgins, IGIBS & EDINA
Collaborative by Nature - Chris Higgins, IGIBS & EDINAJISC GECO
 

Mais de JISC GECO (20)

Classifying historical business directory data: issues of translation between...
Classifying historical business directory data: issues of translation between...Classifying historical business directory data: issues of translation between...
Classifying historical business directory data: issues of translation between...
 
Locating Londons Past - Jamie McLauglin
Locating Londons Past - Jamie McLauglinLocating Londons Past - Jamie McLauglin
Locating Londons Past - Jamie McLauglin
 
The past is a different county: they map things differently there: Mapping an...
The past is a different county: they map things differently there: Mapping an...The past is a different county: they map things differently there: Mapping an...
The past is a different county: they map things differently there: Mapping an...
 
AddressingHistory - Crowdsourcing the Past - Stuart Macdonald
AddressingHistory - Crowdsourcing the Past - Stuart MacdonaldAddressingHistory - Crowdsourcing the Past - Stuart Macdonald
AddressingHistory - Crowdsourcing the Past - Stuart Macdonald
 
Localising Wartime Past: London's Blitz - Stepping into Time - Dr Catherine (...
Localising Wartime Past: London's Blitz - Stepping into Time - Dr Catherine (...Localising Wartime Past: London's Blitz - Stepping into Time - Dr Catherine (...
Localising Wartime Past: London's Blitz - Stepping into Time - Dr Catherine (...
 
Visualising Urban Geographies - Stuart Nichol
Visualising Urban Geographies - Stuart NicholVisualising Urban Geographies - Stuart Nichol
Visualising Urban Geographies - Stuart Nichol
 
Digital Exposure of English Place-Names (DEEP) -Stuart Dunn
Digital Exposure of English Place-Names (DEEP) -Stuart DunnDigital Exposure of English Place-Names (DEEP) -Stuart Dunn
Digital Exposure of English Place-Names (DEEP) -Stuart Dunn
 
Trading Consequences - Claire Grover
Trading Consequences - Claire GroverTrading Consequences - Claire Grover
Trading Consequences - Claire Grover
 
The NLS Historical Maps API - Chris Fleet
The NLS Historical Maps API - Chris FleetThe NLS Historical Maps API - Chris Fleet
The NLS Historical Maps API - Chris Fleet
 
Putting Medical Officer of Health Reports on the map - Natalie Pollecutt, Wel...
Putting Medical Officer of Health Reports on the map - Natalie Pollecutt, Wel...Putting Medical Officer of Health Reports on the map - Natalie Pollecutt, Wel...
Putting Medical Officer of Health Reports on the map - Natalie Pollecutt, Wel...
 
Mapping the Republic of Letters - Nicole Coleman, Stanford University
Mapping the Republic of Letters - Nicole Coleman, Stanford UniversityMapping the Republic of Letters - Nicole Coleman, Stanford University
Mapping the Republic of Letters - Nicole Coleman, Stanford University
 
Training Non-GIS Experts in the Use of Geospatial Tools & Technologies at Sta...
Training Non-GIS Experts in the Use of Geospatial Tools & Technologies at Sta...Training Non-GIS Experts in the Use of Geospatial Tools & Technologies at Sta...
Training Non-GIS Experts in the Use of Geospatial Tools & Technologies at Sta...
 
Geospatial Outreach and Support at Stanford University - Julie Sweetkind-Sing...
Geospatial Outreach and Support at Stanford University - Julie Sweetkind-Sing...Geospatial Outreach and Support at Stanford University - Julie Sweetkind-Sing...
Geospatial Outreach and Support at Stanford University - Julie Sweetkind-Sing...
 
The INSPIRE Directive - A Quick Overview
The INSPIRE Directive - A Quick OverviewThe INSPIRE Directive - A Quick Overview
The INSPIRE Directive - A Quick Overview
 
A Decision Tree for INSPIRE Compliance
A Decision Tree for INSPIRE ComplianceA Decision Tree for INSPIRE Compliance
A Decision Tree for INSPIRE Compliance
 
Presentation on INSPIRE and Higher Education (1 of 2)
Presentation on INSPIRE and Higher Education (1 of 2)Presentation on INSPIRE and Higher Education (1 of 2)
Presentation on INSPIRE and Higher Education (1 of 2)
 
Presentation on INSPIRE and Higher Education (2 of 2)
Presentation on INSPIRE and Higher Education (2 of 2)Presentation on INSPIRE and Higher Education (2 of 2)
Presentation on INSPIRE and Higher Education (2 of 2)
 
INSPIRE Flyer
INSPIRE FlyerINSPIRE Flyer
INSPIRE Flyer
 
The EU INSPIRE Directive: An Infrastructure for Spatial Information in the Eu...
The EU INSPIRE Directive: An Infrastructure for Spatial Information in the Eu...The EU INSPIRE Directive: An Infrastructure for Spatial Information in the Eu...
The EU INSPIRE Directive: An Infrastructure for Spatial Information in the Eu...
 
Collaborative by Nature - Chris Higgins, IGIBS & EDINA
Collaborative by Nature - Chris Higgins, IGIBS & EDINACollaborative by Nature - Chris Higgins, IGIBS & EDINA
Collaborative by Nature - Chris Higgins, IGIBS & EDINA
 

Último

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Último (20)

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Shibboleth and INSPIRE

  • 1. Shibboleth Access Management Federations as an Organisational Model for SDI C.I.Higgins, M.Koutroumpas, A.Seales, EDINA National Datacentre, Scotland A.Matheus, University of the Bundeswehr, Germany INSPIRE Conference 2011, Wednesday 29th June
  • 2. ESDIN Project • An eContentplus Best Practice Network project • Resourced EDINA’s to investigate ESDI and Access Control – Principally using OGC Interoperability Experiments • September 2008 to March 2011 • Coordinated by EuroGeographics • Key goal: help member states prepare their data for INSPIRE Annex 1 spatial data themes and improve access • Been taking forward as the European Location Framework
  • 3. ESDIN project info (www.esdin.eu) The Finnish Geodetic Lantmäteriet Institute Statens kartverk Helsinki University of National Land Survey of Kort & Matrikelstyrelsen Technology Finland IGN Belgium Kadaster EDINA, University Edinburgh Geodan Software Development & Universität Münster Technology 1Spatial Bundesamt für Interactive Instruments Kartographie und Geodäsie EuroGeographics Bundesamt für Eich- und Vermessungswesen IGN France Institute of Geodesy, Cartography and Remote Sensing National Agency for Cadastre and National Technical Real Estate Publicity University Romania of Athens
  • 4. EDINA • A National Data Centre for Tertiary Education since 1995 to enhance the productivity of research, learning and teaching in UK higher and further education (mission statement) • Focus is on services but also undertake r&D • Shibboleth used primarily in academic sector – https://www.aai.dfn.de/links/ – https://spaces.internet2.edu/display/SHIB/ShibbolethFederations • EDINA provides technical support in the operation of the UK Access Management Federation – Approx 8 million users – 837 Member Organisations (IdPs and SPs)
  • 5. So whats the problem? • Many of the most valuable SDI resources are protected • These resources frequently in different admin domains – Example: Article 19 of the INSPIRE Directive ” Member States may limit public access etc, etc”. • Many accepted standards for securing these protected geospatial resources but no consensus which to use – Consequence: lots of point solutions • Major interoperability barrier, eg, how can a X-Border application consume protected OWS while having to deal with multiple different access control mechanism? – Make everything open? or – Scale back ambitions? or – Access Management Federations (AMF’s)? or, ?
  • 6. What can Access Management Federations do for us? • Fundamental requirement: information on who is accessing your valuable resource = authentication • An AMF allows secure sharing of authentication information across administrative domains • The members of the federation form a circle of trust and agree to a set of policies and technologies • Provides Single Sign On • My X-Border appl can now access a protected resource in country A, be challenged for credentials at home institution. Now I can also access additional federation resources (if authorised) in country A, B, C, , without needing to re- authenticate
  • 7. One Solution - Shibboleth • Internet2 consortium • Open source package for web Single Sign On across admin boundaries based on standards: – Security Assertion Markup Language (SAML) • Organisations can exchange user information and make security assertions by obeying privacy policies • Devolved authentication – maintain and leverage existing user management • Enables finer grained authorisation through use of attributes
  • 8. Federation Service Providers SP SP SP IdP IdP Identity Providers Organisations SP SP Coordinating Centre IdP SP SP SP Authenticates here Users SP SP SP IdP SP IdP SP SP
  • 9. • Paper submitted to the International Journal SDI Research to accompany this presentation • Premise is that a concomitant security infrastructure is necessary to realise SDI objectives where protected resources are involved • Table 1 posits: “Twelve required attributes for a solution to securing SDI”
  • 10. 1. Based on open security interoperability standards – Security Assertion Markup Language (SAML) from OASIS
  • 11. 2. Works across administrative domains – Fundamental reason for Access Management Federations
  • 12. 3. Single Sign On – Basic Use Case for SAML – Principals authenticate at one web site, access the resource of interest, and are then able to access additional protected resources at other web sites without having to re-authenticate
  • 13. 4. Does not require any changes to the OGC interfaces being protected – OGC Interoperability Experiments have demonstrated use with range of familiar industry implementations, eg, geoserver, mapserver, Snowflake – No need for SOAP bindings
  • 14. 5. Requires minimal changes to the OGC Web Service clients – SAML 2 ECP must be implemented – Reference implementation available – 6 organisations through OGC Interoperability Experiment have made changes – Some products now commercially available – Browser relatively easy, desktop harder – Took weeks, not months
  • 15. 6. Proven production strength – Already in daily use by millions – Possibly already in your country
  • 16. 7. Satisfies data privacy requirements – What set of SAML assertions are required for pan-European SDI authorisation decisions?
  • 17. 8. Flexible in order to accommodate a wide variety of different use cases – Different SAML workflows • Portal flow • Service Provider flow – SAML already used by GI community • European Space Agency “User Management Interfaces for Earth Observation Services” • Where are the interoperability points?
  • 18. 9. Should be an open source “reference implementation” – Shibboleth
  • 19. 10. Not geospatial specific and in widespread mainstream IT use – Leverage broad participation in technology development – Stay flexible as much as possible – Maximise potential for interoperability
  • 20. 11. Should, in so far as is possible, be built on information systems already in place – Huge amount of prior investment in identity management – Organisations know best how to manage their users – Many Shibb Federations in place already in academic sector across Europe • A source of expertise, collaboration and potentially extremely valuable interoperability link across sectors
  • 21. 12. Should not be centralised – No huge databases with users credentials – Needs to be decentralised to scale
  • 22. Hard From the European Interoperability Framework for Pan-European eGovernment Services (http://ec.europa.eu/idabc/servlets/Docb0db.pdf?id=31597)
  • 23. INSPIRE Federation OWS Providers WMS WFS IdP WMS IdP Member State organisations, eg, NMCAs Coordinating WFS Centre WMS IdP WMS IdP WFS WFS WMS Key IdP IdP organisations, WFS eg. EEA, JRC WMS WFS
  • 24. Some options for going forward: 1. One Federation and every every legally mandated organisation joins 2. Multiple federations: one in each country and one pan- European 3. One federation: one organisation in each country, the INSPIRE point of contact joins the single pan-European federation and acts as the gateway for all the other legally mandated organisations in the country that are standing up INSPIRE services 4. Multiple federations: one in each country and inter- federation interoperability ensures SSO
  • 25. All material will be available from: http://igibs.blogs.edina.ac.uk/inspire2011/ Comments, questions, suggestions, etc, on blog very welcome Or email: chris.higgins@ed.ac.uk