Presentation given by Bart De Lathouwer (Interoperability Program, OGC and COBWEB Project) on Thursday 10th October, at the ENVIP'2013 Workshop, part of ISESS (International Symposium on Environmental Software Systems) 2013 in Neusiedl am See, Austria.
Find out more about the COBWEB Project at:
http://cobwebproject.eu/dissemination/
Citizen Observatory Framework with Access Management Federation in GEOSS - Bart De Lathouwer
1. Citizen Observatory Framework with
Access Management Federation
In GEOSS
10th October, 2013,
Neusiedl am See
ENVIP’2013
Bart De Lathouwer
Interoperability Program
OGC
bdelathouwer@opengeospatial.org
2. The bare bones…
• Project started 1st Nov, 2012 and will run for 4 yrs
• Funded under the European Commission’s
Framework Programme 7 (Grant No: 308513)
• Crowd sourced environmental data to aid decision
making
• Introduce quality measures and reduce uncertainty
• Fusion of crowdsourced data with reference data…
• Spatial Data Infrastructure - like initiatives
– National SDI’s in UK, Greece and Germany
– INSPIRE
– GEOSS
4. Essential context – WNBR
• UNESCO Man and Biosphere Programs (MAB)
World Network of Biosphere Reserves
– Sites of excellence to foster harmonious integration
of people and nature for sustainable development
through participation, knowledge sharing, poverty
reduction and human well-being improvements,
cultural values and society's ability to cope with
change, thus contributing to the Millennium
Development Goals
• 610 reserves in 117 countries
5. COBWEB Biosphere Reserves
1. UK (Wales): Biosffer Dyfi
2. Germany: Wadden See and Hallig Islands
3. Greece:
–
–
Mount Olympus
Gorge of Samaria
Left open possibility of expansion to further BRs
later in project
6. Why the need for Authentication?
• Not all observers are created equal
– Occasional observer
– Scientific observer
– Influence on the quality indicator of the
observation
• Not all observations should have
unrestricted access
– Endangered species
7. Authentication and Single Sign-On
• Recommendations
– Federated solution (lightest impact on GCI)
• OpenID and SAML-2 to be used
– Data provider support for a set of “trusted”
OpenID identity servers to be used with SAML-2
user management systems
• USA Gov. has such a list (Google &VeriSign)
• INSPIRE doesn’t have such a list
– Authentication is the current primary goal
• Access control is a future interest
– User interaction is the current primary goal
• Programmatic authentication is a future interest
7
8. Authentication and Single Sign-On
• The AIP-6 access management federation
includes:
–
–
–
–
SAML-2
SAML-2
SAML-2
SAML-2
Service Provider (SP)
Identity Provider (IdP)
Discovery Service (DS)
/ OpenID Trust Gateway
9. AIP-6 Access Management Federation 20 Sept 2013
Service Provider (SP) Discovery Service (DS) Identity Provider (IdP)
ESA
Trust Gateway (TG)
to OpenID
CUAHSI*
NASA Ames
Secure Dimensions
“GEOSS user”
Single-Sign-On
Googl
e
Open
Id
INPE
University of Edinburgh
Kst. GDI.DE
*: Consortium of Universities for the Advancement of Hydrologic Science