Upload
magee-gentry
View
29
Download
0
Embed Size (px)
DESCRIPTION
Access Management Federation for Spatial Data and Services in Germany. 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann (BKG) March 20, 2012. Agenda. About GDI-DE and BKG Motivation Requirements Realisation Authorization Authentication Acess Management Federation - PowerPoint PPT Presentation
Citation preview
®
Hosted and Sponsored by
Access Management Federation for Access Management Federation for Spatial Data and Services in GermanySpatial Data and Services in Germany
80th OGC Technical Committee
Austin, Texas (USA)
Jan Grohmann (BKG)
March 20, 2012
OGC®
About GDI-DE and BKG
Motivation
Requirements
Realisation
Authorization
Authentication
Acess Management Federation
Use Cases
Outcome
AgendaAgenda
OGC®
BKG
Federal Agency for Cathography and Geodesy
Provide geodetic reference data and basic spatial data for the needs of the Federal Government
Coordination Office GDI-DE is situated in the BKG as a department of the division Geoinformation
About GDI-DE and BKGAbout GDI-DE and BKG
Coordination Office GDI-DECoordination Office GDI-DE
network consists of experts from Government, Private Sector and Universities
Decisions, Orders
Proposals,Reports
Steering Committee GDI-DESteering Committee GDI-DE
GDI-DE
OGC®
MotivationMotivation
…to establish a common infrastructure Government Government & Business & Public)
3 governmental levels in Germany: 13.000 municipalities, 16 federal states and the federal government
OGC®
Project „Betriebsmodell GDI-DE“ focused on the establishment,
development and operation of a spatial data infrastructure in Germany
Work package for using protected data and services
MotivationMotivation
OGC®
RequirementsRequirements
Technical / Operational Requirements
Authentication – Who are you?
Authorisation – What are you permitted to do?
consider existing infrastructures
security as an add-on
no central storage of user accounts
combine distributed data and services for use
Standards and Architectures for E-Government-Applications (SAGA 4.0)
OGC®
Requirements (2)Requirements (2)
Standards and Architectures for E-Government-Applications
eGovernment applications are using mostly a web browser as a frontend [Ch.
1.5, p. 13]
possible roles for access control defined in table 4-1 [Ch. 4.6.3, p.54]
core attributes for identities [Ch. 5.4.4, p.66]
Services are stateless [Ch. 6.6.2, p.70]
Composition of services [Ch. 6.6.2, p.71]
SAML 2.0 is recommended
…
OGC®
Requirements (3)Requirements (3)
Organisational Requirements
Who accepts users?
Who grants access rights for data and services?
Who coordinates access rights also between different domains?
Who supervises the working process?
...
=> Results provided by project „Betriebsmodell GDI-DE“
OGC®
AuthorizationAuthorization
Role based access control
Use of open standards
OASIS: eXtensible Access Control Markup Language 2.0
OGC Geospatial XACML (GeoXACML) 1.0
Access rights are
enforced by a service provider,
based on an user‘s attributes
OGC®
AuthenticationAuthentication
User accounts are provided by organisations, to which a user belongs
Deliver user attributes to service providers for the purpose of access
control
role, organisation
Login always on your home organisation
Use of open standards
OASIS: Security Assertion Markup Language 2.0
IETF: RFC 2818 (HTTPS), RFC 4346 (TLS 1.1), RFC 2617 (HTTP
Authentication), RFC 2965 (HTTP State Management Mechanism)
W3C: CORS, XML Digital Signatures, XML Encryption
OGC®
Solution Solution “Access Management Federation” “Access Management Federation”
[Source: http://www.switch.ch]
OGC®
AMF in the project BetriebsmodellAMF in the project Betriebsmodell
OGC®
Data and Services of the FederationData and Services of the Federation
Three different providers for data and services
OGC®
Use Case „Extending Infrastructure“Use Case „Extending Infrastructure“
Three Engineering Offices
Munich, Nuremberg, Bavaria
Users have roles
finished , current and planned construction works
Engineering Offices have got fields of activity
50 km around Munich / Nuremberg
within Bavaria
OGC®
Use Case „Qualification of German Use Case „Qualification of German Ensembles“Ensembles“
Match the geographic extend of an identified site to its actual ground
shape
Users of the Bavarian State Office for the Preservation of Historical
Monuments
Qualify ensembles via WFS-T
Users of Bavarian SDI
Reading access
Engineering Offices
No access
OGC®
Use Case „Information next to your home“Use Case „Information next to your home“
Citizen can view their required building documentation via electronic
Identity Card
Thomas Mustermann: for Munich
Helga Mustermann: for Nuremberg
3D LoD1/LoD2 city models in Google Earth
2D maps with Google Maps and OGC WMS
a required building documentation with OpenLayers, OGC WFS and
WMS
OGC®
OutcomeOutcome
An AMF for spatial data and services can be established like existing
AMFs of the academic sector, e.g. DFN-AAI (https://www.aai.dfn.de/)
Test federation GDI-DE: https://sp.gdi-de.org
Clarify the duties and responsibilities
Operations and Maintenance
Support
OGC White Paper #12-026
Authors: Andreas Matheus (Secure Dimensions), Christian Kiehle,
Jan Grohmann (BKG)
on Pending Documents – uploaded before 3 week rule for this meeting
OGC®
Question & AnswersQuestion & Answers
Jan GrohmannCoordination Office GDI-DE Federal Agency for Cartography and GeodesyRichard-Strauß-Allee 1160598 Frankfurt am MainGermany
Tel.: +49 (0) 69 6333 298Fax: +49 (0) 69 6333 446
E-Mail: [email protected]: http://www.gdi-de.org http://www.geoportal.de
OGC®
Use Case „Extending infrastructure“Use Case „Extending infrastructure“
OGC®
Use Case „Information next to your home“Use Case „Information next to your home“
OGC®
Use Case „Qualification of German Use Case „Qualification of German Ensembles“Ensembles“
OGC®
Use Case „Qualification of German Use Case „Qualification of German Ensembles“Ensembles“