Previous work onAccess Management Federations
Andreas Matheus
Secure Dimensions
Previous work by this team
• SEE-GEO
• The eContentPlusESDIN work
• OGC Web Services Shibboleth Interoperability Experiment
• German Spatial Data Infrastructure (Concept)
Secure Dimensions Previous work on Access Management Federations 2
2007 ... 2012 ... 2016
SEE-GEO
• SEcurE access to GEOspatial services
• UK JISC funded process in 2007
• Cross border map (Germany / The Netherlands)
• Secure WFS with styled layer descriptor
– Depending on style and origin of rescue centre maps is loaded or access is denied
Secure Dimensions 3Previous work on Access Management Federations
eContentPlus ESDIN
• eContentPlus project (http://www.esdin.eu/)
• Participants from all over Europe
• Establish a pan-European access management federation with
NMCAsservices:
– OGC WMS
– OGC WFS
– ...
Secure Dimensions Previous work on Access Management Federations 4
Shibboleth IE
• OGC Interoperability Experiment
– 2011
– OGC® Engineering Report for the OWS Shibboleth Interoperability Experiment
– https://portal.opengeospatial.org/files/?artifact_id=47852
• Objectives
– Use of the access management federation with OGC Web Services using SAML 2 authentication
– Implement SAML 2 Enhanced Client & Proxy Profile in Desktop GIS product
Secure Dimensions Previous work on Access Management Federations 5
Shibboleth IE
• OGC Interoperability Experiment 2011
• Participants
– Cadcorp, Envitia, con terra, snowflake, JRC
• Objective
– Connect to protected OGC Web Services provided by esdin and German SDI prototype federation
– Implement SAML 2 Enhanced Client Proxy Profile
• Result
– Desktop GIS: Cadcorp, Envitia, snowflake
– Browser based Client: JRC
– Client Proxy: con terraSecure Dimensions Previous work on Access Management Federations 6
INSPIRE 2011 Workshop
• INSPIRE annual conference 2011 Edinburgh
• Objective was to introduce the use of Access Management Federation with SAML2 to protect OGC Web Services
– Access Management Federation prototype
• The result confirmedthat the introduced concept is INSPIRE conformant
Secure Dimensions Previous work on Access Management Federations 7
Prototype Federation German SDI
• https://sp.gdi-de.org
Secure Dimensions Previous work on Access Management Federations 8
Prototype Federation German SDI
Secure Dimensions 9Previous work on Access Management Federations
SPGDI.DE
(gdi-de.org)
applicationloaded from
DSGDI.DE
(gdi-de.org)
SP
GDI.BY(gdi-by.org)
SP
IHK Bavaria(win.bihk.de)
Secure Dimensions(secure-dimensions.net)
IdP
login with
WMS GetFeatureInfo
WMS GetMap
Conclusion from previous work
• Access Management Federation based on SAML is a productive solution for sharing protected resources in various countries around the world
– https://www.aai.dfn.de/links/ [German Federation]
• Strength
– Single-Sign-On support
– High level of assurance about real user identity
– Exchange of SAML user credentials support privacy and anonymity of the user
– Managed list of trusted entities = federation
Secure Dimensions Previous work on Access Management Federations 10
Conclusion from previous work
• Protected services can be consumed via
– Web Browser (e.g. OpenLayers) applications
– Desktop GIS applications
• Web Browser with full support*1
– IE 10, Google Chrome, Firefox, Safari
• Desktop GIS must implement SAML2 ECP
– Cadcorp, Envitia got tested successfully during Shibboleth IE
– QGIS (open source GIS) SAML2 extension provided by Secure Dimensions
Secure Dimensions Previous work on Access Management Federations 11
*1: This is the list of tested web browsers
Thank You
It is important,to do security right...
Secure Dimensions GmbH
Holistic Geosecurity
Dr. Andreas Matheus
Waxensteinstr. 28 D-81377 München, Germany
Phone +49 (0)89 38151813-0Mobile +49 (0)160 1066366Telefax +49 (0)89 38151813-9Email [email protected] www.secure-dimensions.com
Secure Dimensions Slide 12Previous work on Access Management Federations
Top Related