220 likes | 329 Views
Access Management Federation for Spatial Data and Services in Germany. 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann (BKG) March 20, 2012. Agenda. About GDI-DE and BKG Motivation Requirements Realisation Authorization Authentication Acess Management Federation
E N D
Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann (BKG) March 20, 2012
Agenda • About GDI-DE and BKG • Motivation • Requirements • Realisation • Authorization • Authentication • Acess Management Federation • Use Cases • Outcome
SteeringCommittee GDI-DE About GDI-DE and BKG GDI-DE BKG Federal Agency for Cathography and Geodesy Provide geodetic reference data and basic spatial data for the needs of the Federal Government Coordination Office GDI-DE is situated in the BKG as a department of the division Geoinformation Decisions, Orders Proposals,Reports Coordination Office GDI-DE networkconsistsofexpertsfrom Government, Private SectorandUniversities
Motivation 3 governmentallevels in Germany: 13.000 municipalities, 16 federalstatesandthefederalgovernment …toestablish a commoninfrastructure Government Government & Business & Public)
Motivation Project „Betriebsmodell GDI-DE“ focused on the establishment, development and operation of a spatial data infrastructure in Germany Work package for using protected data and services
Requirements • Technical / Operational Requirements • Authentication – Who areyou? • Authorisation – Whatareyoupermittedto do? • considerexistinginfrastructures • securityas an add-on • nocentralstorageofuseraccounts • combinedistributeddataandservicesforuse • Standards andArchitecturesfor E-Government-Applications (SAGA 4.0)
Requirements (2) • Standards andArchitecturesfor E-Government-Applications • eGovernmentapplicationsareusingmostly a web browseras a frontend [Ch. 1.5, p. 13] • possiblerolesforaccesscontroldefined in table 4-1 [Ch. 4.6.3, p.54] • coreattributesforidentities [Ch. 5.4.4, p.66] • Services arestateless[Ch. 6.6.2, p.70] • Compositionofservices [Ch. 6.6.2, p.71] • SAML 2.0 isrecommended • …
Requirements (3) • Organisational Requirements • Who accepts users? • Who grants access rights for data and services? • Who coordinates access rights also between different domains? • Who supervises the working process? • ... => Results provided by project „Betriebsmodell GDI-DE“
Authorization • Role based access control • Use of open standards • OASIS: eXtensible Access Control Markup Language 2.0 • OGC Geospatial XACML (GeoXACML) 1.0 • Access rights are • enforced by a service provider, • based on an user‘s attributes
Authentication • User accounts are provided by organisations, to which a user belongs • Deliver user attributes to service providers for the purpose of access control • role, organisation • Login always on your home organisation • Use of open standards • OASIS: Security Assertion Markup Language 2.0 • IETF: RFC 2818 (HTTPS), RFC 4346 (TLS 1.1), RFC 2617 (HTTP Authentication), RFC 2965 (HTTP State Management Mechanism) • W3C: CORS, XML Digital Signatures, XML Encryption
Solution “Access Management Federation” [Source: http://www.switch.ch]
Data and Services oftheFederation Three different providers for data and services
Use Case „Extending Infrastructure“ • Three Engineering Offices • Munich, Nuremberg, Bavaria • Users have roles • finished , current and planned construction works • Engineering Offices have got fields of activity • 50 km around Munich / Nuremberg • within Bavaria
Use Case „Qualificationof German Ensembles“ • Match the geographic extend of an identified site to its actual ground shape • Users of the Bavarian State Office for the Preservation of Historical Monuments • Qualify ensembles via WFS-T • Users of Bavarian SDI • Reading access • Engineering Offices • No access
Use Case „Information nexttoyourhome“ • Citizen can view their required building documentation via electronic Identity Card • Thomas Mustermann: for Munich • Helga Mustermann: for Nuremberg • 3D LoD1/LoD2 city models in Google Earth • 2D maps with Google Maps and OGC WMS • a required building documentation with OpenLayers, OGC WFS and WMS
Outcome • An AMF for spatial data and services can be established like existing AMFs of the academic sector, e.g. DFN-AAI (https://www.aai.dfn.de/) • Test federation GDI-DE: https://sp.gdi-de.org • Clarify the duties and responsibilities • Operations and Maintenance • Support • OGC White Paper #12-026 • Authors: Andreas Matheus (Secure Dimensions), Christian Kiehle, Jan Grohmann (BKG) • on Pending Documents – uploaded before 3 week rule for this meeting
Question & Answers Jan Grohmann Coordination Office GDI-DE Federal Agency forCartographyandGeodesy Richard-Strauß-Allee 11 60598 Frankfurt am Main Germany Tel.: +49 (0) 69 6333 298 Fax: +49 (0) 69 6333 446 E-Mail: jan.grohmann@bkg.bund.de Internet: http://www.gdi-de.org http://www.geoportal.de