1 / 15

SE cur E access to GEO spatial services

SE cur E access to GEO spatial services. OGC-OGF Collaboration workshop Open Grid Forum 21 (OGF21) October, 2007 Chris Higgins (EDINA, University of Edinburgh). Grid OGC Collision Programme. JISC (Joint Information Systems Committee) Programme Funded by the UK HFE funding councils

Download Presentation

SE cur E access to GEO spatial services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SEcurE access to GEOspatial services OGC-OGF Collaboration workshop Open Grid Forum 21 (OGF21) October, 2007 Chris Higgins (EDINA, University of Edinburgh)

  2. Grid OGC Collision Programme • JISC (Joint Information Systems Committee) Programme • Funded by the UK HFE funding councils • Supports teaching, learning, research and administration • Provides strategic guidance to UK HFE on use of ICT • Grid OGC Collision in context of wider UK e-infrastructure • “…embraces networks, grids, data centres and collaborative environments, and can include supporting operations centres, service registries, single-sign on, certificate authorities, training and help-desk services.  Most importantly, it is the integration of these that defines e-Infrastructure.”

  3. SEcurE access to GEOspatial services • Aiming to demonstrate how access to GI on Grid may be achieved: • Shibboleth • WS-Security • GSI • OGC Web Services • Partners: EDINA, NeSC, NCeSS, MIMAS • Main deliverables are a report and 3 demonstrators: • National datacentre • e-Social Science • Orchestration (Newcastle)

  4. e-Social Science Demonstrator • Being implemented within the context of the OGC’s Geolinking Interoperability Experiment (Geolink IE) • IEs are brief, low-overhead, formally structured and approved initiatives led and executed by OGC members to achieve specific technical objectives that further the OGC Technical Baseline. • Aim: implement a number of prototype GeoLinking services based on the interface specification originally described in the Geolinked Data Access Service (GDAS) and GeoLinking Service (GLS) Discussion Papers. • Purpose: confirm that OGC specifications completely support the ability to link attribute data to its geospatially representations when stored at separate locations on the Internet, and to improve the specifications if they do not support these requirements.

  5. e-Social Science Demonstrator Refactored as Web Processing Service

  6. Web Processing Service • A generic mechanism to describe and web-enable any sort of geospatial process • Possibly most grid like of the OGC specifications • Synchronous or asynchronous • No need for client software upgrades • Each process specified in a separate document • Data can be delivered across or available at the server

  7. Web Processing Service – 3 operations • GetCapabilities – get service metadata, response includes brief metadata describing all the processes implemented • DescribeProcess – get detailed information about the process(es) that can be executed, including input parameters and formats, and the outputs. Can be used to automatically build user interfaces • Execute – allows a client to run a specified process, using the provided input parameter values. Outputs can be stored and made remotely accessible

  8. GLS – an application profile of WPS The Geo Linking Service specifies the following processes which are described and provided via the three WPS operations indicated above: • ListGeolinkAbilities – this process is used to obtain a list of the framework datasets to which the GLS can join geolinked data, and the output forms of the result. • Geolink – This process is used to join geolinked data to its spatial framework and produce the requested output.

  9. OGSA-DAI WPS implementation • OGSA-DAI activities, a simple pipeline, eg, GDAS getData, GLS geoLink, WFS getFeature • Additional GLS implementations simplified if activities already exist (multiple different ways to implement GLS) • We can now do the following with relatively little extra work: • Choose different framework datasets dynamically • Merge GDAS XML directly into an RDBMS dataset • Implement filters, eg, bbox, currently must use geolinkage field values (geolinkids) • Transfer data using GridFTP • Protect using GSI? • Feature based data processing and OGSA-DAI as a toolkit for building additional WPS.

  10. OGC Web Services (OWS) Testbeds • Another mechanism within the Interoperabilty Program (IP) • Purpose is to develop new specs & refine existing specs • Managed by the OGC IP team • Sponsors determine work programme; RFQ, kickoff, 5-6 months to completion • Participation open to OGC members only

  11. The OWS-4 GeoDRM activity • Important as Spatial Data Infrastructure requires interoperable trading capability • Focussed on engineering aspects • Ended Dec 2006 • Number of Interoperability Program Reports • Number of use cases determined by the sponsors

  12. Consumer Broker Manager Deliveryman End-User OWS-4 GeoDRM Architecture Reference: GeoDRM Engineering Viewpoint Elfers, Wagner OGC meeting San Diego, GeoDRM WG 2006-12-13 Identity Provider Authentication Service conditions OWS Client Gatekeeper (Enforcement) OWS Service OWS Client GeoDRM Client Authorization Service (Decision) License Broker License Manager (Administration)

  13. Gatekeeper is transparent; extension for OGC W*S • Adds GeoDRM functionality and information (e.g. capabilities) • Accepts identity and/or license tokens with the W*S payload • Authentication Service • Provides identity tokens for in-band authentication • Authentication Service could be used as central service in a federation • Authentication and retrieval of user information • Single-Sign-On and Single-Log-Out • Support different authentication methodologies (harmonization) • Authorization Service is responsible for all authorization and validity checks • Integrity, authenticity and origin of messages, signatures, etc. • Authorization based on local rights (classical access control) as well as on-the-fly resolved rights from licenses

  14. License Broker negotiates Licenses with the Client • Different types of Offerings; those define the further negotiation-workflows • On agreement: Broker stores License in License Manager, Client receives a Reference Token • License Manager manages Licenses (surprise!) • License are fetched by the AuthZ-Service using the reference • Manager could be used as central service in a federation • Storage in Federation • Global “License Revoke” (similar to single-log-out)

  15. Where next for SEE-GEO? • With assistance from NeSC Glasgow, concentrating on the security aspects; particularly Shibboleth, but also PERMIS and VOMs? • Integrate OGC Web Coverage Specification (WCS) into OGSA-DAI • Get a demonstrator running on the UK National Grid Service • Options include installing the SEE-GEO demonstrator, perhaps linking using Ordnance Survey MasterMap data.

More Related