1 / 17

Authentication Use Cases

Authentication Use Cases. ESDIN Work Package 4 Workshop IGN Belgium, Brussels, 19 th May 2010. What is authentication?. …a mandatory part of access control concerned with establishing that claims made concerning a subject who is attempting to use a particular resource are authentic, ie, true.

vianca
Download Presentation

Authentication Use Cases

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication Use Cases ESDIN Work Package 4 Workshop IGN Belgium, Brussels, 19th May 2010

  2. What is authentication? …a mandatory part of access control concerned with establishing that claims made concerning a subject who is attempting to use a particular resource are authentic, ie, true

  3. Two Use Cases: • Secure access by desktop client to medium and small scale ESDIN download service • Secure access by desktop client to large scale ESDIN download service

  4. Actors Key ESDIN Users of pan-European Geographical Data, eg, JRC, EEA, EuroStat. But could be any user where there is a requirement to know who is taking the data

  5. Description For a wide variety of different reasons, individuals at organizations such as the EEA, JRC or EC need to be able to access secure ESDIN download services on top of pan-European coverage ExM data at medium and small scales. The downloaded data will be accessed via a desktop client and will be either EBM, ERM, EGM or user defined

  6. Trigger Various, user has need for harmonized pan-European data

  7. Preconditions 1. Harmonised ExM data available at medium and small scales via a basic WFS serving up data with pan-European coverage 2. The users organisation and the ExM WFS service provider are part of the same access management federation 3. User has access to a desktop client capable of undergoing the Shibboleth/SAML interaction

  8. Postconditions 1. User has been authenticated and authorized 2. Data has been delivered to the users WFS client application

  9. Normal Flow 1. Users application issues a GetCapabilities request 2. User selects their Identity Provider from a list of IdPs 3. Authenticates 4. GetCapabilities request followed by however many DescribeFeatureType, GetFeature requests and responses as necessary to satisfy users requirements

  10. Alternative Flows 1. Single Sign On. User has already authenticated at another federation service provider and is not required to authenticate again

  11. Exceptions 1. User not authorised. Authorisation exception 2. Illegal request leading to a service exception 3. Security exception in case of attack

  12. Priority High, being able to securely exchange identity information to make authorisation decisions is a fundamental pre-requisite of a large number of SDI scenarios

  13. Frequency of use High

  14. Assumptions It is assumed that a trust federation comprising the ESDIN partners and cooperating organisations will have been established and is being maintained

  15. Notes and issues Cross-federation interoperability not assumed but likely to be desirable under several scenarios, eg, the EEA operates its own federation-like partnership, the European Environment Information and Observation Network (EEIONet).

  16. AuthN Interoperability Experiment • OGC mechanism looking at various alternatives • Implementing these use cases under WP11 • Two federations created: • ESDIN NMCAs • University members of the European Persistent Geospatial Testbed for Research and Education • Exploring cross-federation scenario where it is agreed universities get access to ExM data

  17. Chris Higgins chris.higgins@ed.ac.uk

More Related