1 / 22

Access Management Federation for Spatial Data and Services in Germany

Access Management Federation for Spatial Data and Services in Germany. 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann (BKG) March 20, 2012. Agenda. About GDI-DE and BKG Motivation Requirements Realisation Authorization Authentication Acess Management Federation

warren
Download Presentation

Access Management Federation for Spatial Data and Services in Germany

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann (BKG) March 20, 2012

  2. Agenda • About GDI-DE and BKG • Motivation • Requirements • Realisation • Authorization • Authentication • Acess Management Federation • Use Cases • Outcome

  3. SteeringCommittee GDI-DE About GDI-DE and BKG GDI-DE BKG Federal Agency for Cathography and Geodesy Provide geodetic reference data and basic spatial data for the needs of the Federal Government Coordination Office GDI-DE is situated in the BKG as a department of the division Geoinformation Decisions, Orders Proposals,Reports Coordination Office GDI-DE networkconsistsofexpertsfrom Government, Private SectorandUniversities

  4. Motivation 3 governmentallevels in Germany: 13.000 municipalities, 16 federalstatesandthefederalgovernment  …toestablish a commoninfrastructure  Government  Government & Business & Public)

  5. Motivation Project „Betriebsmodell GDI-DE“ focused on the establishment, development and operation of a spatial data infrastructure in Germany Work package for using protected data and services

  6. Requirements • Technical / Operational Requirements • Authentication – Who areyou? • Authorisation – Whatareyoupermittedto do? • considerexistinginfrastructures • securityas an add-on • nocentralstorageofuseraccounts • combinedistributeddataandservicesforuse • Standards andArchitecturesfor E-Government-Applications (SAGA 4.0)

  7. Requirements (2) • Standards andArchitecturesfor E-Government-Applications • eGovernmentapplicationsareusingmostly a web browseras a frontend [Ch. 1.5, p. 13] • possiblerolesforaccesscontroldefined in table 4-1 [Ch. 4.6.3, p.54] • coreattributesforidentities [Ch. 5.4.4, p.66] • Services arestateless[Ch. 6.6.2, p.70] • Compositionofservices [Ch. 6.6.2, p.71] • SAML 2.0 isrecommended • …

  8. Requirements (3) • Organisational Requirements • Who accepts users? • Who grants access rights for data and services? • Who coordinates access rights also between different domains? • Who supervises the working process? • ... => Results provided by project „Betriebsmodell GDI-DE“

  9. Authorization • Role based access control • Use of open standards • OASIS: eXtensible Access Control Markup Language 2.0 • OGC Geospatial XACML (GeoXACML) 1.0 • Access rights are • enforced by a service provider, • based on an user‘s attributes

  10. Authentication • User accounts are provided by organisations, to which a user belongs • Deliver user attributes to service providers for the purpose of access control • role, organisation • Login always on your home organisation • Use of open standards • OASIS: Security Assertion Markup Language 2.0 • IETF: RFC 2818 (HTTPS), RFC 4346 (TLS 1.1), RFC 2617 (HTTP Authentication), RFC 2965 (HTTP State Management Mechanism) • W3C: CORS, XML Digital Signatures, XML Encryption

  11. Solution “Access Management Federation” [Source: http://www.switch.ch]

  12. AMF in theproject Betriebsmodell

  13. Data and Services oftheFederation Three different providers for data and services

  14. Use Case „Extending Infrastructure“ • Three Engineering Offices • Munich, Nuremberg, Bavaria • Users have roles • finished , current and planned construction works • Engineering Offices have got fields of activity • 50 km around Munich / Nuremberg • within Bavaria

  15. Use Case „Qualificationof German Ensembles“ • Match the geographic extend of an identified site to its actual ground shape • Users of the Bavarian State Office for the Preservation of Historical Monuments • Qualify ensembles via WFS-T • Users of Bavarian SDI • Reading access • Engineering Offices • No access

  16. Use Case „Information nexttoyourhome“ • Citizen can view their required building documentation via electronic Identity Card • Thomas Mustermann: for Munich • Helga Mustermann: for Nuremberg • 3D LoD1/LoD2 city models in Google Earth • 2D maps with Google Maps and OGC WMS • a required building documentation with OpenLayers, OGC WFS and WMS

  17. Outcome • An AMF for spatial data and services can be established like existing AMFs of the academic sector, e.g. DFN-AAI (https://www.aai.dfn.de/) • Test federation GDI-DE: https://sp.gdi-de.org • Clarify the duties and responsibilities • Operations and Maintenance • Support • OGC White Paper #12-026 • Authors: Andreas Matheus (Secure Dimensions), Christian Kiehle, Jan Grohmann (BKG) • on Pending Documents – uploaded before 3 week rule for this meeting

  18. Question & Answers Jan Grohmann Coordination Office GDI-DE Federal Agency forCartographyandGeodesy Richard-Strauß-Allee 11 60598 Frankfurt am Main Germany Tel.: +49 (0) 69 6333 298 Fax: +49 (0) 69 6333 446 E-Mail: jan.grohmann@bkg.bund.de Internet: http://www.gdi-de.org http://www.geoportal.de

  19. Use Case „Extendinginfrastructure“

  20. Use Case „Information nexttoyourhome“

  21. Use Case „Qualificationof German Ensembles“

  22. Use Case „Qualificationof German Ensembles“

More Related