SEcurE access to GEOspatial services OGC-OGF Collaboration workshop Open Grid Forum 21 (OGF21) October, 2007 Chris Higgins (EDINA, University of Edinburgh)

Slides:

Advertisements

Similar presentations

Tom Sugden EPCC OGSA-DAI Future Directions OGSA-DAI User's Forum GridWorld 2006, Washington DC 14 September 2006.

Advertisements

SEcurE access to GEOspatial services OGC-OGF Collaboration workshop Open Grid Forum 22 (OGF22) February, 2007 Chris Higgins (EDINA, University of Edinburgh)

Christopher Kunz | OGF28 | March 16th, 2010 GDI-Grid: The State of Affairs.

Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

Spatial Data e-Infrastructure UK e-Science ALL HANDS MEETING September, Edinburgh, UK Higgins, C., Koutroumpas, M., Sinnott, R.O., Watt, J.,

Semantically-Assisted Geospatial Workflow Design Gobe Hobona, David Fairbairn, Philip James ACM GIS – 8 th November Seattle.

Where next…. Stakeholder workshop, 29 Jan To the end of the project.

Geographic Interoperability Office ISO and OGC Geographic Information Service Architecture George Percivall NASA Geographic.

An Overview of OGSA-DAI Kostas Tourlas

Data Management: Metadata, Repositories and Curation Tony Mathys, Anne Robertson Eddie Boyle, Guy McGarva GeoForum, 4 th November, York.

Contrail and Federated Identity Management

Copyright Information Here Junaid Arshad 1, Wei Jie 2, Andy Turner 1 University of Leeds 1, University of Manchester 2, UK Securing.

Secure access to spatial data for academia – the UK experience Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public.

Geospatial Standards – Experiences for the UK Academic Community Workshop on Grid Middleware and Geospatial Standards for Earth System Science Data, National.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

SEE-GEO Meeting 20 th March 2008 NCeSS e-Infrastructure for the Social Sciences Project: Security and Geospatial Services Andy Turner

NextGRID & OGSA Data Architectures: Example Scenarios Stephen Davey, NeSC, UK ISSGC06 Summer School, Ischia, Italy 12 th July 2006.

Joint Information Systems Committee Supporting Higher and Further Education Development of an Information Environment for UK Learning and Teaching NOF-Digitise.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.

OGC Liaison Report WGISS-20 Allan Doyle, EOGEO

Page 1 LAITS Laboratory for Advanced Information Technology and Standards 9/6/04 Briefing on Open Geospatial Consortium (OGC)’s Web Services (OWS) Initiative.

LCG Milestones for Deployment, Fabric, & Grid Technology Ian Bird LCG Deployment Area Manager PEB 3-Dec-2002.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

Grid-enabling OGC Web Services Andrew Woolf, Arif Shaon STFC e-Science Centre Rutherford Appleton Lab.

AIXM Users’ Conference, March Implementing AIXM in Instrument Flight Procedures Automation Presenter: Iain Hammond MacDonald, Dettwiler &

ESP workshop, Sept 2003 the Earth System Grid data portal presented by Luca Cinquini (NCAR/SCD/VETS) Acknowledgments: ESG.

DELIVERING ENVIRONMENTAL WEB SERVICES (DEWS) Partners: UK Met Office (Lead Partner), British Atmospheric Data Centre (BADC), British Maritime Technology.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

© 2006 OpenGridForum February 26, 2008 OGC-OGF Collaboration Workshop Chris Higgins, EDINA/Edinburgh Craig A. Lee, The Aerospace Corporation Satoshi Sekiguchi,

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

OGC/Grid activities in UK Chris Higgins (EDINA), Phil James (Uni of Newcastle), Andrew Woolf (CCLRC)

Managing and communicating uncertainty in geospatial web service workflows Richard Jones, Dan Cornford, Lucy Bastin, Matthew Williams Computer Science,

Web: OGSA-DAI 3.0 Ally Hume, Amy Krause OGSA-DAI Workshop 17th October 2007.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.

DSTT Report - OGC Services May 8, 2002Page 1 Allan Doyle DSTT Report OGC Services DSTT Report OGC & GRID Services Allan Doyle NASA/II May 8, 2002.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

INFSO-RI Enabling Grids for E-sciencE OGSA DAI Data Access and Integration Marek Ciglan Institute of Informatics, Slovac Academy.

State Key Laboratory of Resources and Environmental Information System China Integration of Grid Service and Web Processing Service Gao Ang State Key Laboratory.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

The Global Land Cover Facility is sponsored by NASA and the University of Maryland.The GLCF is a founding member of the Federation of Earth Science Information.

Combining the strengths of UMIST and The Victoria University of Manchester “Use cases” Stephen Pickles e-Frameworks meets e-Science workshop Edinburgh,

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Open Geospatial Consortium Overview and why we are adopting the standards.

Glen Dobson, Lancaster University Service Grids Workshop NeSC Edinburgh 23/7/04 Endpoint Services Glen Dobson Lancaster University,

Standards driven AAA for Job Management within the OMII-UK distribution Steven Newhouse Director, OMII-UK

Development of Semantically Aware Workflow Engines for GEOspatial Web Service Orchestration Open Grid Forum 20 (OGF20) 7 th May, 2007 Gobe Hobona (University.

© Geodise Project, University of Southampton, Integrating Data Management into Engineering Applications Zhuoan Jiao, Jasmin.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

PROGRESS: GEW'2003 Using Resources of Multiple Grids with the Grid Service Provider Michał Kosiedowski.

OGC/OGF usage in UK e-Social Science OGF 21, Seattle, USA Paul Townend School of Computing, University of Leeds.

Semantics in Web Service Composition for Risk Management Michael Lutz European Commission – DG Joint Research Centre Ispra, Italy EcoTerm IV, Vienna,

SDI 4.0 Crowd-sourcing, Gov-sourcing Geographic Data via Open Geosynchronization Raj R. Singh Director, Interoperability Programs Open Geospatial Consortium.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.

Grid Services for Digital Archive Tao-Sheng Chen Academia Sinica Computing Centre

Geospatial interoperability Prof. Wenwen Li School of Geographical Sciences and Urban Planning 5644 Coor Hall

Frascati, 2-3 July 2008 Slide 1 User Management compliance testing for G-POD HMA-T Phase 2 KO Meeting 2-3 July 2008, Frascati Andrew Woolf, STFC Rutherford.

Ian Bird GDB Meeting CERN 9 September 2003

Flanders Marine Institute (VLIZ)

Distribution and components

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

XML Based Interoperability Components

JISC and SOA A view Robert Sherratt.

4/5 May 2009 The Palazzo dei Congressi di Stresa Stresa, Italy

Presentation transcript:

SEcurE access to GEOspatial services OGC-OGF Collaboration workshop Open Grid Forum 21 (OGF21) October, 2007 Chris Higgins (EDINA, University of Edinburgh)

JISC (Joint Information Systems Committee) Programme Funded by the UK HFE funding councils Supports teaching, learning, research and administration Provides strategic guidance to UK HFE on use of ICT Grid OGC Collision in context of wider UK e-infrastructure “…embraces networks, grids, data centres and collaborative environments, and can include supporting operations centres, service registries, single-sign on, certificate authorities, training and help-desk services. Most importantly, it is the integration of these that defines e-Infrastructure.” Grid OGC Collision Programme

Aiming to demonstrate how access to GI on Grid may be achieved: Shibboleth WS-Security GSI OGC Web Services Partners: EDINA, NeSC, NCeSS, MIMAS Main deliverables are a report and 3 demonstrators: National datacentre e-Social Science Orchestration (Newcastle) SEcurE access to GEOspatial services

Being implemented within the context of the OGC’s Geolinking Interoperability Experiment (Geolink IE) IEs are brief, low-overhead, formally structured and approved initiatives led and executed by OGC members to achieve specific technical objectives that further the OGC Technical Baseline. Aim: implement a number of prototype GeoLinking services based on the interface specification originally described in the Geolinked Data Access Service (GDAS) and GeoLinking Service (GLS) Discussion Papers. Purpose: confirm that OGC specifications completely support the ability to link attribute data to its geospatially representations when stored at separate locations on the Internet, and to improve the specifications if they do not support these requirements. e-Social Science Demonstrator

Refactored as Web Processing Service

Web Processing Service A generic mechanism to describe and web-enable any sort of geospatial process Possibly most grid like of the OGC specifications Synchronous or asynchronous No need for client software upgrades Each process specified in a separate document Data can be delivered across or available at the server

Web Processing Service – 3 operations 1.GetCapabilities – get service metadata, response includes brief metadata describing all the processes implemented 2.DescribeProcess – get detailed information about the process(es) that can be executed, including input parameters and formats, and the outputs. Can be used to automatically build user interfaces 3.Execute – allows a client to run a specified process, using the provided input parameter values. Outputs can be stored and made remotely accessible

GLS – an application profile of WPS 1.ListGeolinkAbilities – this process is used to obtain a list of the framework datasets to which the GLS can join geolinked data, and the output forms of the result. 2.Geolink – This process is used to join geolinked data to its spatial framework and produce the requested output. The Geo Linking Service specifies the following processes which are described and provided via the three WPS operations indicated above:

OGSA-DAI activities, a simple pipeline, eg, GDAS getData, GLS geoLink, WFS getFeature Additional GLS implementations simplified if activities already exist (multiple different ways to implement GLS) We can now do the following with relatively little extra work: Choose different framework datasets dynamically Merge GDAS XML directly into an RDBMS dataset Implement filters, eg, bbox, currently must use geolinkage field values (geolinkids) Transfer data using GridFTP Protect using GSI? Feature based data processing and OGSA-DAI as a toolkit for building additional WPS. OGSA-DAI WPS implementation

OGC Web Services (OWS) Testbeds Another mechanism within the Interoperabilty Program (IP) Purpose is to develop new specs & refine existing specs Managed by the OGC IP team Sponsors determine work programme; RFQ, kickoff, 5-6 months to completion Participation open to OGC members only

The OWS-4 GeoDRM activity Important as Spatial Data Infrastructure requires interoperable trading capability Focussed on engineering aspects Ended Dec 2006 Number of Interoperability Program Reports Number of use cases determined by the sponsors

OWS Client Authentication Service Gatekeeper (Enforcement) OWS Service License Manager (Administration) License Broker conditions Identity Provider Authorization Service (Decision) OWS Client GeoDRM Client OWS-4 GeoDRM Architecture End-User Consumer DeliverymanManager Broker Reference: GeoDRM Engineering Viewpoint Elfers, Wagner OGC meeting San Diego, GeoDRM WG

Gatekeeper is transparent; extension for OGC W*S –Adds GeoDRM functionality and information (e.g. capabilities) –Accepts identity and/or license tokens with the W*S payload Authentication Service –Provides identity tokens for in-band authentication –Authentication Service could be used as central service in a federation Authentication and retrieval of user information Single-Sign-On and Single-Log-Out Support different authentication methodologies (harmonization) Authorization Service is responsible for all authorization and validity checks –Integrity, authenticity and origin of messages, signatures, etc. –Authorization based on local rights (classical access control) as well as on-the-fly resolved rights from licenses

License Broker negotiates Licenses with the Client –Different types of Offerings; those define the further negotiation- workflows –On agreement: Broker stores License in License Manager, Client receives a Reference Token License Manager manages Licenses (surprise!) –License are fetched by the AuthZ-Service using the reference –Manager could be used as central service in a federation Storage in Federation Global “License Revoke” (similar to single-log-out)

With assistance from NeSC Glasgow, concentrating on the security aspects; particularly Shibboleth, but also PERMIS and VOMs? Integrate OGC Web Coverage Specification (WCS) into OGSA- DAI Get a demonstrator running on the UK National Grid Service Options include installing the SEE-GEO demonstrator, perhaps linking using Ordnance Survey MasterMap data. Where next for SEE-GEO?