Presentation is loading. Please wait.

Presentation is loading. Please wait.

® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.

Published byKenneth Ward Modified over 9 years ago

Similar presentations

Presentation on theme: "® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann."— Presentation transcript:

1 ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann (BKG) March 20, 2012

2 OGC ®  About GDI-DE and BKG  Motivation  Requirements  Realisation  Authorization  Authentication  Acess Management Federation  Use Cases  Outcome Agenda

3 OGC ® BKG Federal Agency for Cathography and Geodesy Provide geodetic reference data and basic spatial data for the needs of the Federal Government Coordination Office GDI-DE is situated in the BKG as a department of the division Geoinformation About GDI-DE and BKG Coordination Office GDI-DE network consists of experts from Government, Private Sector and Universities Decisions, Orders Proposals, Reports Steering Committee GDI-DE GDI-DE

4 OGC ® Motivation  …to establish a common infrastructure  Government  Government & Business & Public) 3 governmental levels in Germany: 13.000 municipalities, 16 federal states and the federal government

5 OGC ®  Project „Betriebsmodell GDI-DE“ focused on the establishment, development and operation of a spatial data infrastructure in Germany  Work package for using protected data and services Motivation

6 OGC ® Requirements  Technical / Operational Requirements  Authentication – Who are you?  Authorisation – What are you permitted to do?  consider existing infrastructures  security as an add-on  no central storage of user accounts  combine distributed data and services for use  Standards and Architectures for E-Government-Applications (SAGA 4.0)

7 OGC ® Requirements (2)  Standards and Architectures for E-Government-Applications  eGovernment applications are using mostly a web browser as a frontend [Ch. 1.5, p. 13]  possible roles for access control defined in table 4-1 [Ch. 4.6.3, p.54]  core attributes for identities [Ch. 5.4.4, p.66]  Services are stateless [Ch. 6.6.2, p.70]  Composition of services [Ch. 6.6.2, p.71]  SAML 2.0 is recommended  …

8 OGC ® Requirements (3)  Organisational Requirements  Who accepts users?  Who grants access rights for data and services?  Who coordinates access rights also between different domains?  Who supervises the working process? ... => Results provided by project „Betriebsmodell GDI-DE“

9 OGC ® Authorization  Role based access control  Use of open standards  OASIS: eXtensible Access Control Markup Language 2.0  OGC Geospatial XACML (GeoXACML) 1.0  Access rights are  enforced by a service provider,  based on an user‘s attributes

10 OGC ® Authentication  User accounts are provided by organisations, to which a user belongs  Deliver user attributes to service providers for the purpose of access control  role, organisation  Login always on your home organisation  Use of open standards  OASIS: Security Assertion Markup Language 2.0  IETF: RFC 2818 (HTTPS), RFC 4346 (TLS 1.1), RFC 2617 (HTTP Authentication), RFC 2965 (HTTP State Management Mechanism)  W3C: CORS, XML Digital Signatures, XML Encryption

11 OGC ® Solution “Access Management Federation” [Source: http://www.switch.ch]

12 OGC ® AMF in the project Betriebsmodell

13 OGC ® Data and Services of the Federation  Three different providers for data and services

14 OGC ® Use Case „Extending Infrastructure“  Three Engineering Offices  Munich, Nuremberg, Bavaria  Users have roles  finished, current and planned construction works  Engineering Offices have got fields of activity  50 km around Munich / Nuremberg  within Bavaria

15 OGC ® Use Case „Qualification of German Ensembles“  Match the geographic extend of an identified site to its actual ground shape  Users of the Bavarian State Office for the Preservation of Historical Monuments  Qualify ensembles via WFS-T  Users of Bavarian SDI  Reading access  Engineering Offices  No access

16 OGC ® Use Case „Information next to your home“  Citizen can view their required building documentation via electronic Identity Card  Thomas Mustermann: for Munich  Helga Mustermann: for Nuremberg  3D LoD1/LoD2 city models in Google Earth  2D maps with Google Maps and OGC WMS  a required building documentation with OpenLayers, OGC WFS and WMS

17 OGC ® Outcome  An AMF for spatial data and services can be established like existing AMFs of the academic sector, e.g. DFN-AAI (https://www.aai.dfn.de/)https://www.aai.dfn.de/  Test federation GDI-DE: https://sp.gdi-de.orghttps://sp.gdi-de.org  Clarify the duties and responsibilities  Operations and Maintenance  Support  OGC White Paper #12-026  Authors: Andreas Matheus (Secure Dimensions), Christian Kiehle, Jan Grohmann (BKG)  on Pending Documents – uploaded before 3 week rule for this meeting

18 OGC ® Question & Answers Jan Grohmann Coordination Office GDI-DE Federal Agency for Cartography and Geodesy Richard-Strauß-Allee 11 60598 Frankfurt am Main Germany Tel.: +49 (0) 69 6333 298 Fax: +49 (0) 69 6333 446 E-Mail: jan.grohmann@bkg.bund.dejan.grohmann@bkg.bund.de Internet: http://www.gdi-de.orghttp://www.gdi-de.org http://www.geoportal.de

19 OGC ® Use Case „Extending infrastructure“

20 OGC ® Use Case „Information next to your home“

21 OGC ® Use Case „Qualification of German Ensembles“

22 OGC ® Use Case „Qualification of German Ensembles“

Download ppt "® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann."

Similar presentations

Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität.

Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität.
Shibboleth Access Management Federations as an Organisational Model for SDI C.I.Higgins, M.Koutroumpas, A.Seales, EDINA National Datacentre, Scotland A.Matheus,

Shibboleth Access Management Federations as an Organisational Model for SDI C.I.Higgins, M.Koutroumpas, A.Seales, EDINA National Datacentre, Scotland A.Matheus,
GDI.DE Test Federation Demo Slides Andreas Matheus.

GDI.DE Test Federation Demo Slides Andreas Matheus.
Spatial Data Infrastructure: Concepts and Components Geog 458: Map Sources and Errors March 6, 2006.

Spatial Data Infrastructure: Concepts and Components Geog 458: Map Sources and Errors March 6, 2006.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Secure access to spatial data for academia – the UK experience Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public.

Secure access to spatial data for academia – the UK experience Workshop, Authentication, Authorization and Accounting for Data and Services in EU Public.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.

® Practical Approaches to Web Services Authentication 72nd OGC Technical Committee Frascati, Italy Fiona Culloch March 9, 2010 Sponsored and hosted by.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Will Darby 91.514 5 April 2010.  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.

Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
1 Applying ISO/TC 211 standards to the development of standards through Geospatial One-Stop Presented at ISO TC 211 Standards in Action workshop by Julie.

1 Applying ISO/TC 211 standards to the development of standards through Geospatial One-Stop Presented at ISO TC 211 Standards in Action workshop by Julie.
95-804 Applied Cryptography Week 13 SAML 1 95-804 Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.

© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

Similar presentations

Ads by Google