Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Published byFelix Skinner Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for."— Presentation transcript:

1 www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for INSPIRE Standards & technologies

2 Outline Background & context Defining AAA and AMF Overview of relevant standards Overview of technologies AMF: how it works...

3 Outline Background & context Defining AAA and AMF Overview of relevant standards Overview of technologies AMF: how it works...

4 Background and context INSPIRE Directive entered into force 15 May 2007  Cross-border and cross-sector sharing of interoperable spatial data resources  SOA based architecture  18.113 data sets –> 1316 providers  7.088 services –> 1546 providers

5 Background & context Public access to the spatial data through services  The goal is to have as few access barriers as possible (direct access, free,...) Public access can be limited for particular reasons  Discovery service –“such access would adversely affect international relations, public security or national defence”  Viewing, download,... services and e-commerce –Because of IPR, privacy, protection of particular habitats,... –E.g. Downloading data can be set-up through a controlled access mechanism and payment scheme  Need for secure access...

6 Outline Background & context Defining AAA and AMF Overview of relevant standards Overview of technologies AMF: how it works...

7 AAA and AMF Defining AAA  Authentication –Verification that a potential partner in a conversation is capable of representing a person or organisation  Authorisation –Determination whether a subject is allowed to have the specified type of access to a particular resource  Accounting or rights management –Tracking and controlling the use of content, rights, licences and associated information

8 AAA and AMF Defining Access Management Federation  Federated authentication and local authorization Identity providers Service providers Coordination Center

9 AAA and AMF AMF is a dynamic concept  An organization can join the federation –by applying to the coordination centre as a service provider, an identity provider or both  It becomes a trusted party –the CC checks technical compliance according to the policies and procedures of the federation  The CC will add the organization’s credentials to the federation metadata –is an XML file hosted online by the CC that defines the circle of trust of the federation  Single Sign-On –ensures that the user gets a session established with all service providers of the federation

10 Outline Background & context Defining AAA and AMF Overview of relevant standards Overview of technologies AMF: how it works...

11 Standards There are many (related) standards  General ICT with few exceptions  Communication  Authentication  Authorization

12 Standards Secure communication  HTTP protocol (IETF RFC 2616) with an encription protocol such as TLS (Transport Security Layer – IEF RFC 6176) –HTTPS (IETF RFC 2818) Authentication  Redirection to IdP, login, forward attributes to SP  Security Assertion Markup Language (SAML) –Protocol for communicating user authentication, entitlement and attribute information –Metadata – trusted SP & IdP, SAML endpoints, public keys,...  OpenID exist as alternative protocol

13 Standards Higgins et al., 2014; Chadwick, 2008

14 Standards Authorization  Managed at the SP side based on access rights to a resource –Based on attributes – e.g. User ID, role,...  eXtensible Access Control Markup Language (XACML) –GeoXACML allows geographical functions  OAuth as an alternative but...

15 Outline Background & context Defining AAA and AMF Overview of relevant standards Overview of technologies AMF: how it works...

16 Technologies Authentication information can be stored and managed in different ways  E.g. LDAP, Kerberos, PKI,... For implementing SAML many tools exist (OSS and proprietary)  Extensive list with supported protocols and roles in report  Shibboleth (Internet2) –Supports IdP, SP, discovery –Supports additional encryption capacity –Attributes described in Java or from databases –Additional attributes can be defined

17 Outline Background & context Defining AAA and AMF Overview of relevant standards Overview of technologies AMF: how it works...

18 1 2 3 4 5 6 7 8 9 10 11

19 THANK YOU ! QUESTIONS ?

Download ppt "Www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for."

Similar presentations

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
The EC PERMIS Project David Chadwick

The EC PERMIS Project David Chadwick
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Web services security I

Web services security I
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google