Previous work onAccess Management Federations Andreas Matheus Secure Dimensions
Previous work by this team • SEE-GEO •...
SEE-GEO• SEcurE access to GEOspatial services• UK JISC funded process in 2007• Cross border map (Germany / The Nethe...
eContentPlus ESDIN• eContentPlus project (http://www.esdin.eu/)• Participants from all over Europe• Establish a pan-Europe...
Shibboleth IE• OGC Interoperability Experiment – 2011 – OGC® Engineering Report for the OWS Shibboleth Inter...
Shibboleth IE• OGC Interoperability Experiment 2011• Participants – Cadcorp, Envitia, con terra, snowflake, JRC• Objec...
INSPIRE 2011 Workshop• INSPIRE annual conference 2011 Edinburgh• Objective was to introduce the use of Access Management ...
Prototype Federation German SDI• https://sp.gdi-de.orgSecure Dimensions Previous work on Access Management Federations...
Prototype Federation German SDI application WMS GetFeatureI...
Conclusion from previous work• Access Management Federation based on SAML is a productive solution for sharing protected ...
Conclusion from previous work• Protected services can be consumed via – Web Browser (e.g. OpenLayers) applications ...
Thank You It is important, to do security right... Secure Dimensions GmbH Holistic Geosecurit...
of 12

Previous work on Access Management Federations

Published on: Mar 4, 2016
Source: www.slideshare.net


Transcripts - Previous work on Access Management Federations

  • 1. Previous work onAccess Management Federations Andreas Matheus Secure Dimensions
  • 2. Previous work by this team • SEE-GEO • The eContentPlus ESDIN work • OGC Web Services Shibboleth Interoperability Experiment • German Spatial Data Infrastructure 2007 ... 2012 ... 2016 (Concept)Secure Dimensions Previous work on Access Management Federations 2
  • 3. SEE-GEO• SEcurE access to GEOspatial services• UK JISC funded process in 2007• Cross border map (Germany / The Netherlands)• Secure WFS with styled layer descriptor – Depending on style and origin of rescue centre maps is loaded or access is deniedSecure Dimensions Previous work on Access Management Federations 3
  • 4. eContentPlus ESDIN• eContentPlus project (http://www.esdin.eu/)• Participants from all over Europe• Establish a pan-European access management federation withNMCAsservices: – OGC WMS – OGC WFS – ...Secure Dimensions Previous work on Access Management Federations 4
  • 5. Shibboleth IE• OGC Interoperability Experiment – 2011 – OGC® Engineering Report for the OWS Shibboleth Interoperability Experiment – https://portal.opengeospatial.org/files/?artifact_id=478 52• Objectives – Use of the access management federation with OGC Web Services using SAML 2 authentication – Implement SAML 2 Enhanced Client & Proxy Profile in Desktop GIS productSecure Dimensions Previous work on Access Management Federations 5
  • 6. Shibboleth IE• OGC Interoperability Experiment 2011• Participants – Cadcorp, Envitia, con terra, snowflake, JRC• Objective – Connect to protected OGC Web Services provided by esdin and German SDI prototype federation – Implement SAML 2 Enhanced Client Proxy Profile• Result – Desktop GIS: Cadcorp, Envitia, snowflake – Browser based Client: JRC – Client Proxy: con terraSecure Dimensions Previous work on Access Management Federations 6
  • 7. INSPIRE 2011 Workshop• INSPIRE annual conference 2011 Edinburgh• Objective was to introduce the use of Access Management Federation with SAML2 to protect OGC Web Services – Access Management Federation prototype• The result confirmedthat the introduced concept is INSPIRE conformantSecure Dimensions Previous work on Access Management Federations 7
  • 8. Prototype Federation German SDI• https://sp.gdi-de.orgSecure Dimensions Previous work on Access Management Federations 8
  • 9. Prototype Federation German SDI application WMS GetFeatureInfo loaded from IdP SP WMS GetMap Secure Dimensions (secure-dimensions.net) GDI.DE (gdi-de.org)login with SP IHK Bavaria (win.bihk.de) DS GDI.DE SP (gdi-de.org) GDI.BY (gdi-by.org) Secure Dimensions Previous work on Access Management Federations 9
  • 10. Conclusion from previous work• Access Management Federation based on SAML is a productive solution for sharing protected resources in various countries around the world – https://www.aai.dfn.de/links/ [German Federation]• Strength – Single-Sign-On support – High level of assurance about real user identity – Exchange of SAML user credentials support privacy and anonymity of the user – Managed list of trusted entities = federationSecure Dimensions Previous work on Access Management Federations 10
  • 11. Conclusion from previous work• Protected services can be consumed via – Web Browser (e.g. OpenLayers) applications – Desktop GIS applications• Web Browser with full support*1 – IE 10, Google Chrome, Firefox, Safari• Desktop GIS must implement SAML2 ECP – Cadcorp, Envitia got tested successfully during Shibboleth IE – QGIS (open source GIS) SAML2 extension provided by Secure Dimensions*1: This is the list of tested web browsersSecure Dimensions Previous work on Access Management Federations 11
  • 12. Thank You It is important, to do security right... Secure Dimensions GmbH Holistic Geosecurity Dr. Andreas Matheus Waxensteinstr. 28 D-81377 München, Germany Phone +49 (0)89 38151813-0 Mobile +49 (0)160 1066366 Telefax +49 (0)89 38151813-9 Email am@secure-dimensions.com Web www.secure-dimensions.comSecure Dimensions Previous work on Access Management Federations Slide 12

Related Documents