® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany...
-
Upload
kenneth-ward -
Category
Documents
-
view
223 -
download
0
Transcript of ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany...
![Page 1: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/1.jpg)
®
Hosted and Sponsored by
Access Management Federation for Access Management Federation for Spatial Data and Services in GermanySpatial Data and Services in Germany
80th OGC Technical Committee
Austin, Texas (USA)
Jan Grohmann (BKG)
March 20, 2012
![Page 2: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/2.jpg)
OGC®
About GDI-DE and BKG
Motivation
Requirements
Realisation
Authorization
Authentication
Acess Management Federation
Use Cases
Outcome
AgendaAgenda
![Page 3: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/3.jpg)
OGC®
BKG
Federal Agency for Cathography and Geodesy
Provide geodetic reference data and basic spatial data for the needs of the Federal Government
Coordination Office GDI-DE is situated in the BKG as a department of the division Geoinformation
About GDI-DE and BKGAbout GDI-DE and BKG
Coordination Office GDI-DECoordination Office GDI-DE
network consists of experts from Government, Private Sector and Universities
Decisions, Orders
Proposals,Reports
Steering Committee GDI-DESteering Committee GDI-DE
GDI-DE
![Page 4: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/4.jpg)
OGC®
MotivationMotivation
…to establish a common infrastructure Government Government & Business & Public)
3 governmental levels in Germany: 13.000 municipalities, 16 federal states and the federal government
![Page 5: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/5.jpg)
OGC®
Project „Betriebsmodell GDI-DE“ focused on the establishment,
development and operation of a spatial data infrastructure in Germany
Work package for using protected data and services
MotivationMotivation
![Page 6: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/6.jpg)
OGC®
RequirementsRequirements
Technical / Operational Requirements
Authentication – Who are you?
Authorisation – What are you permitted to do?
consider existing infrastructures
security as an add-on
no central storage of user accounts
combine distributed data and services for use
Standards and Architectures for E-Government-Applications (SAGA 4.0)
![Page 7: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/7.jpg)
OGC®
Requirements (2)Requirements (2)
Standards and Architectures for E-Government-Applications
eGovernment applications are using mostly a web browser as a frontend [Ch.
1.5, p. 13]
possible roles for access control defined in table 4-1 [Ch. 4.6.3, p.54]
core attributes for identities [Ch. 5.4.4, p.66]
Services are stateless [Ch. 6.6.2, p.70]
Composition of services [Ch. 6.6.2, p.71]
SAML 2.0 is recommended
…
![Page 8: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/8.jpg)
OGC®
Requirements (3)Requirements (3)
Organisational Requirements
Who accepts users?
Who grants access rights for data and services?
Who coordinates access rights also between different domains?
Who supervises the working process?
...
=> Results provided by project „Betriebsmodell GDI-DE“
![Page 9: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/9.jpg)
OGC®
AuthorizationAuthorization
Role based access control
Use of open standards
OASIS: eXtensible Access Control Markup Language 2.0
OGC Geospatial XACML (GeoXACML) 1.0
Access rights are
enforced by a service provider,
based on an user‘s attributes
![Page 10: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/10.jpg)
OGC®
AuthenticationAuthentication
User accounts are provided by organisations, to which a user belongs
Deliver user attributes to service providers for the purpose of access
control
role, organisation
Login always on your home organisation
Use of open standards
OASIS: Security Assertion Markup Language 2.0
IETF: RFC 2818 (HTTPS), RFC 4346 (TLS 1.1), RFC 2617 (HTTP
Authentication), RFC 2965 (HTTP State Management Mechanism)
W3C: CORS, XML Digital Signatures, XML Encryption
![Page 11: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/11.jpg)
OGC®
Solution Solution “Access Management Federation” “Access Management Federation”
[Source: http://www.switch.ch]
![Page 12: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/12.jpg)
OGC®
AMF in the project BetriebsmodellAMF in the project Betriebsmodell
![Page 13: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/13.jpg)
OGC®
Data and Services of the FederationData and Services of the Federation
Three different providers for data and services
![Page 14: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/14.jpg)
OGC®
Use Case „Extending Infrastructure“Use Case „Extending Infrastructure“
Three Engineering Offices
Munich, Nuremberg, Bavaria
Users have roles
finished , current and planned construction works
Engineering Offices have got fields of activity
50 km around Munich / Nuremberg
within Bavaria
![Page 15: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/15.jpg)
OGC®
Use Case „Qualification of German Use Case „Qualification of German Ensembles“Ensembles“
Match the geographic extend of an identified site to its actual ground
shape
Users of the Bavarian State Office for the Preservation of Historical
Monuments
Qualify ensembles via WFS-T
Users of Bavarian SDI
Reading access
Engineering Offices
No access
![Page 16: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/16.jpg)
OGC®
Use Case „Information next to your home“Use Case „Information next to your home“
Citizen can view their required building documentation via electronic
Identity Card
Thomas Mustermann: for Munich
Helga Mustermann: for Nuremberg
3D LoD1/LoD2 city models in Google Earth
2D maps with Google Maps and OGC WMS
a required building documentation with OpenLayers, OGC WFS and
WMS
![Page 17: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/17.jpg)
OGC®
OutcomeOutcome
An AMF for spatial data and services can be established like existing
AMFs of the academic sector, e.g. DFN-AAI (https://www.aai.dfn.de/)
Test federation GDI-DE: https://sp.gdi-de.org
Clarify the duties and responsibilities
Operations and Maintenance
Support
OGC White Paper #12-026
Authors: Andreas Matheus (Secure Dimensions), Christian Kiehle,
Jan Grohmann (BKG)
on Pending Documents – uploaded before 3 week rule for this meeting
![Page 18: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/18.jpg)
OGC®
Question & AnswersQuestion & Answers
Jan GrohmannCoordination Office GDI-DE Federal Agency for Cartography and GeodesyRichard-Strauß-Allee 1160598 Frankfurt am MainGermany
Tel.: +49 (0) 69 6333 298Fax: +49 (0) 69 6333 446
E-Mail: [email protected]: http://www.gdi-de.org http://www.geoportal.de
![Page 19: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/19.jpg)
OGC®
Use Case „Extending infrastructure“Use Case „Extending infrastructure“
![Page 20: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/20.jpg)
OGC®
Use Case „Information next to your home“Use Case „Information next to your home“
![Page 21: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/21.jpg)
OGC®
Use Case „Qualification of German Use Case „Qualification of German Ensembles“Ensembles“
![Page 22: ® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80th OGC Technical Committee Austin, Texas (USA) Jan Grohmann.](https://reader036.fdocuments.net/reader036/viewer/2022062409/56649e695503460f94b66d8c/html5/thumbnails/22.jpg)
OGC®
Use Case „Qualification of German Use Case „Qualification of German Ensembles“Ensembles“