® Hosted and Sponsored by Access Management Federation for Spatial Data and Services in Germany 80 th OGC Technical Committee Austin, Texas (USA) Jan Grohmann (BKG) March 20, 2012
Agenda § About GDI-DE and BKG § Motivation § Requirements § Realisation § Authorization § Authentication § Acess Management Federation § Use Cases § Outcome OGC ®
About GDI-DE and BKG GDI-DE BKG Steering Committee GDI-DE Decisions, Orders Proposals, Reports Coordination Office GDI-DE network consists of experts from Government, Private Sector and Universities OGC ® Federal Agency for Cathography and Geodesy Provide geodetic reference data and basic spatial data for the needs of the Federal Government Coordination Office GDI-DE is situated in the BKG as a department of the division Geoinformation
Motivation 3 governmental levels in Germany: 13. 000 municipalities, 16 federal states and the federal government …to establish a common infrastructure Government & Business & Public) OGC ®
Motivation § Project „Betriebsmodell GDI-DE“ focused on the establishment, development and operation of a spatial data infrastructure in Germany § Work package for using protected data and services OGC ®
Requirements § Technical / Operational Requirements § Authentication – Who are you? § Authorisation – What are you permitted to do? § consider existing infrastructures § security as an add-on § no central storage of user accounts § combine distributed data and services for use § Standards and Architectures for E-Government-Applications (SAGA 4. 0) OGC ®
Requirements (2) § Standards and Architectures for E-Government-Applications § e. Government applications are using mostly a web browser as a frontend [Ch. 1. 5, p. 13] § possible roles for access control defined in table 4 -1 [Ch. 4. 6. 3, p. 54] § core attributes for identities [Ch. 5. 4. 4, p. 66] § Services are stateless [Ch. 6. 6. 2, p. 70] § Composition of services [Ch. 6. 6. 2, p. 71] § SAML 2. 0 is recommended § … OGC ®
Requirements (3) § Organisational Requirements § Who accepts users? § Who grants access rights for data and services? § Who coordinates access rights also between different domains? § Who supervises the working process? §. . . => Results provided by project „Betriebsmodell GDI-DE“ OGC ®
Authorization § Role based access control § Use of open standards § OASIS: e. Xtensible Access Control Markup Language 2. 0 § OGC Geospatial XACML (Geo. XACML) 1. 0 § Access rights are § enforced by a service provider, § based on an user‘s attributes OGC ®
Authentication § User accounts are provided by organisations, to which a user belongs § Deliver user attributes to service providers for the purpose of access control § role, organisation § Login always on your home organisation § Use of open standards § OASIS: Security Assertion Markup Language 2. 0 § IETF: RFC 2818 (HTTPS), RFC 4346 (TLS 1. 1), RFC 2617 (HTTP Authentication), RFC 2965 (HTTP State Management Mechanism) § W 3 C: CORS, XML Digital Signatures, XML Encryption OGC ®
![Solution “Access Management Federation” [Source: http: //www. switch. ch] OGC ®](https://present5.com/presentation/32621b6d321405ac47cab5b83433130e/image-11.jpg "Solution “Access Management Federation” [Source: http: //www. switch. ch] OGC ®")
Solution “Access Management Federation” [Source: http: //www. switch. ch] OGC ®
AMF in the project Betriebsmodell OGC ®
Data and Services of the Federation § Three different providers for data and services OGC ®
Use Case „Extending Infrastructure“ § Three Engineering Offices § Munich, Nuremberg, Bavaria § Users have roles § finished , current and planned construction works § Engineering Offices have got fields of activity § 50 km around Munich / Nuremberg § within Bavaria OGC ®
Use Case „Qualification of German Ensembles“ § Match the geographic extend of an identified site to its actual ground shape § Users of the Bavarian State Office for the Preservation of Historical Monuments § Qualify ensembles via WFS-T § Users of Bavarian SDI § Reading access § Engineering Offices § No access OGC ®
Use Case „Information next to your home“ § Citizen can view their required building documentation via electronic Identity Card § Thomas Mustermann: for Munich § Helga Mustermann: for Nuremberg § 3 D Lo. D 1/Lo. D 2 city models in Google Earth § 2 D maps with Google Maps and OGC WMS § a required building documentation with Open. Layers, OGC WFS and WMS OGC ®
Outcome § An AMF for spatial data and services can be established like existing AMFs of the academic sector, e. g. DFN-AAI (https: //www. aai. dfn. de/) § Test federation GDI-DE: https: //sp. gdi-de. org § Clarify the duties and responsibilities § Operations and Maintenance § Support § OGC White Paper #12 -026 § Authors: Andreas Matheus (Secure Dimensions), Christian Kiehle, Jan Grohmann (BKG) § on Pending Documents – uploaded before 3 week rule for this meeting OGC ®
Question & Answers Jan Grohmann Coordination Office GDI-DE Federal Agency for Cartography and Geodesy Richard-Strauß-Allee 11 60598 Frankfurt am Main Germany Tel. : +49 (0) 69 6333 298 Fax: +49 (0) 69 6333 446 E-Mail: jan. grohmann@bkg. bund. de Internet: http: //www. gdi-de. org http: //www. geoportal. de OGC ®
Use Case „Extending infrastructure“ OGC ®
Use Case „Information next to your home“ OGC ®
Use Case „Qualification of German Ensembles“ OGC ®
Use Case „Qualification of German Ensembles“ OGC ®
Скачать презентацию Hosted and Sponsored by Access Management Federation
32621b6d321405ac47cab5b83433130e.ppt