Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Federated User Management in a Federated Government –
SAML 2 for the SDI of the Free State of Saxony (Germany)
INSPIRE Conference 2012, Istanbul
I Spatial Data Infrastructure of the Free State of Saxony
I E-Government Base Components for Spatial Information
(GeoBAK 2.0)
I Use case – exchange of protected spatial information in the
Saxon SDI
I Technical implementation based on SAML 2
I Demo
2
Contents
| INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
GeoSN,H
ergert
con terra,
Gartmann
3
SDI of the Free State of Saxony
Saxon SDI as part of the German and European SDI
| INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
4
SDI of the Free State of Saxony
Saxony - overview
| INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
→ area: 18 400 sq km
→ population: 4.2 million
→ capital: Dresden
→ 13 administrative districts
→ 455 municipalities
→ ca. 60 Federal State Authorities
→ 216 000 employees in public
service
5 | INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
SDI of the Free State of Saxony
Driving Forces
E-Government
• Saxon E-Gov. Strategy
INSPIRE
• INSPIRE Directive
• Saxon SDI Law (SächsGDIG)
6 | INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
SDI of the Free State of Saxony
Overview on published spatial information
Metadata of spatial information resources
I ca. 4400 metadata sets in the Saxon metadata catalogue
I incl. 4 harvested catalogues of other organisations
Spatial data (according to INSPIRE Monitoring 2011)
I 340 data sets
I 90 services
I 75 view services (OGC WMS standard)
I 15 download services (OGC WFS standard)
No protected services
available on the Internet
, yet !!
7 | INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
SDI of the Free State of Saxony
Main stakeholders
SDI Coordination Centre
spatial data holding
bodiesusers
• Saxon State Spatial Data and Land
Survey Corporation (GeoSN)
• federal state authorities
• local and municipal authorities
• scientific organisations
• corporations with public tasks
• authorities
• business organisations
• citizens
8 | INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
SDI of the Free State of Saxony
GeoSN - overview
Staatsbetrieb Geobasisinformation und Vermessung Sachsen (GeoSN) =>
“Saxon State Spatial Data and Land Survey Corporation“
I federal state authority for land surveying and cartography in Saxony
I In the area of responsibility of the Saxon Ministry of the Interior
I located in the city of Dresden
I ca. 260 employees
Land surveying and
cartography
role of a
spatial data holding body
data producer
orthophotos, topographic maps,
cadastral parcels …
9
Spatial data
infrastructure
role of the
SDI Coordination Centre
IT service provider
geoportal, spatial data server,
metadata catalogue …
SDI of the Free State of Saxony
GeoSN – tasks and duties
GeoBAK 2.0
| INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
Providing central IT components for Saxon administrations and authorities
...
I to promote the exchange and sharing of spatial information in the Saxon
SDI
I to support Saxon spatial data providers to fulfil their obligations regarding
INSPIRE and E-Government
I to reduce redundant setup of components (to achieve economic efficiency)
10
Base Components for Spatial Information (GeoBAK 2.0)
Objectives
| INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
| INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra) 11
Base Components for Spatial Information (GeoBAK 2.0)
Subcomponents / Applications
Geoportal
Metadata
CatalogueMap Viewer
Service Monitor
Spatial Data Security
Spatial Data Server
Spatial Data Processing
Spatial Data Store
12
Base Components for Spatial Information (GeoBAK 2.0)
Spatial Data Security component
| INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
Objectives and functionalities
I to protect spatial data services (to control access)
I to enable cross-component authentication (within the Geoportal and
other GeoBAK user clients)
I to integrate existing user directories of Saxon SDI stakeholders (esp. of
the Saxon state and local authorities )
I to enable single sign on (cross-domain authentication) within the Saxon
and German SDI based on the SAML 2 standard
I Software
I securityManager, Active Directory (incl. ADFS) ...
13 | INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
Access management federation principle
Organisation A
(GeoSN)Organisation B
(Administrative District of
Central Saxony)
IdP
IdP
SP
SP
IdP = Identity Provider
SP = Service Provider
trust
Authenticate
at Identity Provider
Access
protected Service
Use Case – exchange of protected information in the Saxon SDI
local administration(district administration and municipalities)
14 | INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
Exchange of protected information in the Saxon SDI
Initial situation
Administrative District
of Bautzen
state administration(state agencies and public enterprises)
GeoSN (SCC)
Administrative District
of Central Saxony
...
other local
admin.
...
other State
Agencies
Environmental
Agency
IdPIdP IdP
IdP
SP
SPSPSP
SP
Federation
local administration(district administration and municipalities)
15
Exchange of protected information in the Saxon SDI
Use Cases
Administrative District
of Bautzen
state administration(state agencies and public enterprises)
GeoSN (SCC)
Administrative District
of Central Saxony
...
other State
Agencies
Environmental
Agency
IdPIdP IdP
IdP
SP
SPSPSP
SP
...
other local
admin.
| INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
Federation
GeoSN (SCC)
IdP
SP
INSPIRE
ServicesINSPIRE
ServicesINSPIRE
Services
Technical Basis
ADS
❙ SAML 2.0 supports cross-domain identity federation
❙ Distributed Identity Provider (IdP)
❙ Distributed Service Provider (SP)
❙ Federation is organised by SAML metadata
❙ Describe all entities within the federation
❙ Define a trust relationship
❙ Result: Each user is authenticated for each resource
The Power of SAML 2.0
18 | INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)
Organisation A
(GeoSN)Organisation B
(Administrative District of
Central Saxony)
IdP
IdP
SP
SP
IdP = Identity Provider
SP = Service Provider
How does it work?
Request
Authenticated?
IdP SelectionLogin Token
Request
Result
| 24.11.2011 | Andreas Hergert19
| 24.11.2011 | Andreas Hergert20
| 24.11.2011 | Andreas Hergert21
| 24.11.2011 | Andreas Hergert22
| 24.11.2011 | Andreas Hergert23
I Andreas Hergert
I Staatsbetrieb Geobasisinformation und Vermessung Sachsen (GeoSN)
I E-Mail: [email protected]
I Rüdiger Gartmann
I con terra - Gesellschaft für Angewandte Informationstechnologie mbH
I E-Mail: [email protected]
24
Contact information
| INSPIRE Conference 2012, Istanbul | Andreas Hergert (GeoSN) and Rüdiger Gartmann (con terra)