Die Präsentation wird geladen. Bitte warten

Die Präsentation wird geladen. Bitte warten

FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC.

Ähnliche Präsentationen


Präsentation zum Thema: "FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC."—  Präsentation transkript:

1 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC Web Services Hans Plum

2 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH ● Spin-Off University of Bonn, Nov ● SDI/OGC/ISO Competence + Free Software ● Consulting, Software development, Training ● deegree – Open Source implementation of several OGC/ISO-Standards ● Active OGC-Member ● Partner: Delphi IMM, EMPRISE, GDF, Intevation, map Topomatik lat/lon – short introduction

3 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Agenda ● Overview and Motivation ● Open SDIs & deegree – hands-on intro to deegree OWS and clients ● Secured SDIs & deegree – hands-on intro to deegree iGeoSecurity ● Questions & Comments

4 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Our Use Case ● John is allowed to see the entire WMS layer for endangered species ● Laura can just access the map layer for endangered species within a buffer of 20 km around the lake ● Hillary is allowed to insert new endangered species via the WFS; John and Laura are not allowed to.

5 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Architecture of a SDI Gazetteer OGC-Clients Catalogue WMS WCS WFS WMPS WTS/WPV S WFS-t

6 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH SDI for the Lab OGC-Clients WMS WFS WFS-t

7 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Inside deegree ● all applications are implemented as Java Servlets depending on the Java Servlet standard: – common directory structure and relevant files: ● WEB-INF/web.xml (Initialising web application) ● WEB-INF/classes/log4j.properties (Logging) ● WEB-INF/conf/[wms | igeoportal | security | wass] ● WEB-INF/lib (Java libraries)

8 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Inside deegree iGeoPortal std. edt. ● generator-based GUI creation: From enhanced OGC Web Map Context to HTML via XSLT ( webapps/igeoportal/WEB-INF/conf/igeoportal/wmc_start_utah.xml ) ● Arranging modules (functionality) in North, East, South, West, Central (next slide) ● Task: Switch modules of East to West and vv. ● Task: Make Layer „airports“ non-queryable

9 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH GUI structure

10 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Using OpenJUMP as WFS Client ● OpenJUMP with deegree WFSPlugIn supporting WFS (read) and WFS (read/write) access OpenJUMP WMS WFS WFS-t ShapeFiles WMS PostGIS DB

11 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH OGC interfaces in SDIs ● Interoperability of maps and vector data – everybody has access; no restrictions intended (Open Geospatial Consortium) ● but everybody could manipulate data through according OGC interfaces ● How to manage access control for OGC services?

12 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Managing Access Control OGC-Clients WMS WFS WFS-t iGeoSecurity:owsProxy

13 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH deegree owsProxy: Hiding OWS ● transparent facade in front of WMS, WFS, CSW ● supporting different authentication methods (Who?) ● supporting authorization (What?) static and user- dependent ● Task: Deploy owsProxy ● Task: Check WMS Capabilities for anonymous user, laura/laura and john/john manually (http://...&user=laura&password=laura) ● Task: Login into iGeoPortal as john/john

14 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Inside deegree owsProxy ● OWS to hide: webapps/owsproxy/WEB-INF/web.xml ● Authorization: webapps/owsproxy/WEB- INF/conf/security/w?spolicy.xml ● Authentication: webapps/owsproxy/WEB- INF/conf/security/authentication.xml

15 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Authentication ● decoupling of creation and testing of credentials ● 3 rd parties/applications can use it ● developed from a SDI NRW standard; proposed at OGC ● Supporting operations GetSession/CloseSession – deegree DescribeUser ● Task: Deploy deegree-was and check according requests

16 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH owsProxy – Web Authentication S. OGC-Clients WMS WFS WFS-t iGeoSecurity:owsProxy WAS

17 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Authorization: Administration ● Defining: ● Users ● Groups (Aggregation of Users and Groups) ● Rights (GetMap on Layer A allowed?) ● Roles (Aggregation of Groups and Rights) ● Task: Deploy rights management deegree-u3r ● Task: Add user Paul and give him rights for layer endangered_species

18 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Authorization: User, Rights, Roles, Ressources (U3R) OGC-Clients WMS WFS WFS-t iGeoSecurity:owsProxy WAS Postgres DB ShapeFiles PostGIS DB U3R

19 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH iGeoPortal and owsProxy/WAS ● Task: Checkout the communication between iGeoPortal and owsProxy and WAS

20 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH WFS and owsProxy ● Task: Use OpenJUMP as WFS Client against featuretype endangered_species for user hillary/hillary

21 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Info Flow in enterprise SDI OGC-Clients WMS WFS WFS-t iGeoSecurity:owsProxy WAS Postgres DB ShapeFiles PostGIS DB U3R

22 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Outlook ● Securing the communication via Web Security Service ● Securing communication via Inteproxy (a client-based tunnel application) ● Billing users via OSAAS

23 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC Web Services Hans Plum


Herunterladen ppt "FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC."

Ähnliche Präsentationen


Google-Anzeigen