Die Präsentation wird geladen. Bitte warten

Die Präsentation wird geladen. Bitte warten

FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC.

Veröffentlicht von:Rudolph Färber Geändert vor über 7 Jahren

Ähnliche Präsentationen

Präsentation zum Thema: "FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC."—  Präsentation transkript:

1 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC Web Services Hans Plum plum@lat-lon.de www.lat-lon.de www.deegree.org

2 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH ● Spin-Off University of Bonn, Nov. 2000 ● SDI/OGC/ISO Competence + Free Software ● Consulting, Software development, Training ● deegree – Open Source implementation of several OGC/ISO-Standards ● Active OGC-Member ● Partner: Delphi IMM, EMPRISE, GDF, Intevation, map Topomatik lat/lon – short introduction

3 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Agenda ● Overview and Motivation ● Open SDIs & deegree – hands-on intro to deegree OWS and clients ● Secured SDIs & deegree – hands-on intro to deegree iGeoSecurity ● Questions & Comments

4 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Our Use Case ● John is allowed to see the entire WMS layer for endangered species ● Laura can just access the map layer for endangered species within a buffer of 20 km around the lake ● Hillary is allowed to insert new endangered species via the WFS; John and Laura are not allowed to.

5 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Architecture of a SDI Gazetteer OGC-Clients Catalogue WMS WCS WFS WMPS WTS/WPV S WFS-t

6 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH SDI for the Lab OGC-Clients WMS WFS WFS-t

7 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Inside deegree ● all applications are implemented as Java Servlets depending on the Java Servlet standard: – common directory structure and relevant files: ● WEB-INF/web.xml (Initialising web application) ● WEB-INF/classes/log4j.properties (Logging) ● WEB-INF/conf/[wms | igeoportal | security | wass] ● WEB-INF/lib (Java libraries)

8 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Inside deegree iGeoPortal std. edt. ● generator-based GUI creation: From enhanced OGC Web Map Context to HTML via XSLT ( webapps/igeoportal/WEB-INF/conf/igeoportal/wmc_start_utah.xml ) ● Arranging modules (functionality) in North, East, South, West, Central (next slide) ● Task: Switch modules of East to West and vv. ● Task: Make Layer „airports“ non-queryable

9 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH GUI structure

10 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Using OpenJUMP as WFS Client ● OpenJUMP with deegree WFSPlugIn supporting WFS 1.0.0 (read) and WFS 1.1.0 (read/write) access OpenJUMP WMS WFS WFS-t ShapeFiles WMS PostGIS DB

11 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH OGC interfaces in SDIs ● Interoperability of maps and vector data – everybody has access; no restrictions intended (Open Geospatial Consortium) ● but everybody could manipulate data through according OGC interfaces ● How to manage access control for OGC services?

12 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Managing Access Control OGC-Clients WMS WFS WFS-t iGeoSecurity:owsProxy

13 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH deegree owsProxy: Hiding OWS ● transparent facade in front of WMS, WFS, CSW ● supporting different authentication methods (Who?) ● supporting authorization (What?) static and user- dependent ● Task: Deploy owsProxy ● Task: Check WMS Capabilities for anonymous user, laura/laura and john/john manually (http://...&user=laura&password=laura) ● Task: Login into iGeoPortal as john/john

14 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Inside deegree owsProxy ● OWS to hide: webapps/owsproxy/WEB-INF/web.xml ● Authorization: webapps/owsproxy/WEB- INF/conf/security/w?spolicy.xml ● Authentication: webapps/owsproxy/WEB- INF/conf/security/authentication.xml

15 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Authentication ● decoupling of creation and testing of credentials ● 3 rd parties/applications can use it ● developed from a SDI NRW standard; proposed at OGC ● Supporting operations GetSession/CloseSession – deegree DescribeUser ● Task: Deploy deegree-was and check according requests

16 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH owsProxy – Web Authentication S. OGC-Clients WMS WFS WFS-t iGeoSecurity:owsProxy WAS

17 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Authorization: Administration ● Defining: ● Users ● Groups (Aggregation of Users and Groups) ● Rights (GetMap on Layer A allowed?) ● Roles (Aggregation of Groups and Rights) ● Task: Deploy rights management deegree-u3r ● Task: Add user Paul and give him rights for layer endangered_species

18 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Authorization: User, Rights, Roles, Ressources (U3R) OGC-Clients WMS WFS WFS-t iGeoSecurity:owsProxy WAS Postgres DB ShapeFiles PostGIS DB U3R

19 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH iGeoPortal and owsProxy/WAS ● Task: Checkout the communication between iGeoPortal and owsProxy and WAS

20 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH WFS and owsProxy ● Task: Use OpenJUMP as WFS Client against featuretype endangered_species for user hillary/hillary

21 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Info Flow in enterprise SDI OGC-Clients WMS WFS WFS-t iGeoSecurity:owsProxy WAS Postgres DB ShapeFiles PostGIS DB U3R

22 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH Outlook ● Securing the communication via Web Security Service ● Securing communication via Inteproxy (a client-based tunnel application) ● Billing users via OSAAS

23 FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC Web Services Hans Plum plum@lat-lon.de www.lat-lon.de www.deegree.org

Herunterladen ppt "FOSS4G 2007, Victoria L-16 deegree iGeoSecurity gesellschaft für raumbezogene informationssysteme mbH L-16: deegree iGeosecurity - Access Control for OGC."

Ähnliche Präsentationen

R. Zankl – Ch. Oelschlegel – M. Schüler – M. Karg – H. Obermayer R. Gottanka – F. Rösch – P. Keidler – A. Spangler14.01.2008 6th Expert Meeting Business.

R. Zankl – Ch. Oelschlegel – M. Schüler – M. Karg – H. Obermayer R. Gottanka – F. Rösch – P. Keidler – A. Spangler th Expert Meeting Business.
An OGC Standards Driven Geodata Online Access for DLRs National Remote Sensing Data Library (NRSDL) Torsten Heinen German Remote Sensing Data Center (DLR/DFD)

An OGC Standards Driven Geodata Online Access for DLRs National Remote Sensing Data Library (NRSDL) Torsten Heinen German Remote Sensing Data Center (DLR/DFD)
Vorlesung: 1 Betriebliche Informationssysteme 2003 Prof. Dr. G. Hellberg Studiengang Informatik FHDW Vorlesung: Betriebliche Informationssysteme Teil 5.

Vorlesung: 1 Betriebliche Informationssysteme 2003 Prof. Dr. G. Hellberg Studiengang Informatik FHDW Vorlesung: Betriebliche Informationssysteme Teil 5.
Can you think of some KEY phrases which would be useful in multiple contexts? Take 2 minutes with a partner and come up with as many as you can!

Can you think of some KEY phrases which would be useful in multiple contexts? Take 2 minutes with a partner and come up with as many as you can!
Abkürzungen mit Präpositionen German Prepositional Contractions

Abkürzungen mit Präpositionen German Prepositional Contractions
GIS Web Services mit Geoserver Oliver Archner BayCEER 2010.

GIS Web Services mit Geoserver Oliver Archner BayCEER 2010.
11.11.2013 | DC-IAP/SVC3 | © Bosch Rexroth Pneumatics GmbH 2013. This document, as well as the data, specifications and other information set forth in.

| DC-IAP/SVC3 | © Bosch Rexroth Pneumatics GmbH This document, as well as the data, specifications and other information set forth in.
| Basel Von der SharePoint Taskliste zum gemanagten Project in Project Server Luca Argentiero Solution Specialist Microsoft

| Basel Von der SharePoint Taskliste zum gemanagten Project in Project Server Luca Argentiero Solution Specialist Microsoft
Wortschatz angenehm comfortable anstrengend tiring ausgezeichnet outstanding bequem comfortable berühmt famous besser better blöd stupid einfach easy fantastisch.

Wortschatz angenehm comfortable anstrengend tiring ausgezeichnet outstanding bequem comfortable berühmt famous besser better blöd stupid einfach easy fantastisch.
Microsoft Dynamics NAV 2009

Microsoft Dynamics NAV 2009
You need to use your mouse to see this presentation © Heidi Behrens.

You need to use your mouse to see this presentation © Heidi Behrens.
Wortschatz der Schulhof the playground die Aula the hall

Wortschatz der Schulhof the playground die Aula the hall
Ein Projekt des Technischen Jugendfreizeit- und Bildungsvereins (tjfbv) e.V. www.barrierefrei- kommunizieren.de Blended Learning for people with disabilities.

Ein Projekt des Technischen Jugendfreizeit- und Bildungsvereins (tjfbv) e.V. kommunizieren.de Blended Learning for people with disabilities.
You need to use your mouse to see this presentation © Heidi Behrens.

You need to use your mouse to see this presentation © Heidi Behrens.
Institut für Angewandte Mikroelektronik und Datentechnik Course and contest Results of Phase Selected Topics in VLSI Design (Module 24513) 03.04.2015 ©

Institut für Angewandte Mikroelektronik und Datentechnik Course and contest Results of Phase Selected Topics in VLSI Design (Module 24513) ©
Institut für Angewandte Mikroelektronik und Datentechnik Phase 5 Architectural impact on ASIC and FPGA Nils Büscher Selected Topics in VLSI Design (Module.

Institut für Angewandte Mikroelektronik und Datentechnik Phase 5 Architectural impact on ASIC and FPGA Nils Büscher Selected Topics in VLSI Design (Module.
Weak pushover verbs..... lieben kaufen spielen suchen....are verbs that do exactly as they are told. They stick to a regular pattern that does not change!

Weak pushover verbs..... lieben kaufen spielen suchen....are verbs that do exactly as they are told. They stick to a regular pattern that does not change!
SiPass standalone.

SiPass standalone.
Stephanie Müller, Rechtswissenschaftliches Institut, Universität Zürich, Rämistrasse 74/17, 8001 Zürich, Criminal liability.

Stephanie Müller, Rechtswissenschaftliches Institut, Universität Zürich, Rämistrasse 74/17, 8001 Zürich, Criminal liability.
Ralf M. Schnell Technical Evangelist Microsoft Deutschland GmbH

Ralf M. Schnell Technical Evangelist Microsoft Deutschland GmbH

Ähnliche Präsentationen

Google-Anzeigen