30 May 2011
The EU-funded, EuroGeographics-led European Spatial Data Infrastructure Network (ESDIN) project concluded recently.
The main focus of this large, multi-partner, 30 month project was to assist the European National Mapping Agencies in implementing the INSPIRE (Infrastructure for Spatial Information in Europe) directive. EDINA’s main role was to provide academic sector input and expertise in geospatial service delivery.
Probably our most significant contribution was in the area of access control. Working through the processes of one of the main geospatial standards defining organisations, the Open Geospatial Consortium, EDINA led a team that demonstrated how Shibboleth (the software that underpins the UK Access Management Federation) could be used to secure OGC Web Services (OWS).
OWS underpin virtually all Spatial Data Infrastructures (SDI) everywhere, including INSPIRE. SDI is about using standards to make it easier for anyone working with spatial data, at any level, to meet their objectives, potentially saving vast amounts of resources. The issue we addressed is that while many SDI content providers, for a variety of reasons, want to restrict access to their valuable data or services, there is no widely accepted way of doing so.
We showed how Shibboleth federations, effectively an open source implementation of the OASIS standard Security Assertion Markup Language, could be used as the organisational model for SDI. This is a production strength solution to the problem of how to share identity information across administrative domains.
It means that an end user of SDI services, eg, a student or a member of the public can attempt to access a protected internet resource such as topographic data or land registry data The user simply provides their credentials and if authorised gains access. If the user then attempts to access another protected resource they will get direct access without being challenged again, providing they are authorised and the organisations are members of the same federation.
Showing how these “Single Sign On” federations can work with SDI services without requiring any changes to the standards in a wide range of scenarios was recognised by the EU as a significant contribution and a major factor in the success of the ESDIN project.