Www.geog.leeds.ac.uk



Proposal in response to the JISC Grid OGC Collision Call

Introduction

This document is in response to JISC Circular 02/06 entitled Grid and Open Geospatial Consortium (OGC) Collision issued on the 9th March 2006. The proposal addresses Areas A (security) and C (attendance at OGC meetings) and involves a consortium comprising EDINA National Data Centre, the National e-Science Centre (NeSC), the National Centre for e-Social Science (NCeSS) and MIMAS National Data Centre. Proposed start date is 1st June 2006 for a duration of 24 months.

1 Brief outline of work

The UK academic sector is migrating to using Shibboleth for secure access to online resources. A key goal of this proposal is to link together work undertaken by the Grid, Shibboleth and Geographic Information (GI) communities to allow users access to national data centre geospatial data via the National Grid Service (NGS). It is recognised that Shibboleth represents only one approach (albeit a critical one to the JISC community) and that WS-Security mechanisms may also have a role to play[1]. We therefore propose to concentrate on Shibboleth for implementation purposes but will endeavor to also investigate WS-Security as resource constraints permit. A novel aspect of the project will be the further integration of OGC web services into core Grid middleware used by the NGS. The key benefits will be to widen access to online resources and to enhance opportunities for collaboration. As GI is ubiquitous, making it available on the NGS using open interoperability standards is a significant contribution to the JISC e-Infrastructure programme and the national e-Strategy.

We propose to build upon the communities widespread use of the Globus Toolkit (GT) and to leverage existing investment by proposing an OGC access bridge extension to GT thus enabling the wider Grid community to become GI enabled. The two key deliverables are:

1. A report on the current state of play in respect of secure use of OGC web services using Grid technology, including WS-Security, and recommendations to the JISC on how to progress with secure access to Geographic Information in a way which is compatible with the OGC process.

2. Development of two client applications (minimum) which will demonstrate secure access to heterogeneous data sources hosted by the national data centres via OGC web services incorporated into standard Grid middleware. Security will be provided using a combination of Shibboleth, Grid Security Infrastructure and WS-Security technology.

Deployed as part of GT4, under the GridShib project, work has taken place in the US to enable Shibboleth-based authorisation decisions to be taken in a Grid environment. In the UK, the JISC GridShib projects are producing software tools to enable Shibboleth-brokered authentication to the NGS. This project will allow users with the appropriate Shibboleth credentials to be authenticated and gain access to GT4 under the NGS. If users have the appropriate credentials they will then be authorised to access OGC web services made available through OGSA-DAI (Open Grid Services Architecture – Data Access and Integration, and a component of GT4). While focusing on providing secure access to resources at dataset level, this project will inform the longer term challenge of handling more fine-grained authorization control to the meet the requirements of data owners.

2 Community Contribution Summary

UK academic sector

The main value to the community of this proposal lies through joining up and realising greater benefits from areas in which significant resources have already been invested by the JISC and others. This includes the following.

• Expanding the use of the JISC funded national data centre geospatial data holdings by increasing the use of open interoperability standards and helping with the migration to using these with Grid technology. One of the main barriers to making OGC web services more widely available is the lack of secure access control (e.g. see the final report of the JISC Geospatial Interoperability Project).

• Developing resource access mechanisms that are in harmony with the e-Framework service oriented approach.

• Improving the JISC return on investment in the NGS by making core datasets available and increasing NGS usage.

• Improving the return on investment JISC has made through the Core Middleware Programme in the next generation of access management technologies (Shibboleth) by widening use.

• Working in collaboration with the ESRC funded e-Infrastructure for the Social Sciences, the solutions arrived at will meet wide user requirements and have greater uptake.

Furthermore, the OGC and Grid communities themselves will benefit from the proposed work.

Open Geospatial Consortium (OGC)

• Digital Rights Management (DRM) and security is a major barrier to the wider uptake of OGC interoperability standards. Although what is proposed here addresses the specifics of the academic community, the approach may have wider applicability and could contribute to the flexibility and applicability of OGC standards more generally.

• The OGC process has been very successful in creating interfaces and encodings. With Grid technology, the emphasis is on enabling collaboration and sharing of resources. In this proposal, we aim to transfer some of the key Grid security capabilities to the GI community.

Grid

• As the OGC standards are mature and widely supported in commercial software, by integrating them into core Grid middleware we automatically enhance interoperability and make available to the broader Grid community GI within the core toolsets they are familiar with.

• The potential for Shibboleth assertions to be used to implement the complex access rules required for some data will further extend both the descriptive security ontologies involved and the grid components ability to implement fine-grained control.

Project Description

1 Work Plan Outline

In this section we provide a description of the intended project plan as a series of Work Packages (WP) with indicative timescales and deliverables given where feasible. Should this proposal be accepted, a detailed project plan in accordance with JISC guidelines will be produced.

Work Package 1 – Requirements and Review (duration 5 months)

|Partner responsible |EDINA, with assistance from NeSC and NCeSS |

|Programme objective: |Review of state of play in respect of Grid, Shibboleth, OGC and Web Services approaches to |

| |security |

|Relevant developments |JISC Geospatial Interoperability Project |

Objectives:

• Use a set of use cases to derive a set of requirements for access and authorisation with respect to OGC services within a Grid environment.

• Establish comprehensive understanding of security issues relevant to Grid and OGC collision to ensure project is fully informed.

Brief description of work: Security and the related area of DRM is a complex and fast moving area. This project has the added complexity of dealing with the intersection of four different communities; OGC, Grid, Web Services and Shibboleth. Although the members of the consortium have representation in all these communities, it is essential to focus resources to clarify this intersection. Through peer review and cross party consensus, this WP will lay the foundation upon which the fine detail of subsequent work in the other WPs will be based. Note that while effort will be concentrated on Shibboleth due to its significance to the JISC and the academic sector, the intention is to defer making a decision until this WP reports about the exact solution to be used with the demonstrators (WP3) to achieve secure access to OGC web services using Grid technology. At the end of the review period, a report will be produced, circulated, and made publicly available on the website. Following this, the WP becomes essentially a tracking activity closely related to WP5 (OGC engagement) and will form the basis of the final project report (WP4). As EDINA intends using this project to inform its roadmap for Grid enabling its online services, this review will include consideration of the Shibboleth Authentication for Access to the Resource Infrastructures of the UKDA (SAFARI) project and the ramifications for the UKBORDERS national service.

Outputs including reports:

• Report reviewing requirements and the current state of play in provision of secure web services.

Work Package 2 – Integrate WCS into OGSA-DAI (4 person months)

|Partner responsible |NeSC, with assistance from EDINA |

|Programme objective: |Integrate the OGC’s Web Coverage Service (WCS) interface specification into OGSA-DAI |

|Relevant developments |WMS OGSA-DAI integration |

Objectives:

• Make coverage data available in OGSA-DAI using the OGC’s Web Coverage Service (WCS) interface specification.

Brief description of work: Building on the work already completed by NeSC in collaboration with EDINA, extend OGSA-DAI to handle both OGC Web Map Service (WMS) and Web Coverage Service (WCS) requests. Unlike WMS, which responds to requests by creating map images of spatial data, WCS allows access to the raw data which can then be used for further analysis or for portrayal if required. Examples of coverage data are aerial imagery and remotely sensed data. Note that MIMAS has extensive remotely sensed data holdings and has implemented WCS on top of some of these holdings.

Outputs including reports:

• WCS enabled OGSA-DAI.

Work Package 3 – Exemplar client applications (10 person months)

|Partner responsible |EDINA, NCeSS and MIMAS |

|Programme objective: |Create two client applications which will demonstrate secure access via OGC web services |

| |using a combination of Shibboleth and Grid Security Infrastructure technology |

|Relevant developments |WMS OGSA-DAI demonstrator |

Objectives:

• Demonstrate secure access to OGC web services in a Grid environment using standard Grid middleware. These two exemplars should be sufficiently generic and striking to both show the project approach working and stimulate further creative ideas.

• Evaluate the demonstrators in terms of usability, performance, scalability, and robustness under various test conditions with respect to the security access mechanisms implemented.

• An additional objective, time and resources permitting, would be validation and refinement of the OGSA-DAI/OGC embedding, and an investigation into the OGSA-DAI/OGC Security attributes needed for finer grained GI access control.

Brief description of work: Guided by WP1 we will build two client applications which demonstrate secure access using appropriate Grid based security mechanisms to national data centre (MIMAS and EDINA) hosted data services. In the case of EDINA, these will be OGC web services. The first demonstrator will be built in collaboration with the NCeSS and MIMAS and will assist NCeSS in meeting their obligations under the successful “e-Infrastructure for the Social Sciences” proposal. The intention is to deploy the work already completed in integrating WMS into OGSA-DAI in order to access Ordnance Survey data from the EDINA WMS for background mapping. It will be based on developments in either the Modelling and Simulation in e-Social Sciences (MoSeS) node or Geographic Visualisation of Urban Environments (GeoVue) node as both have strong geospatial requirements. MIMAS will also be collaborating under the auspices of the GEMS project (Grid Enabling MIMAS Services) and making available aggregate statistics from the 2001 Census. Note that this will also be achieved using OGSA-DAI on the NGS. The second exemplar will use the output from WP2 and demonstrate the integration of remotely sensed data with topographic and socio-economic data. The remotely sensed data will be accessed via WCS enabled OGSA-DAI and the other data via Web Feature Service (WFS) enabled OGSA-DAI. Note that EDINA intends resourcing the integration of WFS into OGSA-DAI using funds allocated to the Grid Enabling of National Data Centre data. Linking in the socio-economic data may be achieved using the OGC Geolinked Data Access (GDAS) specification (currently discussion paper status).

Outputs including reports:

• A Social Science client application demonstrating secure access to data held at EDINA and MIMAS data via OGSA-DAI and the OGC WMS interface.

• A client application demonstrating use of both the WFS and WCS OGC interfaces integrated into OGSA-DAI.

Work Package 4 – Community dissemination, documentation, reporting (duration 24 months)

|Partner responsible |EDINA |

|Programme objective: |Capture and effectively disseminate the lessons learned throughout the project and provide |

| |clear recommendations for future development. |

|Relevant developments |GRID GIS Working Group |

Objectives:

• Effectively communicate to the user community lessons learned during the project.

• Provide clear guidance to JISC on how to proceed with making national data centre data available on the Grid. This would be relevant not only to JISC national data centres but also data centres funded by the Research councils.

Brief description of work: A key objective of this proposal is to build something that can be used by others. Effort will be expended throughout the duration of the project to engage with, and inform, other communities working on closely related projects. Examples include the JISC funded ShibGrid projects in the UK, the GridShib project in the US, the OGC (see WP5), other Research Council data centres, and those members of the academic community in the UK conducting research, learning or teaching involving Grid and GI.

Outputs including reports:

• A report identifying the main security issues and recommendations to JISC on how to progress.

• Implementation roadmaps, best practice and how-to guides to enable wider community adoption.

Work Package 5 – Engagement with the OGC (duration 24 months)

|Partner responsible |NCeSS/EDINA |

|Programme objective: |Leverage existing relationship with OGC to validate and enhance outcomes from project |

|Relevant developments |EDINA hosting of June 2006 OGC Technical Committee meeting |

Objectives:

• Liaison and external stakeholder engagement for evaluative purposes.

• Input to and feedback from standards development process.

Brief description of work: This WP will provide a key link between the GI community as represented by the OGC and the Grid community as represented by NeSC and NCeSS. It will involve engagement with OGC through regular attendance at OGC Technical Committee meetings and is intended to be resourced under Area C of the JISC Circular. The attendee(s) will be required to participate in the Security and GeoDRM WG meetings. Particular attention will also be paid to ongoing efforts to understand and develop the relationship between the Grid and GI communities. The attendee will be expected to participate in the following ways:

• by providing input where the topic is the relationship between security in the Grid and GI domains,

• by making recommendations to OGC staff on engagement with the Grid community.

• by tracking relevant developments in the Interoperability Programme, e.g. the GeoDRM thread of OWS4 (see section 4.1)

Outputs including reports:

• Proposals to the OGC security WG.

• Recommendations to the OGC Interoperability Programme.

• Post OGC TC meeting reports and discussion with the NERC GridGIS WG.

2 Project Management and communication

EDINA will act as the lead partner for the purposes of project administration and finance. Overall responsibility for the project will rest with senior staff at EDINA. The project will be coordinated by a Project Director, Dr David Medyckyj-Scott and the Project Manager, Chris Higgins, based at EDINA.

A work package focusing on project management will be produced as part of the overall project plan. A series of full project meetings will include a project kick-off, mid-term and final round up. Checkpoint meetings will review progress against the plan. To limit the T&S outlay, the majority of communications will be conducted virtually by video/teleconferencing. Day-to-day communications amongst project members shall be conducted by email and phone. The JISC Open Source policy will adhered to.

3 Risks

|Risk |Probability |Severity |Score |Action to Prevent/Manage Risk |

| |(1-5) |(1-5) |(P x S) | |

|Outputs from the |3 |4 |12 |NeSC and EPCC are in close contact through OMII-Europe, NextGRID, |

|ShibGrid projects are | | | |EGEE and as members of Globus Management Committee, with |

|not useable. | | | |alternative work in this area. We are confident that we will be |

| | | | |able to source alternative open source software to use as a |

| | | | |foundation. Indeed, this is a required activity in OMII-Europe. |

|Usability debilitated|3 |3 |9 |Examine bottlenecks and performance metrics. Investigate |

|by performance. | | | |scalability under different architectures. |

|Non alignment between |2 |4 |8 |Close liaison with OGC and community. Development of flexible |

|OGC direction and | | | |interfaces capable of providing end user choice as to security |

|project. | | | |mechanisms to be deployed. Provision of extensibility stubs. |

|Lack of interest in |2 |5 |10 |Exploit existing links with user community fora e.g. GRIDGIS WG. |

|either Grid and/or GI | | | |Active dissemination activity. Provide exemplars. Illustrate use |

|community | | | |and provide advice, direction and assistance in adoption. |

|Personnel Recruiting |2 |3 |6 |Secondment from other project partners. Deferred start to |

|takes too long or | | | |engineering effort (as implicit in WP scheduling). |

|unsuccessful | | | | |

4 Dissemination and exploitation

EDINA and others involved in the project have an existing community consultation and briefing process, based around their respective activities in the geospatial and Grid communities, research relationships through various projects, and occasional forums reaching the broader community. The following forums will be especially important to this project and, where possible, have been factored into the workplan:

• OGC

• JISC Geospatial Working Group

• JISC e-Framework related activities

• JISC e-Infrastructure e-ReSS standards work

• NERC GridGIS WG

• GridNET2 related discussions

• Global Grid Forum (GGF)

A project website will be maintained by EDINA as the primary means for communication and dissemination of project results. Reports will be published on the website. News about the project will continue to be disseminated via mailing lists, newsletters etc. and promotional materials will be used to disseminate project outcomes and to promote the demonstrator services. Opportunities for scholarly publishing will be sought wherever possible.

5 Evaluation, Review and Quality Assurance

In accordance with the JISC Project Management Guidelines, EDINA and primary partners will undertake evaluation of their work. An Evaluation Plan will be developed as part of the overall Project Plan and will include formative as well as summative evaluation. External evaluation and review will in part be conducted by Associate Partners and key stakeholders.

A quality plan will be designed to ensure that the project satisfies agreed quality standards and deliverables are completed as required. All deliverables will be subject to formal review against agreed criteria by the Project Manager and partners. Final acceptance criteria for the completed work will be defined and agreed. Technical deliverables will be subjected to testing by members of the Project and representative stakeholders. OGC web services that are created will be validated against OGC conformance tests where they exist.

Budget

The project will start on June 1st 2006 and last for a period of 24 months ending 31 May 2008

Budget across Academic Years – Area A

| |FTE |yr1 |yr2 |yr3 |Total |

|EDINA Staff | | | | | |

|Project Director |0.1 |0 |0 |0 |0 |

|Project Manager – Chris Higgins (AD 3.3) 24 months from June|0.37 |2,674 |17,409 |15,716 |35,799 |

|2006 | | | | | |

|SDSS Advisor (AD3.5) |0.15 |1,136 |7,387 |6,635 |15,159 |

|Shared EDINA/NeSC Staff | | | | | |

|Software Engineer – (AD2.1) 15 months from 1 Sept 2006 – for|1 |0 |32,593 |9,496 |42,089 |

|advertising | | | | | |

|Total | | | | | |

|Equipment & Consumables | | | | | |

|Laptop for Software Engineer | |900 | | |900 |

|Consumables | |20 |120 |90 |230 |

|Travel & Subsistence | |333 |3000 |1,667 |5,000 |

|Overall totals | |5,063 |60,509 |33,604 |99,177 |

Year 1 (Jun-Jul 06), Year 2 (Aug 06 – Jul 07), Year 3 (Aug 07 – May 08)

Institutional Contributions include: from EDINA, Project Director and infrastructural services (space, heating, lighting, power, equipment); from NeSC, NcESS and MIMAS, additional staff time. These costs are not included above and will NOT be claimed from JISC.

Budget across Academic Years – Area B

|1.5 NCeSS/EDINA staff member at each OGC TC meeting during project|No.s meetings |Year 1 |Year 2 |Total |

|duration | | | | |

|Accommodation @ £500 per attendee |3 |2,250 |2,250 |4,500 |

|Registration fees @ £170 per attendee |3 |765 |765 |1,530 |

|Travel @ £400 per attendee |3 |1,800 |1,800 |3,600 |

|Subsistence @ £250 per meeting |3 |1,125 |1,125 |2,250 |

|Total | | | |11,880 |

Capabilities

|Primary relevant area |Lead partner |Main tasks |

|of competence | | |

|OGC |Geo Services team at|Project Management |

| |EDINA |Provide WMS/WFS on top of Ordnance Survey topographic and UKBORDERS Boundary data.|

| | |Engage with the OGC |

| | |Collaborate with NeSC and integrate WFS into OGSA-DAI |

|Security |SDSS team at EDINA |Provide guidance in the review of the current state of play from the Shibboleth |

| | |and Web Services perspective |

| | |Work with NeSC and the EDINA Geoteam to produce a version of GT that incorporates |

| | |the GridShib component and which can communicate with OGSA-DAI |

| | |Work with NeSC and the EDINA Geoteam to engage with the JISC ShibGrid projects to |

| | |enable users with the appropriate Shibboleth credentials to access the OGC web |

| | |services (WMS and WFS) via GT and OGSA-DAI |

|Grid related |NeSC |Collaborate with the EDINA Geoteam and integrate WFS into OGSA-DAI |

| | |Create and install the modified version of GT |

|Social Science User |NCeSS |Create a demonstrator client accessing the EDINA web services via the modified |

|requirements | |OGSA-DAI |

| | |Work with MIMAS to integrate the appropriate socio-economic data |

The above table lists the partners primary relevant area of competence against the main tasks allocated to them under this proposal. The following are brief statements summarising evidence demonstrating the partners ability to undertake these tasks:

EDINA (Geo Services Team)

Based at the University of Edinburgh, EDINA is a JISC-funded National Data Centre with a strong service orientation. It offers the UK tertiary education and research community networked access to a library of data, information and research resources. Several of the most significant of these resources are online geospatial services, e.g. Digimap and UKBORDERS. EDINA’s mission is to enhance the productivity of research, learning and teaching in the UK academic sector. It is active in the areas of interoperability and web services.

• Integral part of the JISC Information Environment and academic sector Spatial Data Infrastructure through provision of services allowing discovery, access, and use of core GI datasets, e.g. Digimap (190 universities, approx 28,000 users) gives access to Ordnance Survey data, UKBORDERS (9000 active users) gives access to 300 digitised boundary data sets of the UK.

• Member of OGC since 1999. Member of the OGC GeoDRM WG. Hosting a week long Technical Committee (TC) meeting during June 2006.

• Extensive use of OGC specifications throughout services and projects.

• Key driving organisation in terms of past and current efforts to bring GI and Grid communities together, e.g. organised the first formal meeting of the two communities at a 2 day workshop in Cambridge in 2003, organised a Grid Ad Hoc at the OGC TC June 2004, currently organising another Grid Ad Hoc for OGC TC in June 2006 (Edinburgh).

• Founding member of the NERC GridGIS WG.

• Collaborated with NeSC to integrate the OGC WMS interface into OGSA-DAI.

EDINA (Shibboleth Development and Support Services (SDSS) team)

Shibboleth technology has been selected by JISC as the next generation access management framework for UK H&FE. The EDINA SDSS team has actively supported this goal:

• Established a development federation which forms the basis of the UK production federation to be launched in September 2006.

• Established effective collaboration with UKERNA, who will assume management responsibility for the UK production federation.

• Worked closely with the core Internet2/MACE group responsible for the base standards, including secondment of staff for design and implementation work.

• Developed and contributed solutions addressing UK requirements to the core implementation group.

National e-Science Centre (NeSC)

Based at the Universities of Edinburgh and Glasgow, the National e-Science Centre is the pre-eminent centre for e-Science in the UK. Its mission is to stimulate and sustain the development of e-Science in the UK, to contribute significantly to its international development and to ensure that its techniques are rapidly propagated to industry. It aims to encourage the interaction and bi-directional flow of ideas between computing science research and e-Science applications and develop advances in scientific data curation and analysis to enable management, sharing and best use of research data.

• With EPCC, the supercomputing centre at the University of Edinburgh, NeSC is one of the leading Grid research and development centres worldwide.

• Through NeSC and EPCC, the University of Edinburgh is a member of the Globus Alliance (lead developers in creation of Globus Toolkit), a partner in OMII-UK, OMII-Europe, coordinating partner in NextGRID.

• Lead developer in the OGSA-DAI project – middleware to assist with access and integration of data from separate sources via the Grid.

• Collaborated with EDINA to integrate the OGC WMS interface into OGSA-DAI.

• The DyVOSE project (led by NeSC in Glasgow) demonstrates dynamic delegation of trust through an extended version of PERMIS. The experience of DyVOSE and the more recent GLASS project has given the NeSC team considerable experience in the practicalities of combining the Shibboleth approach to security with the existing X509 digital certificate-based Grid security infrastructure.

National Centre for e-Social Science (NCeSS)

NCeSS aims to promote and facilitate e-Science within social science research. NCeSS is funded by the ESRC and was formally established in April 2004. NCeSS consists of a coordinating Hub and a set of research-based Nodes distributed across the UK (two of the nodes have particularly strong geospatial components). The Hub is based at the University of Manchester. The role of the Hub is to act as the central resource for e-social science in the UK, and integrate them with ESRC research methods initiatives and the existing e-Science core programme.

NCeSS has recently (March 2006) been awarded £550k by the ESRC in order to build an e-Infrastructure for the Social Sciences in the period from May 2006 to April 2008. Building on the coincident timing, this Grid-OGC proposal aims for synergy and integrates with the NCeSS workplan. It will also assist them in meeting their commitment to work with the JISC funded National Data Centres and provide exemplars. As a consequence, work carried out under this proposed project will have greater uptake and be subject to greater peer review throughout its lifespan.

MIMAS

MIMAS is a JISC and ESRC-supported National Data Centre run by Manchester Computing, to provide the UK higher education, further education and research community with networked access to key data and information resources to support teaching, learning and research across a wide range of disciplines. In addition MIMAS offers specialist support and training, data sharing and gateway services

• Under the GEMS project, MIMAS will be Grid enabling (using OGSA-DAI on the NGS) CasWeb – an online service to statistics and related information from the United Kingdom Census of Population.

2 Technologies and developments relevant to the proposal (abbreviated)

National Grid Service

The NGS is the core UK grid, intended for the production use of computational and data grid resources. NGS is the core service resulting from the UK’s e-Science programme. NGS is supported by JISC, and is run by the Grid Operations Support Centre (GOSC). The NGS is funded by the JISC (3 clusters), CCLRC (1 data cluster), and EPSRC (CSAR and HPCx).

OGSA-DAI

The OGSA-DAI project, which started in 2002, develops middleware to assist with access and integration of data from separate sources via the Grid. It is intended to make the process of combining data from multiple, distributed, heterogeneous and autonomously managed data sources easier. Its middleware delivers many commonly required functions in a form that is easily composed and extended. It enables application developers to build virtual data resources that draw on up-to-date data from a set of other data resources.

Globus Toolkit

The open source Globus Toolkit is one of the most popular implementations of a software toolkit used for building Grid systems and applications. OGSA-DAI is shipped as part of the Globus Toolkit distribution, and can utilise the GT GSI security mechanisms to control access to data services, in a coarse grained fashion. In addition, OGSA-DAI can utilise the GridFTP efficient data transport component to move data sets.

Shibboleth

Shibboleth is a standards-based, open source middleware software which provides Single Sign On across or within organisational boundaries. It allows sites to make informed authorisation decisions for individual access of protected online resources in a privacy-preserving manner. The Shibboleth software implements the OASIS SAML v1.1, specification, providing a federated Single Sign On and attribute exchange framework. Shibboleth also provides extended privacy functionality, allowing the browser user and their home site to control the attributes being released to each Service Provider. Using Shibboleth-enabled access simplifies management of identity and access permissions for both Identity and Service Providers.

GridShib

The NMI GridShib project is a collaboration between NCSA and the University of Chicago. The goal of the project is to allow for interoperability between the Globus Toolkit and the Shibboleth Identity Federation system. Thus far in the project, basic interoperability has been achieved in that a deployment of the Globus Toolkit can query and receive attributes from a Shibboleth service regarding a Grid user, and then make an access control decision based on those attributes. Future work will focus on refining this capability as well as addressing higher-level management issues, such as management of the federation of name spaces between the Grid and campus worlds and the management of the trust configuration/metadata between the Grid and Shibboleth components.

ShibGrid

The JISC GridShib Projects, Shibboleth Enabled Bridge to Access the National Grid Service (SHEBANGS) and ShibGrid, are intended to produce software tools to facilitate one or more of the following:

• Shibboleth brokered authentication to obtain a user’s proxy certificate, e.g. via a myProxy server or alternative mechanism.

• Shibboleth-brokered authentication to the NGS (or similar) portal.

Prior OGC Grid related activities

Over the last few years, EDINA has been collaborating with their colleagues at the NeSC and together they have integrated the widely used Web Map Service (an OGC and ISO standard) interface into OGSA-DAI. Recognising the potential importance of overlap between the development of OGC and Grid standards as they apply to geospatial data, EDINA organised a Grid Ad Hoc meeting at the OGC Technical Committee (TC) meeting in Southampton in 2004. In collaboration with OGC staff and the NERC GridGIS WG, EDINA is repeating this exercise for the OGC TC meeting which EDINA is hosting in Edinburgh during June 2006.

The JISC funded Interoperability Project was a six-month project undertaken by EDINA, MIMAS, the Centre for Computational Geography at Leeds, the Department of Geomatics at UCL and involving the NERC Data Grid, to demonstrate how web services based on OGC standards may best be used to deliver geospatial data to the academic community. A series of standards compliant clients to illustrate three use cases were built (drawn from teaching research and general service delivery perspective) capable of accessing and consuming web services delivered via a distributed computing platform, illustrating mapping and data integration. A number of areas requiring further investigation were identified, chief amongst these was service security.

OGC and service/data security

The principal use case for the OGC is Spatial Data Infrastructure (SDI), defined as the base collection of technologies, policies and institutional arrangements that facilitate the availability of and access to spatial data. SDI based on open interoperability standards (OGC and ISO) components are increasingly commonplace and provide the communication and transport mechanism for trading/selling/distributing use of spatial content. While this last statement is true, it has been recognised for several years that there is a major gap in the OGC technical baseline in respect of standards supporting interoperable trading. The wide range of standards developed for other media do not meet the requirements of the geospatial community and in 2004, the OGC set up the GeoDRM WG (Geospatial Digital Rights Management) WG. Defined as the packaging, distributing, controlling and tracking of geospatial content based on rights and licensing information, this WG has a scope beyond the means of establishing trust, i.e. authentication and authorisation, and the OGC is in the process of establishing a Security WG – to be inaugurated at the Edinburgh TC in June 2006.

To date, the majority of implemented work in the security area has been done in an ad hoc fashion by individual OGC members or as part of the OGC Web Service (OWS) initiatives. These are part of the OGC’s Interoperability Programme and feed directly into the Specification Programme, they are major collaborative projects working to solve specific problems posed by the initiatives sponsoring organisations. OWS3 had a geoDRM thread (which looked at click-through licences) as does OWS4 (currently going through the Request for Quotation process with kick off scheduled for June).

Based on the GeoDRM Reference Model (as developed by the GeoDRM WG), OWS4 will look at more involved trading scenarios than OWS3 and will develop a trusted geo services authentication and authorisation service. Communication between GeoDRM-enabled OGC web services will use the SOAP protocol binding and WS-Security to carry the GeoDRM information. According to the current schedule, demonstrations of the OWS4 delivered services will take place in Oct 2006.

Key Personnel

• Chris Higgins. Dec 2003: Organised first formal meeting in the UK between the GI and e-Science communities in Cambridge. June 2004: Organised an open ad hoc Grid meeting of the Earth Observation WG at the OGC TC meeting at the Ordnance Survey HQ. July 2004: Founding member and current Chair of the NERC funded GridGIS WG. Member of OGC UK Forum Steering Committee and the GeoDRM Working Group since its formation. Organising Interoperability Day and Grid Ad Hoc at the OGC TC EDINA is hosting during June 2006. Project Manager at EDINA.

• Neil Chue Hong. Project manager of the four-site OGSA-DAI project, as well as the leading the Grid Foundations development work in NextGRID, with overall responsibility for three team leaders and some dozen Edinburgh-based technical staff, plus leadership of 20 other partner organisations across Europe. He is a member of the OMII-UK Operations Committee, a member of the Globus Alliance management team, a committer on the Globus Incubator project and chairs the GGF ByteIO WG. He teaches software engineering and scientific visualisation modules on the EPCC MSc. He has been chair of the Access to Data in Files WG and Gridstart Data Management TWG, secretary of the Data Transport RG, a member of the SunDCG advisory board and a member of the OMII TAB.

• Dave Berry.  Deputy Director for Research & E-infrastructure Development (RED) at NeSC.  The software engineer will work within the RED team, building on and enhancing their Grid knowledge and experience.  Dave is co-investigator of several e-Science research projects, including GridQTL (BBSRC), FireGrid (DTI), and DyVOSE (JISC).  He is co-chair of the OGSA Data working group of the GGF. He is a member of the OMII TAB and the NCESS Science Delivery Board.

• Andy Turner has worked in the Centre for Computational Geography at the University of Leeds since October 1997 and with NCeSS on MoSeS since July 2005. Andy is a member of the NERC GridGIS Working Group and is involved in the development and application of Grid technology in the geographic information e-Social Science domain.

• Sandy Shaw is the Project manager of SDSS. He has worked as a systems programmer, International standards editor and consultant on numerous projects for various commercial and public organisations. Most recently before SDSS has led the JISC-funded TIES and TIES II projects investigating issues concerning the use of digital certificates in UK HE.

-----------------------

[1] It should be noted however that conventional OGC web services do not mandate the use of SOAP (in order to reduce implementation complexity and encourage take up) which makes exploration of this approach less appealing if wider OGC community adoption is deemed of greater priority than expediency to the UK academic community.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download