This page is for making available information associated with IGIBS related events that took place in Edinburgh during the INSPIRE (Infrastructure for Spatial Information in Europe) conference at the end of June 2011.
Mostly this activity was in the area of authentication and specifically, access control around the OGC Web Services (OWS) that underpin INSPIRE and most other major Spatial Data Infrastructures (SDI).
We had a surprisingly well attended (given it was the first day of the conference) 90 min workshop on Monday the 27th “Shibboleth Federations and Secure SDI: Outcome and Demonstrations from the OGC Web Service Shibboleth Interoperability Experiment”. Here are the slides (INSPIRE2011_Shibb_workshop_intro_v2) used to introduce the event and set the agenda:
The second agenda item was presentations from some member states actively investigating the use of Shibboleth:
- Sweden (Sverige Securing geodata services – Shibboleth)
- Germany (GDI-DE Test Federation)
- UK (INSPIRE2011_UK Position)
I suspect that there are other countries engaged in similar work and it would be really good to hear whats going on elsewhere.
The third section was a bit fraught as initially we thought that the internet at the EICC would be suspect, it was fine and it was the EDINA servers that threw a wobbly. In the end though, five organisations demonstrated live their modified OWS client software (desktop and browser based) undergoing the Shibboleth interactions using a selection of WMS and WFS from the ESDIN Federation (including Welsh Government services) and the BKG (German National Mapping Agency). These organisations were:
We concluded with a question and answer session that I cant do justice to here. Possibly the most interesting discussion related to the JRC position in respect of INSPIRE and access control guidance. My understanding is that, for now at least, this is being left to the discretion of the member states. Several countries have stated that some of their services will be protected and there is no agreement on using a uniform interoperable solution. It is acknowledged that this is a problem and is going to make it difficult (impossible?) to create applications that work across countries where protected network services are involved.
Some of these issues are further explored in the paper submitted to the International Journal of Spatial Data Infrastructures Research and presented (here are the slides INSPIRE2011_Shibb_AMFs_paper_v2) on Wednesday 28th June. There is also a wealth of additional background information available off of the FGI hosted ESDIN wiki (see the section on Identity Management).
If you have got this far and gone through this material you may be forgiven for thinking that INSPIRE is broken and that unless:
- The ambition for the European SDI is scaled back, or
- All the resources are made open, or
- Somebody bites the bullet and initiates the creation of a genuinely interoperable parallel security infrastructure based on Access Management Federation technology, or
- … (if you know of a serious alternative, please could you comment)
Then its never going to really work as originally concieved. Which, I am sure you would agree, would be a great loss…