RIP is out!

Posted by Patrice Cappelaere Mon, 10 Sep 2012 14:43:00 GMT

Here is a 5mn slideshare on RIP: A framework to analyse and evaluate RESTful services.  This will be the basis for a 5mn presentation at REST Fest 2012 at the end of this week in Greenville, SC.

RESTful Patterns for [OGC] Enterprise Services

Posted by Patrice Cappelaere Sun, 19 Aug 2012 12:13:00 GMT

This is the title of the presentation I will be giving at RESTFest 2012, Sept 13-15th in Greenville, SC.

"Let’s imagine a SensorWeb with millions of services of various types that could be accessed by humans or automatically by machines over the web. Let’s imagine sensor gauges in Namibia connected to forecasting models in the US and earth-orbiting satellites ready to image the upcoming flood on-demand. What architectural patterns may be required of these services to meet the challenge? Based on many observed best practices, which ones may need to be instituted for seamless interoperability over time? The Open Geospatial Consortium has defined a multitude of standardized services. Over the last 25 years, those standards have evolved from a REST/RPC style to SOAP and a newer binding style is now being considered. This presentation will focus on some of the contemplated best practices that could be used to define a policy for a REST/Hypermedia API to be used at this enterprise level"

2-Factor Authentication for SensorWeb

Posted by Patrice Cappelaere Tue, 29 Dec 2009 03:48:00 GMT

Securing transactional RESTFul OGC Web Services is a challenge but can be done using a hybrid OpenID/OAuth protocol (see OGC OWS-6 interoperability demonstration).

To increase the security assurance level beyond level-1, you need to use more than one authentication factor such as: something you know (password) and something you have (keyfob).  Our openid server is currently being upgraded to support Verisign Identity Protection (VIP) and VIP Access using Mobile Credentials (free for end-users).

If you register a credential in your profile, a security code can now be used in addition to a password to gain access to the SensorWeb services.  A security code can also be used to delegate user authority to consumer applications such as workflows to access services on your behalf.  Credentials will become mandatory to gain access to satellites and UAV tasking request over the web.  There will still be an air gap between users and assets but, at least, user identity will be known with very high confidence.

Our goal is to demonstrate that it can be done simply, cheaply and RESTfully.

Security Requirements for RESTful Web Services

Posted by Patrice Cappelaere Fri, 22 May 2009 02:11:00 GMT

A RESTful web service approach is great but it needs to be somewhat secure to survive in the wild Internet.

Here are some of our requirements that we tried to address with our OGC OWS-6 demonstration.  I will try to upload the videos to YouTube next week.

Here is another presentation given at the 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009) in Baltimore this week.  More later…

Two Degrees to SensorWeb 2

Posted by Patrice Cappelaere Thu, 08 Jan 2009 02:55:00 GMT

For SensorWeb to be relevant, we believe that any of its data and assets can be no further away than two degress of separation from anyone in the world. This does assume that those users would be from trusted domains and would have been granted the proper permissions from their organizations.  We are coining this our SWE "Bacon" number or Two.  So, you are doing SWE?  What is your Bacon number?



Esip Jan 09
View SlideShare presentation or Upload your own. (tags: ogc geoss)

Older posts: 1 2 3