NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s...

NPS Natural Resource & GIS ProgramsInventory and Monitoring Program

2009 Data Manager’s Meeting

Identity Management

Authentication(Prove who you are)

• Authentication techniques– Prompt for username / password– Relay network domain credentials– Digital Certificates– Smart Cards

• Username / passwords the most common in our apps right now– Every application stores user information, including passwords– Every application is authenticating users only within the context of a single application– Security Risk:

• Passwords stored in variety of locations• Individual applications may not have the resources to keep up with DOI password policies

• Resolution – Security Token Services (STS)– Centralize user information in STSs

• Only the STS knows the passwords, and/or other user information• DOI security policies are addressed in one place

– STS exchange user credentials for an industry standard digitally signed token• Token is then passed around to apps and services• Applications/Services only have to know how to interpret the token

Security Token Service• Validate User Credentials

– Domain accounts / Windows NTLM• DOI’s Active Directory • For users on the DOI network

– Usernames / Passwords• ADAM / AD LDS a light weight implementation of Active Directory• For users not on the DOI network

– Other credential types• Digital Certificates• Authenticating partner applications / services running automated

processes

• Transform User Credentials– Make claims about a user– Wrap the claims within a digitally signed SAML Token

Security Token Process

Account Management Service

Species Service

Web Portal

Security Token Service(Forms-based)

Browser

1. User requests Login

2. Redirect to STS

5. Redirect to Portal

11. Return secure data

7. Send Request with SAML Token10. Provide secure data

4. User requests Login, add role claims

3a. Internal N

etwork… go to Windows-based STS

3c. Non-Internal Network… go to Forms-based STS

3d. For partner STS… redirect to wrap their SAML

token with our SAML token

6. User request secure data

8. Validate SAML Signature

9. Compare “Role Claim” with permissions for secure operation

Security Token Service(Windows-based)

Security Token Service(Partner Organization)

DOI’s ADFS

0. External user m

ay pre-

authenticate at own site

3b. Forward to DOI’s ADFS

• Apps and Services will never see usernames and passwords, just SAML tokens

Authorization(What are you allowed to do)

• Role based authorization– Users are placed in groups (roles) and permissions are applied to the group– Access to a resource is done by comparing the users role to roles defined for the

resource– Advantages:

• Permission management on small number of groups instead of many users– Limitations:

• Permissions are applied to resources at a very broad level. Granular rules will require more and more groups

• Roles only have meaning within individual applications

• Resource based authorization (Access Control Lists)– Permissions are defined on the resource itself

• Specify what operation / group / user can access a resource– Advantages:

• Authorization rules are up held independent of what service is requesting it– Limitations

• Every resource would have to implement attributes that identify what it is• In the case of system files, often requires some form of impersonation to get through operating

system process rules

• Claims based authorization– Claims are properties that describe the capabilities of an entity

• Type – allow services consuming claims to know what the claim is in reference to

• Right –describes the capability the entity has over a resource• Resource - something to which a claim is made over

– Essentially does role based authorization and more• Roles are based on identity. Identity one of many claims that can

be made about a user

– Advantages:• Separates authorization rules from the mechanisms used for

authentication • Authorization policies, based on claims, can be created down to a

very granular level• Very good at controlling access across platforms and applications

Challenges Solved and Still to Solve• Authentication from multiple sources

– Currently can do multiple types of STS• Transparent logins for domain users• Form based username / passwords against ADAM / AD LDS• Digital Certificates

• Will be developing a flexible and reusable API for authorization– Determine general claim types that are needed across our services– Identify service specific claim types that will be needed– Make it all work for client applications other then web browser

• Excel• Access• Etc.

IRMA Infrastructure Services

Problems to Solve

• Multiple copies of unit, park, etc. databases being used (every app had a different one!)

• Inconsistent park codes and names used

• No common maintenance practices

Version 1.0.0

• Centralized data source

• Initial IRMA coding standards, service structure

• Very atomic methods (not user-friendly, but they work)

Example

• Reference Service – Search Page

http://nrinfo.nps.gov

• Pick List = data + web controls:

Short-term Vision• Full integration with IRMA practices

• Standardized park codes

• More efficient fetch methods

• More sophisticated web controls

Longer-term Vision

• Customizable web controls

• Accessible service for networks and parks

• Search and report page in NRInfo Portal

• Subunits: – Management districts, ranger districts, etc.

• Maintenance functions

Taxonomy

IRMA Infrastructure Services

Problems to be Solved

• Multiple applications need to manage information about taxa

• We need a common currency for discussing taxa

• We would like to use other taxonomic datasets besides ITIS, such as USDA Plants

Version 1.0

• Four primary parts– Names– Categories– Sources– Classifications

• Searching by Name and by Code• Taxon Profile pages• Integration with Species

Search by Name

Search by Code

Search Results

Taxon Profile

Short-term Vision• Include authorities• Integrate USDA Plants list• Downloadable taxonomy lists• Saved searches and layouts• Transform a taxa list using

Crosswalks• Links to external

Classification Sources• More search options

Long-term Vision

• Adding and editing Taxa • Roll-up to Ranks• Authentication• Change History Management• Commenting• Other types of taxonomies

Benefits

• One-stop shopping for Taxonomy

• NPS Taxon Code serves as common currency

• New Classification Sources can be loaded, adding new sets of names

Reference Service Update

Data Manager’s Conference

April, 2009

Overview

• Problem

• Current Status

• Short-Term Plans

• Long-Term Vision

• Benefits of Service

What is the Problem?• Fundamental need to manage citations/metadata

– Documents– Datasets– Photos– Other

• Citations/Metadata in different systems• Hard to associate/group references• Applications do not adequately serve the needs

of the natural resources program

Reference Service 1.0

• Active, non-sensitive, and non-proprietary citations from NatureBib and Data Store

• Limited subset of the Reference attributes• Basic searching and read-only viewing• No user-name or password required to search• Download attachments• Creating/Editing still done through NatureBib

and Data Store

Search

• Simple search (search logic behind the scenes)• Must be easy to use

Search Results

Detailed View

Short-Term Plans

• 1.x Iterations– Functionality of NatureBib and DataStore

– Begin to clarify definitions

– Introduce Reference Owner and Unit Steward roles

– Begin Reference Relationships• Split into related references (e.g., book chapter is part of book)• Begin to Combine duplicates• Show related references as one in Portal

– Create Reference from XML record

– Integrate with other services

• 2.0 +– Turn off NatureBib and Data Store

– Begin following Long-Term Road Map for adding functionality

Long-Term Road Map

• Stakeholder Interviews

• Project Scope

• Version Timeline

Stakeholder Interviews

• Fall of 2008

• Gather user needs

• 100+ people interviewed

• 25+ meetings

Road Map - Project Scope

• Out for review - March 2009• Integrates user needs• Proposes long-term functionality• Very general and… dry• Minimize risks

– Get everyone on the same page– Identify logical flaws

• Survey to Get Feedback/Comments

Survey ResultsChapter Title Average StDev

Reference Collections 1.2 0.5Change History Management 1.2 0.5Notification 1.2 0.5Search/Query References 1.2 0.4Introduction 1.2 0.6

System Level User Groups and Role Management 1.3 0.7Reference-Reference Relationships 1.4 0.7Import/Export References 1.5 1.0Reference-Taxonomy Relationships 1.5 0.7Holdings 1.5 0.9Reference Unit Relationships 1.5 0.8Reference Management 1.6 0.9User Comments and Discussion Threads 1.8 1.3Appendix 1.9 1.2

Accessing the Reference Service via SOAP Messages 2.0 1.1

Road Map – Version Timeline

• Prioritize functionality in Project Scope

• Can begin once Project Scope is completed

• Very important beyond 2.0

Further Development and Refinement

• Progressive elaboration

• Regular user feedback

Develop Service Version

Obtain User Feedback

Modify Versions Timeline

Progressive Elaboration of Project Scope

Benefits

• Leverages functionality of other services– Taxonomy– Units– Authentication– File

• Can be leveraged by other services– Species– Project– Data Clearinghouses

NPSpecies Update

Presented by: Alison Loar

New NPSpecies is Useful Because

• Shared infrastructure– Units, Taxonomy, Authentication, etc

• Reusable controls

• New user friendly user interface on the NRInfo Portal

• Ability to access service fetch operations to “build your own”

Current Status

• NPSpecies 2.0.3 on NRInfo Portal

• Certified Species Lists– For data that have been certified– ability to download lists

• Live Demo…

Upcoming Release

• NPSpecies 2.1.0 – Released next month– Species lists with more views– Park-Species Profile– Simple stats– List of Units (where one species is found)– Live Demo…

Roadmap Release PlanShort Term

• NPSpecies 2.2• Integrate NPSpecies with New Match List Application

• NPSpecies 2.3 • Integrate NPSpecies with New Evidence Applications

(Vouchers, Observations, References)

• NPSpecies 3.0• Add/Edit/Delete• Turn off NPSpecies 1.0

Roadmap Release PlanLong Term

• NPSpecies 3.1 – Ability to have multiple species lists for one

category & one unit in NPSpecies– Tools to Compare and Merge data

• NPSpecies 3.2– QA toolbox with QA Filters– Automated workflow

IRMA Summary: What this Means for You

Data Manager’s Conference

April, 2009

Accessing Information• Web Portal

– Consistent Interface– Brings multiple services together

• SOAP Messages

SOAP Messages•Simple Object Access Protocol•Get information without a web interface•Text messages•Industry Standard (e.g., Travelocity)•Supported by other Languages and Applications

•MS Products•Python

Example SOAP Message

•<CreateReference> • <Title>Birds of ROMO<\Title> <Publisher> NPS<\Publisher>• <DateOfIssue>20080104</DateOfIssue>• <\CreateReference>

Example Messages•FetchReferenceList•CreateReference•FetchReferenceHolding•DeleteReference

Application to Networks•Custom applications•Integrate multiple services for higher level functionality

•Automatic update of web pages

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s...

Documents

The Grand Portage GIS Study - NPS History

1 Acquisition, Analysis and Application of Climate Data John Gross, I&M Ft Collins Lisa Nelson, GIS group, NPS partner Greg Hill, NPClime developer, NPS

Manager's Manual · Web viewJuly 2012Clinical Reminders Manager’s Manual92 ii iiClinical Reminder V. 2.0 Manager’s ManualNovember 2005 iiClinical Reminder Manager’s ManualJuly

Module 4: Creating a Quick Map Sarah Hartsburg GIS Tech, Contractor for NPS Fire GIS sarah_hartsburg@contractor.nps.gov

Climate Data Analysis John Gross NPS I&M Program GIS / Data Management Conference 3 April 2008

Connecting Science and Management: An information value chain NPS 2008 GIS/Data Management Conference April 2, 2008

STATE MANAGER’S

Manager’s Brief

NPS Uses GPS to Assist GIS and Vegetation Inventory Overview · 2012-09-11 · NPS Uses GPS to Assist GIS and Vegetation Inventory Overview Natural Resource Program Center Biological

3 NPS GIS Case Studies Present experiences on planning a GIS program in a park, program or regional office and how data has been integrated across program

Project Manager’s report

Manager’s VIEWPOINT - WCSAP

NPS Bibliographic Metadata Exchange Standard (NPS-BMES) & Application Profile (NPS- BibMAP )

CONSTRUCTION MANAGER’S MANUAL

Mon – manager’s choice Tue – manager’s choice Wed – manager’s choice Thu – holiday Fri – holiday

Construction Project Manager’s

A GIS-Coupled Hydrological Model System for the Watershed … · 2010-04-07 · GIS and SWAT model and was designed to support the combined watershed assessment and analysis of NPS

Hiring Manager’s Guide

The GIS Manager’s Guide to Service-Oriented Architecture Keith Cooke Alabama Account Executive ESRI

Enterprise GIS System Integration - NC GIS Conference · A GIS manager’s dialogue: Is your business semi-integrated or fully system integrated? Enterprise GIS System Integration