OGC Testbed 15

For more information please contact ip [at] ogc.org (subject: OGC%20Testbed%2015%20Information)

 

 
 

In OGC’s 15th annual major testbed, Sponsoring organisations once again defined geospatial IT interoperability and/or technology requirements. Following the proven and well established OGC testbed process, Testbed Sponsors' real world requirements are integrated into a set of software architectures by OGC Staff. The combined requirements are documented and released as an OGC Call for Participation (CFP). Technology providers respond to the CFP and the selected organizations receive cost-share support and funding to collaboratively research and rapidly develop prototype solutions. The results of the Testbed activity are submitted to the OGC Standards Program to be considered as input into ongoing OGC consensus-based standards and best practices work.

Testbed-15 addressed six main topics (Threads) as illustrated in the figure below:


The following was the primary research goal for each thread:

  • The Earth Observation thread focused on developing a data model and an associated catalogue interface to support Earth Observation (EO) application and process discovery.

  • The Data Centric Security thread researched the current state of security in protecting data in a geospatial environment using encrypted containers.

  • The Federated Cloud Analytics thread researched how emerging technologies and architectures featuring distributed cloud environments can be successfully integrated with OGC Open Web Services.

  • The Delta Updates thread explored how changes (updates) to geospatial data can be securely provided to users in the field, especially in a Denied, Disrupted, Intermittent, and Limited (bandwidth) situation.

  • The Open Portrayal Framework thread defined models, APIs, and an architecture to support and enable open and interoperable portrayal of geospatial content.

  • The Machine Learning thread explored how machine learning models and their outputs could be integrated with OGC Open Web Services.

1. Key Impacts on OGC Standards Work

Testbed 15 work resulted in:

  • Sixteen Engineering Reports presented to the Members and approved for public release.

  • The various API prototype activities provided detailed input into the OGC API-Common draft specification supporting the release of this document as a draft OGC standard.

  • Submission of a formal proposal to form a Styles API Standards Working Group to continue development of the OGC API-Styles with the intent to have that API approved as an official OGC standard.

  • Development and testing of prototype OGC API-Maps/Tiles and OGC API-Images and ChangeSets specifications.

  • Detailed technical and requirements input into the new OGC API-Records (Formerly Catalog) Standards Working Group.

  • Investigation of the integration of several machine learning models into standards based digital infrastructures.

  • Enhancement of the "applications to the data" architecture for Earth Observation data cloud processing.

  • Proposals for extensions/enhancements to the OGC GeoPackage Standard inclusing extensions related to tiled feature data, encoding portrayal information (styles and symbols), a proposal for Metadata and Application Profiles, and an extension to support semantic annotations.

2. Future Steps

  • Submission of the various prototype OGC API specifications into the OGC Standard Program for continued development and consensus approval as OGC Standards.

  • The next major OGC Initiative, Testbed-16, runs April to December 2020, with testbed results to be reported as part of the OGC Technical Committee meetings in September and December 2020.

3. Thread Summaries

The six Testbed 15 Threads are summarized in the following sections.

3.1. Thread 1: Secure Data and Federated Clouds (SFC)

3.1.1. Data Centric Security

Explore How Data Centric Security principals can be applied at the feature level in a geospatial data store.

Data-centric security emphasizes the security of the data itself rather than the security of networks, servers, or applications. In Testbed-15, the focus was on how security works at a Feature Level and what implications this has on the network in terms of additional communication burden. With a focus on actual interactions and general workflows, Testbed-15 work sought to answer the question of how data centric security can be applied to OGC standards based architectures:

  • How does data centric security work with OGC standards and best practices?

  • Which elements are already supported and how?

  • Which modifications to existing OGC standards or best practices are necessary to exploit the full potential of data centric security?

To answer these questions, the Testbed particpants examined the use of encrypted containers in combination with geospatial data using the encoding for an OGC API - Features and the Web Feature Service (WFS) FeatureCollection structure. Within that context, the particants looked at the use of encrypted container formats such as NATO STANAG 4778 "Information on standard Metadata Binding" with metadata as defined in NATO STANAG 4774 "Confidentiality Metadata Label Syntax" to permit the sharing of sensitive information between allies.

image

Geospatial Policy Enforcement Point (GeoPEP) as a Proxy for STANAG 4778

The work performed in Testbed 15 demonstrated that with a security proxy and an OGC API - Features service, an implementation can satisfy the requirements for a data centric security model. The OGC Data Centric Security Engineering Report documents the results of implementing three data centric scenarios. Two of the scenarios verified that there are backward compatible methods for implementing data centric security.

The following are additional information resources regarding the Data Centric Security task.

Information Resource Location of resource

Requirements

CFP Sponsor Requirements for Data Centric Security

Engineering Report

Data Centric Security Engineering Report

Power Point Presentation

Slide presentation

Short Video

Youtube Video

3.1.2. Federated Cloud Analytics

Research how emerging technologies and architectures featuring distributed cloud environments can be successfully integrated with OGC standards

The advent of cloud computing has fundamentally changed how people and organizations view computing — and more specifically how people and organizations interact with data and service resources. All computing resources, including clouds, exist in some type of administrative domain wherein access management can be done. As long as resources are all in the same administrative domain, managing access is straight-forward. However, with the continued development of our interconnected world, it is becoming increasingly common that data and services desired by a user exist across different administrative domains.

Easily accessing resources distributed across different administrative domains is a challenge. The naive approach is for an individual to maintain n1 different accounts and credentials for n2 different organizations. A more effective approach is federation.

Simply put, a federation enables a set of participating organizations to selectively share data and resources for specific purposes. The goal is to make federated environments as seamless, transparent, and easy to use as a single centralized environment. More precisely, a federation is a security and collaboration context wherein participants can define, agree on, and enforce joint resource discovery and access policies.

Previous OGC Testbeds addressed a number of issues related to supporting analytic workflows where the data and analytics are hosted or deployed in an ad-hoc manner on multiple heterogeneous clouds that belong to different administrative domains. In this Testbed activity the OGC began to assess the sufficiency of that body of work and identify areas were additional work is needed. This assessment was performed through a proof of concept executing a non-trivial analytic mission leveraging data and analytics hosted on two or more clouds.

Of particular interest in this context are three use cases. First, the handling of security in federations. Second, how the Testbed-13 and Testbed-14 research results of "bringing applications to the data" relate to SCALE and SEED. SCALE is an open source system that provides management and scheduling of automated processing on a cluster of machines. SCALE uses the SEED specification to aid in the discovery and consumption of processes packaged in a Docker containers. Third, the role of blockchain and distributed ledger technologies in the context of handling provenance in federations.

image

Scale Concept Overview

To meet this objective, this task was organized in four separate sub-tasks. The following research questions were addressed by the participants:

  • Federated Security: Can the NIST/IEEE Federated Cloud Architecture be validated (or invalidated) in a typical federated clouds analytics scenario that includes separate cloud environments? What are the advantages and disadvantages, and how does this extended functionality fit within the OGC family of standards?

  • Federated Cloud Analytics: How to bring SCALE and SEED into the family of cloud architectures supported by OGC standards? What role does the OGC WPS Standard play? What catalog solutions work best?

  • EOC, SCALE, and SEED: How to handle the different approaches for cloud processing? Where are harmonization opportunities, what needs to remain separate?

  • Federated Clouds Provenance: How can Blockchain and distributed ledger technologies be used to protect the integrity of different types of provenance data?

The results of each of these work activities are described in the Thread Engineering Reports as well as the additional material below:

Information Resource Location of resource

Requirements

CFP Sponsor Requirements for Federated Cloud Analytics

Engineering Reports

Federated Clouds Security Engineering Report
Federated Clouds Analytics Engineering Report
Scaling Units of Work (EOC, Scale, SEED) Engineering Report
Federated Cloud Provenance Engineering Report

Power Point Presentation

Slide presentation

Short Video

OGC Video

3.2. Thread 2: Cloud Processing and Portrayal (CPP)

3.2.1. Earth Observation Process and Application Discovery

Researching approaches for users to discover and run the Earth Observation applications they need.

Over the last decade, several platforms have emerged that provide access to Earth Observation data and processing capacities. These platforms host very large (petabyte) datasets. To effectively process these data, a paradigm shift from data download and local processing towards application upload and processing close to the physical location of the data is critical. In the future platform capabilities need to be combined in order to interpret peta- or exascale scientific data.

The focus of Testbed-15 work was to define the building blocks such that applications and related services can be exposed through an OGC Catalogue service. The Testbed particpants described and demonstrated how OGC standards can be used or need to be extended to provide for discovery and use of EO data processing applications that can be deployed and executed by the user or are already deployed and available behind standardized OGC interfaces. The participants also demonstrated how existing and emerging systems - as deployed by NASA (e.g. NASA DAACs and NASA DASS), ESA (ESA TEPs) or systems that have already integrated various nodes such as the Earth System Grid Federation (ESGF) - can be federated to allow for cross-platform analysis and visualization of data.

The results of this work define the building blocks through which such applications and related services can be exposed through a Catalogue service, including: A data model, service interfaces, and a service management interface.

The key findings from the work include:

  • The bindings for the proposed Catalogue and GeoJSON Data Model are consistent with existing OGC Standards related to OWS Context and OGC Extensions of OpenSearch.

  • Support for facet discovery and faceted search responses was borrowed from existing OASIS SRU specifications and the SRU extension of OpenSearch.

  • The proposed Data Model relies on OGC OWS Context [OGC14-055r2] offerings to describe service or application access mechanisms and endpoints.

  • In addition to the GeoJSON-based model, the corresponding JSON-LD representation is proposed as well in this ER. A service or application described in the catalog is modelled as a dcat:DataService in [DCAT-2].

The results of the Data Centric Security task activities as well as supporting information are provided in the following resources:

Information Resource Location of resource

Requirements

CFP Sponsor Requirements for Earth Observation Process and Application Discovery

Engineering Report(s)

Catalogue and Discovery Engineering Report

Power Point Presentation

Slide presentation

3.2.2. Open Portrayal Framework

Define the Models, APIs, and Architecture to Support and enable Open and Interoperable Portrayal.

Interoperable, dynamic portrayal of maps and related geospatial data is still challenging when working across multiple computing, rendering, communications and display environments. Despite previous efforts, the OGC is still missing a robust conceptual model and related APIs capable of supporting multiple style encodings.

Therefore, the primary topics addressed in the OPF Thread covered supporting style sharing and updates, client- and server-side rendering of both vector- and raster data, and converting styles from one encoding to another. This work was based on a draft Conceptual Style Model. In addition, there was a requirement to render data according to style definitions in a denied, disrupted, intermittent, and limited bandwidth (DDIL) infrastructure.