Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Multi-client Capability in the FROST Server: A Practical Example and Technical Insights

Zum Abspielen dieses externen Videos auf unserer Webseite müssen Sie den folgenden Button anklicken. Wir möchten Sie darauf hinweisen, dass durch den Start des Videos Daten an externe Anbieter übermittelt werden.

Video jetzt laden

Weitere Informationen finden Sie in unserer

Datenschutzerklärung

Content

This webinar demonstrates how, as part of the CUT project, the multi-tenant capability of the FROST server developed by Fraunhofer IOSB was successfully implemented in a production environment by the City of Leipzig. The solution enables data from multiple stakeholders to be operated securely and separately on a shared infrastructure.
The multi-tenancy feature was developed in cooperation with the cities of Munich and Leipzig. It enables flexible, data protection-compliant use of the FROST server in distributed municipal data spaces.
Detailed documentation can be found in the official FROST Server Documentation from Fraunhofer IOSB. The open-source FROST Server software is available via opencode.de, amongst other sources.
Furthermore, the project aims to make the extensions “Expanding Entities in MQTT” and “Filtering Entities in MQTT” usable in conjunction with multi-tenancy.

The Key Learnings

The FROST server as the technical foundation

The FROST server provides the technical foundation for open and standardised sensor data provision and is already being used in a variety of applications, including Open Data Leipzig, the Leipzig App and the Master Portal.

Two layers of protection for optimal data privacy

The server is configured with two instances: an open instance for anonymous access and a secure instance in which sensitive project data is also protected on a user-by-user basis.

Multi-client capability enables access control

The integration with Keycloak enables role- and project-based access control that extends down to the entity level and takes complex data relationships into account.

Preventing inferences from data

As the OGC SensorThings API allows for complex relations, access control must be implemented directly within the database (including via row-level access, views and query modifications) to prevent unauthorised access to data.

Shared use of infrastructure by project roles

The project role concept that has been developed (global and project-specific roles) makes it possible to operate different organisations and datasets together within a FROST infrastructure.

Explore More Academy Posts

Contact

Dr. Hylke van der Schaaf

Department of Information Management and Control Engineering (ILT), Fraunhofer Institute for Optronics, System Technologies and Image Processing IOSB

digital@leipzig.de
Andrea Bitter

Department of Geoinformation and Land Use Planning, City of Leipzig

digital@leipzig.de

The Partner Cities
Funded by