Smart Cities are complex distributed systems which may involve multiple stakeholders, applications, sensors, and IoT devices. In order to be able to link and use such heterogeneous data, spatial data infrastructures for Smart Cities can play an important role in establishing interoperability between systems and platforms. Based on the open and international standards of the Open Geospatial Consortium (OGC), the Smart District Data Infrastructure (SDDI) concept integrates different sensors, IoT devices, simulation tools, and 3D city models within a common operational framework. However, such distributed systems, if not secured, may cause a major threat by disclosing sensitive information to untrusted or unauthorized entities. Also, there are various users and applications who prefer to work with all the systems in convenient ways using Single-Sign-On. This paper presents a concept for securing distributed applications and services in such data infrastructures for Smart Cities. The concept facilitates privacy, security and controlled access to all stakeholders and the respective components by establishing proper authorization and authentication mechanisms. The approach facilitates Single-Sign On (SSO) authentication by a novel combination in the use of the state-of-the-art security concepts such as OAuth2 access tokens, OpenID Connect user claims and Security Assertion Markup Language (SAML). An implementation of this concept for the district Queen Elizabeth Olympic Park in London is shown in this paper and is also provided as an online demonstration. Such access control and security federation based realization has not been considered in spatial data infrastructures for Smart Cities before. (C) 2019 The Authors. Published by Elsevier B.V.
