Between Un-trusted Security Domains Trust Establishment Between Un-trusted Security Domains Forwarding

78 Cop sd Trusted Domains Alternativ e 2 Doamin A Domain B Security Gateway Client STS A PEP STS B Required Token: • SAML Trusted Issuer: • STS B Required Token: • SAML Trusted Issuer: • STS A Required Token: • Username OWSRequest GetMetadataWS-Policy WS-Policy GetMetadataWS-Policy WS-PolicyB GetMetafataWS-Policy WS-PolicyA RequestSecurityTokenCredentials SAMLTokenA RequestSecurityTokenSAMLTokenA SAMLTokenB WS-SecurityRequestSAMLTokenB Figure 33: Trusted Domains, alternative 2

13.4 Between Un-trusted Security Domains Trust Establishment

Secure communication between domains not being within a trust relationship requires trust establishment. Thus, a chain of trust relationships has to be created which provides a transitive trust relationship between the communication partners. Figure 34 shows three security domains, with a trust relationships between Domain A and Domain B as well as between Domain B and Domain C, but no direct trust relationship between Domain A and Domain C. yright © 2009 Open Geospatial Consortium, Inc. Cop sd Non-Trusted Domains Domain A Domain B Domain C Security Gateway Client STS-A STS-B STS-C PEP Required Token: • SAML Trusted Issuer: • STS-C Required Token: • SAML Trusted Issuer: • STS-B Required Token: • SAML Trusted Issuer: • STS-A Required Token: • Username OWSRequest GetMetadataWS-Policy WS-Policy GetMetadataWS-Policy WS-Policy GetMetadataWS-Policy WS-Policy GetMetadataWS-Policy WS-Policy RequestSecurityTokenCredentials SAMLTokenA RequestSecurityTokenSAMLTokenA SAMLTokenB RequestSecurityTokenSAMLTokenB SAMLTokenC WS-SecurityRequestSAMLTokenC Figure 34: Trust Establishment between Non-Trusted Domains

13.5 Between Un-trusted Security Domains Forwarding

Certain circumstances concerning network security aspects of the sponsors, the use case ‘Between Un-trusted Security Domains’ could not be realized as described in section 13.4, since no direct access between un-trusted networks can be accepted. Thus, Figure 35 shows an alternative which – strictly speaking – is not real communication between un-trusted domains but rather is a cascaded communication between trusted domains, based on the assumption that there are trust relationships between Domain A and B and between Domain B and C, but not between Domain A and C. Since the Security Gateway offers a pure OWS interface, it is possible to protect this Gateway in Domain B with a PEP once more. Thus, Domain C only has to allow access to its OWS to Domain B, acting on behalf of Domain A. yright © 2009 Open Geospatial Consortium, Inc. 79 80 Copyright © 2009 Open Geospatial Consortium, Inc. sd Untrusted Domains - Forw arding Domain A Domain B Domain C Client Security Gateway STS A PEP Security Gateway STS B PEP opt Authorization Required Token • SAML Trusted Issuer • ST S A Required Token • Username Required T oken • SAML Trusted Issuer • ST S B Required T oken • Username OWSRequest GetMetadataWS-Policy WS-Policy GetMetadataWS-Policy WS-Policy RequestSecurityTokenCredentials SAMLTokenA WS-SecurityRequestSAML T oken A OWSRequest GetMetadataWS-Policy WS-Policy GetMetadataWS-Policy WS-Policy RequestSecurityTokenCredentials SAMLTokenB WS-SecurityRequestSAMLToken B Figure 35: Un-trusted Domains - Forwarding 14 RFQ Use Cases The sections that follow provide the use cases contained in the Request for Quotation RFQ that served as the basis for developing the actual security architecture and implementations produced in the GPW thread as part of the OWS-6 testbed. Copyright © 2009 Open Geospatial Consortium, Inc. 81

14.1 Within One Security Domain