74 Copyright © 2012 Open Geospatial Consortium OWSType WFS GeoPDP on GeoPDPURL http:...GeoPDPserviceOWS-8 Location Listing 19: Configuration for activating the Context Handler

10.1.2 Context Handler

The Context Handler implements the duties as described in the XACML specification. Therefore, the main task is to interpret the intercepted WFS request and create an XACML conformant Authorization Decision Request. For a GET request, it analysis the HTTP query string and creates an XACML AttributeValue representation. For a POST request, it inserts the POSTed request into the XACML ADR under the ResourceContent element. How this is done in detail is described in the XACML v2.0 OWS Profile specification within the following Requirement Classes: Requirements Classes {xop;RC1.2, xop;RC1.3WFS: 2.0;, xop;RC1.4WFS:2.0;, xop;RC1.9WFS:2.0;, xop;RC1.11WFS:2.0; } Listing 20: Requirements Classes used by the Context Handler to construct the XACML ADR For any Authorization Decision that indicates “Missing Attributes” the Context Handler instructs the PIP to fetch them. For OWS-8, the Context Handler and the PIP are an instance for AIXM and as such understand to resolve “Missing Attributes” for “aixm:controllingAgency” and “aixm:usingAgency”. The missing attribute “aixm:controllingAgency” in the context of scheduling airspaces will trigger a series of WFS requests to obtain the instances of aixm:Unit that represent the controlling agency for the airspace to be scheduled. In a similar fashion, the aixm:Unit representing the using agency of the airspace to be scheduled is fetched from the WFS. The logic, how to actually fetch the AIXM features from the protected WFS is implemented in the PIP.

10.1.3 PIP

The Policy Information Point PIP for OWS-8 implements the logic how to fetch the AIXM features representing the controlling and using agency for a scheduled airspace. Based on the gml:identifier for the airspace to be scheduled, the PIP first fetches the aixm:AirTrafficControlService instance that is responsible for the airspace. Because the forward references from the Airspace instance to the AirTrafficControlService are not part of the standard AIXM model only available as an optional extension, the PIP requests the AirTrafficControlService which holds as backward references the airspace. OGC 11-086r1r1 Copyright © 2012 Open Geospatial Consortium 75 Next, the PIP fetches the Unit representing the controlling and using agency. Finally, the PIP fetches the BASELINE of the airspace to be scheduled. This is required as the airspace scheduling request must not include he geometry of the airspace, but for the geographic access rights, that geometry must be present. Figure 21: Information Linking for SAA Scheduling The figure above shows all AIXM features that are involved in deriving an authoritation decision for SAA Scheduling. All AIXM features – fetched in sequential requests to the WFS - are composed in an XML document that is returned to the Context Handler so that an extended ADR can be issued to the GeoPDP. The sequence of requests is illustrated in