OGC 11-086r1r1 Copyright © 2012 Open Geospatial Consortium 17 Target - The set of decision requests that a rule, policy or policy set is intended to evaluate. 4 Conventions

4.1 Abbreviated Terms

AD Authorization decision ADR Authorization decision request AIXM Aeronautical Information Exchange Model GeoPDP PDP implementing GeoXACML GeoXACML Geospatial eXtensible Access Control Markup Language GML Geography Markup Language OASIS Organization for the Advancement of Structured Information Standards OGC Open Geospatial Consortium OWS OGC Web Service OWS-678 OGC Web Services Initiative, Phase 678 PAP Policy Administration Point PDP Policy Decision Point implementing XACML PEP Policy Enforcement Point SDI Spatial Data Infrastructure SOA Service Oriented Architecture URL Uniform Resource Locator URN Uniform Resource Names WFS-T Web Feature Service -Transactional XACML eXtensible Access Control Markup Language 18 Copyright © 2012 Open Geospatial Consortium XML eXtensible Markup Language OGC 11-086r1 Copyright © 2012 Open Geospatial Consortium 19 5 Introduction WFS-T 2.0 instances serving AIXM information shall be official, recognized data sources that only publish reliable and accurate data. To meet this requirement appropriate access control systems need to be in place, that ensure that the update of existing AIXM features by adding a time slice to the feature and the insertion of new features meet various business rules. Previous OWS initiatives focused on the authorized retrieval of AIXM information via WFS instances. The Aviation Thread of the OWS-8 initiative focuses on the secure update and insert of new AIXM 5.1 information into the underlying databases of WFS-T 2.0 instances. In the following sections we identify a suitable rights model for an access control system protecting WFS-T 2.0 based AIXM data sources. We discuss how to define the required authorizations and how to implement and configure the components of the access control system enforcing these rights. 6 The Access Rights Model for the Authoritative AIXM Data Source During the design and development phase of an access control system one has to agree on an appropriate conceptual and logical access rights model. The chosen models need to be sufficiently expressive to describe the types of access rights that need to be enforced in the given application domain. Section 6.1 introduces popular rights models and summarizes their main characteristics. Section 6.2 lists types of access rights that frequently need to be enforced when protecting Web Feature Services and other OGC Web Services. Section 6.3 evaluates the presented rights models with respect to the required types of authorizations. Section 6.3.6 summarizes the results of this chapter.

6.1 Conceptual Access Rights Models