Policy Enforcement Service Access Control Services
8.3.5 Policy Enforcement Service
Name Policy Enforcement Service Standard Specifications The following standards are by the Policy Enforcement Service: OASIS Security Assertion Markup Language SAML v2.0 OASIS SAML 2.0 profile of XACML v2.0 Description The Policy Enforcement Service is a dedicated policy enforcement point PEP that handles the necessary interaction with Authorisation Service and Authentication Service. The PEP comprises the service independent part of a proxy solution for non-security enabled web services and thus is one important component of non-intrusive web service security for services compliant with the SANY W3C Web Services Platform section 9.2.1. It enables both security-enabled and non-security-enabled clients to access a proxied web service via the same interface. The PEP always works in conjunction with a service specific proxy andor a service specific client facade. As suggested in OASIS WS-Security standards, the optional security information encoded in SAML is provided in the SOAP header while the actual service request in the SOAP body remains unchanged. The Policy Enforcement Service provides its functionality through the following interfaces: ServiceCapabilities PEP Interface ServiceCapabilities getCapabilities Informs the client about both common and specific capabilities of a Policy Enforcement Service instance. Interface PEP doRequest This operation performs a service request and enforces access restrictions by calling a service that implements the Authorisation Interface. In general doRequest is called by a proxy andor client facade.. Example usage The Policy Enforcement Service is designed to interact with the Authentication and the Policy Management and Authorisation Service. It verifies the genuineness of the security information by calling the Identity Management and Authentication Service and then delegating the evaluation of the access policies to an external policy decision point PDP, the Policy Management and Authorisation Service. Comments none Table 8-10: Description of the Policy Enforcement Service SANY D2.3.4 Specification of the Sensor Service Architecture V3 Doc.V3.1 Copyright © 2007-2009 SANY Consortium Page 150 of 2338.4. Services of the Mediation, Processing and Application Domain
Parts
» Specification of the Sensor Service Architecture (SensorSA)
» Executive Summary Specification of the Sensor Service Architecture (SensorSA)
» Intended Audience Abbreviations and acronyms
» General Remark Terms and Definitions
» Architectural Framework Specification of the Sensor Service Architecture (SensorSA)
» Relationship to the ORCHESTRA Architecture
» Requirements of GMES Enterprise Viewpoint
» Requirements of GEOSS Enterprise Viewpoint
» Requirements of Sensor Networks
» Overview Sensor Network User Requirements
» Data and Information User Requirements
» Data Quality Security User Requirements
» Processing and Fusion User Requirements
» Decision Support User Management
» Complex form of a Sensor Sensor System
» Overview Enterprise Viewpoint of a Sensor
» Engineering Viewpoint of a Sensor
» Service Viewpoint of a Sensor
» Information Viewpoint of a Sensor
» Overview Functional Domains Major Concepts of the Sensor Service Architecture
» Overview RequestReply Interaction Model
» Event-based Interaction Model Models of Interaction
» Event Definition Event-based Architectural Style
» Event Properties Event Model
» Event Verbosity Levels Event Model
» Form of Events Roles in Event Relationships
» Overview Event Processing Role Model
» Event Role Interfaces Event-Driven Processing System
» Resources Resources and their Identification
» URN Namespace for SANY Resources
» Naming principles Resources and their Identification
» Resource and Catalogue Types
» Sensor Planning Information Service Planning Functions
» Introduction Data and Service Integration Interpretation
» Discovery Monitoring Authentication and Authorisation
» The measurement process Uncertainty
» Access Control Service Architecture
» t Conceptual Building blocks for “Plug-and-Measure”
» Overview Information Model for Observations Measurements OM
» Information Model of the Sensor Observation Service
» Model for Subject Related Information Profiles and Identities
» SAML Security Assertion Markup Language
» XACML eXtensible Access Control Markup Language
» Event Information Model Information Viewpoint
» Resource representation Resource name
» Resource link Uniform Interface
» Introduction Relationship between Resources, Services and Features
» Overview Meta-information Schema for Discovery
» Meta-information Sections Related to Observation Discovery
» Overview Services of the OGC Sensor Web Enablement
» Sensor Observation Service Services of the OGC Sensor Web Enablement
» Web Notification Service Services of the OGC Sensor Web Enablement
» Overview Profile Management Service
» Policy Enforcement Service Access Control Services
» Overview Services of the Mediation, Processing and Application Domain
» Interfaces of WS-Base Notification Specification
» Properties of a Service Platform
» Specification of the SensorSA W3C Web Services Platform
» Specification of the SensorSA OGC Web Services Platform
» Specification of the SensorSA RESTful Web Services Platform
» Introduction Query Models Resource Discovery Policy
» Discovery of Observations Typical resource discovery policies
» Discovery of Procedures Typical resource discovery policies
» Event-based Harvesting Resource Discovery Policy
» Overview Policies for Sensor and Service Monitoring
» Policies for Sensor Planning
» “Non intrusive” at service level
» Delegate Anonymous Service Chain
» Patterns for Access Control in a Multi-Protocol Environment Usage of SAML
» Attachment of quality information
» Data flow optimization Providing alternative views to data
» Data pre-processing Multi-level sensor data storage
» Processing Chain Service Processing Chains .1 Introduction
» Approach Combining Earth Observation and In-situ data .1 Introduction
» Integration of Mobile Sensors
» Definition and Subscription of Events
» Sensor Plug In Plug-and-measure Support
» Sensor recognition and connection establishment Sensor Adapters
Show more