Copyright © 2013 Open Geospatial Consortium 29 AttributeId = urn:SD:def:xacml:2.0:hostname AttributeValue localhost AttributeValue Attribute Attribute DataType = http:www.w3.org2001XMLSchemaanyURI AttributeId = urn:SD:def:xacml:2.0:uri AttributeValue serviceCSWCompusult AttributeValue Attribute Attribute DataType = http:www.w3.org2001XMLSchemastring AttributeId = urn:SD:def:xacml:2.0:context AttributeValue urn:SD:def:xacml:2.0:response AttributeValue Attribute Resource Action Attribute AttributeId = urn:oasis:names:tc:xacml:1.0:action:action-id DataType = http:www.w3.org2001XMLSchemastring AttributeValue Post AttributeValue Attribute Attribute AttributeId = urn:SD:def:xacml:2.0:request DataType = http:www.w3.org2001XMLSchemastring AttributeValue GetRecords AttributeValue Attribute Action Environment Attribute DataType = http:www.w3.org2001XMLSchemadate AttributeId = urn:oasis:names:tc:xacml:1.0:environment:current-date AttributeValue 2012-06-08 AttributeValue Attribute Attribute DataType = http:www.w3.org2001XMLSchematime AttributeId = urn:oasis:names:tc:xacml:1.0:environment:current-time AttributeValue 09:28:27Z AttributeValue Attribute Attribute DataType = http:www.w3.org2001XMLSchemadateTime AttributeId = urn:oasis:names:tc:xacml:1.0:environment:current-dateTime AttributeValue 2012-06-08T09:28:27Z AttributeValue Attribute Environment Request Table 7 — XACML MRP request example

6.3.5 AD for the CSW response ADR

The following snippet illustrates the details of the AD received from the PDP. Response xmlns = urn:oasis:names:tc:xacml:2.0:context:schema:os xmlns:xsi = http:www.w3.org2001XMLSchema-instance xsi:schemaLocation = urn:oasis:names:tc:xacml:2.0:context:schema:os access_control-xacml-2.0-context-schema-os.xsd urn:oasis:names:tc:xacml:2.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd xmlns:xacml = urn:oasis:names:tc:xacml:2.0:policy:schema:os xmlns:xacml-context = urn:oasis:names:tc:xacml:2.0:context:schema:os Result ResourceId = [local-name=OWSContext][1][local- name=ResourceList][1][local-name=Layer][3] Decision Permit Decision Status StatusCode Value = urn:oasis:names:tc:xacml:1.0:status:ok Status Result Result ResourceId = [local-name=OWSContext][1][local- Copyright © 2013 Open Geospatial Consortium 30 name=ResourceList][1][local-name=Layer][1] Decision Deny Decision Status StatusCode Value = urn:oasis:names:tc:xacml:1.0:status:ok Status Result Result ResourceId = [local-name=OWSContext][1][local- name=ResourceList][1][local-name=Layer][2] Decision Permit Decision Status StatusCode Value = urn:oasis:names:tc:xacml:1.0:status:ok Status Result Response Table 8 — XACML MRP response example Processing of the AD above has the effect that the PEP removes that XML element from the CSW response, which is referenced by the following xpath expression: [local-name=OWSContext][1][local-name=ResourceList][1][local- name=Layer][1] This XML element actually represents the following resource listing in the OWS Context document: ?xml version=1.0 encoding=UTF-8? Layer queryable = hidden = group = Layers id = 2957 ows:Title hydro ows:Title ows:Abstract hydro ows:Abstract ows:Identifier hydro ows:Identifier ows:OutputFormat imagegif ows:OutputFormat ows:OutputFormat imagepng ows:OutputFormat ows:OutputFormat imagejpeg ows:OutputFormat ows:AvailableCRS EPSG:4326 ows:AvailableCRS ows:BoundingBox crs = EPSG:4326 ows:LowerCorner -71.1485566986829 42.2593928033786 ows:LowerCorner ows:UpperCorner -71.0016725358029 42.4399863588876 ows:UpperCorner ows:BoundingBox Server service = WMS version = 1.1.1 title = Boston on Oracle OnlineResource xlink:type = simple xlink:href = http:webservices2.ionicsoft.comionicwebwfsBOSTON_ORA Server sld:MinScaleDenominator 5000 sld:MinScaleDenominator sld:MaxScaleDenominator 50000 sld:MaxScaleDenominator StyleList Style current = 1 Name default Name Title default Title Style StyleList Layer Table 9 — OWS Context example Copyright © 2013 Open Geospatial Consortium 31

6.4 Access Management to the CSW and the WFSs