Copyright © 2013 Open Geospatial Consortium 3 The Policy Decision Point is responsbile for deriving an authorization decision based on the information provided in the authorization decision request that was received from the PEP and the Policy that was loaded from the PAP. If the PDP is a XACML 2.0 compliant implementation, it will accept XACML 2.0 policies. If the PDP is a GeoXACML 1.0 compliant implementation, it will accept a GeoXACML 1.0 or a XACML 1.0 policy. PEP Policy Enforcement Point: The Policy Enforcement Point is responsible for rejecting or accepting requests from a client to a service that is protected by the PEP. For OWS‐9, the PEP is also responsible for modifying intercepted requests to the service or intercepted responses from the service according to XACML 2.0 Obligations that are expressed in the authorization decision that was received from the PDP. STS Secure Token Service: The Secure Token Service is responsible for releasing access tokens to amend messages to the PEP which is expecting WS‐Security conforme SOAP messages.

5.2 Use Case Data Sets Access Restrictions

The use case defining the access restrictions for the SSI thread are outlined on a OWS‐9 wiki page: https:portal.opengeospatial.orgwikiOWS9ScenarioAlternative and on various emails. A detailed summary – that covers all relevant details to produce a XACML policy – is available from the OWS‐9 portal: https:portal.opengeospatial.orgfiles?artifact_id=51106 . For the sake of completenes and the ease of reading, this section comprises all the information. Important for the SSI thread are two data sets: Haiti and Monterey. The first data set is hosted on a WFS originally provided by the carbonproject and the second data set is hosted on a WFS originally provided by interactive instruments. For both WFS, the SSI thread participants GEOAxIS and con terra provide through their infrastructure secured endpoints which will enforce the defined access rights. Involved actors are the Chief, the Map Analyst for Monterey and Haiti and the Planner for Monterey and Haiti. All of these users have access rights which are described in more detail below. To demonstrate that any other user on the network has no access to the data sets, the user Placebo system user Placebo is in place. The actor Chief system user Chief has unconstrained access to the Haiti data set and for the Monterey data set can see the government buildings regardless of location plus every feature regardless of security tagging inside the airport boundary. ฀ Access permitted for all features regardless of security marking within the airport boundary as defined by AeronauticalCurves.2 Copyright © 2013 Open Geospatial Consortium 4 ฀ Access permitted to all features of type tds:BuildingGeosurface if the property featureFunction‐1 equals government or localGovernment or subnationalGovernment The actor Monterey Map Analyst system user MAnalyst has unconstrained access to the Haiti and Monterey data sets. The actor Monterey Planner system user MResponder has full access to the Haiti data set and limited access to the Monterey data set: ฀ Access denied for all features statically marked “S” that are within the airport boundary as defined by AeronauticalCurves.2 StructureSurfaces.19572, AeronauticalPoints.109 ฀ Access denied for features alternatively marked „S“ if request in time 2013‐ 01‐12 to 2013‐01‐13 AeronauticalSurfaces.1054 ฀ Access denied for all features of type tds:BuildingGeosurface if the property featureFunction‐1 equals government or localGovernment or subnationalGovernment The actors Haiti Map Analyst system user HAnalyst and Haiti Planner system user HResponder both have unconstrained access to the Haiti data set and no access to the Monterey data set.

5.3 Architecture Details