86
Copyright © 2010 Open Geospatial Consortium, Inc.
8.1.3.6 Availability
The availability measure ensures that there is no denial of authorized access to various information and services due to events impacting the system. One can also consider
disaster recovery mechanisms to be included in this security measure category.
Some of the most common techniques for availability measures are to have potential to add parallel andor backup processing services e.g. stand by and fail-over services and
capabilities. This includes choosing adequate network design and options.
The authorization and authentication measures would also ensure that no disruptive operations are allowed.
8.1.3.7 Privacy
The privacy measure provides for the protection of sensitive data that might be derived from the observation of Event Service activities. The privacy measure may also provide
the right of entities to determine what information related to them may be collected, stored and disclosed and by which entities and which entities may have access to that
information.
Examples of this data might include Event Service subscribers or publishers geographic location or some other privacy related information.
8.1.3.8 Communication security
The communication security measure ensures that data flows only between the authorized entities. This will also guarantee that the data is not diverted and intercepted as it passes
between these entities.
If messages are always exchanged between an Event Service and a client without an intermediary, different levels of secure communication may already be achieved using
various network layer security protocols e.g. IPSec, HTTPS, TLSSSL, MPLS, VPN.... In situations where messages have to travel over multiple physical nodes over a public
network it will be required to protect the message itself, not just between two endpoints. This is the case in a federated brokered Event Service environment. To protect a message
from the event publisher to the final consumer, independent of the transport protocol, data confidentiality and data integrity measures must be applied to the message itself.
Copyright © 2010 Open Geospatial Consortium, Inc.
87
8.1.4 Mapping security measures to threats
The Yes in a table designate that a particular security threat is mitigated by a corresponding security measure.
It is usually a combination of security measures which can mitigate certain threats e.g. both authentication and authorization.
Table 35 and Table 36 show in which way each of the security threats and vulnerabilities discussed in section 8.1.2.1 is mitigated by the security measures described in section
8.1.3. This way, solutions to enable event security can be discussed in a technology independent way. The sections 8.1.5 and 0 describe how the necessary security measures
can be realized in WS- and RESTful environments.
Table 35: Mapping security measures to threats – part one
Security Measure\Threat
Data destruction Unauthorized
creation of malicious
subscriptions Unauthorized
modification and corruption of data
Authentication
Yes
Verify the identity of the entity attempting
to delete data.
Yes
Ensure that only authenticated entities
can create subscriptions. This is
in particular important if
subscriptions are possible using on
behalf of.
Yes
Verify the identity of the entity
attempting to modify data.
Authorization
Yes
Ensure that only authorized entities can
delete data.
Yes
Ensure that only authorized entities
can create subscriptions. This is
in particular important if
subscriptions are possible using on
behalf of.
Yes
Ensure that only authorized entities
can modify data.