86 Copyright © 2010 Open Geospatial Consortium, Inc.

8.1.3.6 Availability

The availability measure ensures that there is no denial of authorized access to various information and services due to events impacting the system. One can also consider disaster recovery mechanisms to be included in this security measure category. Some of the most common techniques for availability measures are to have potential to add parallel andor backup processing services e.g. stand by and fail-over services and capabilities. This includes choosing adequate network design and options. The authorization and authentication measures would also ensure that no disruptive operations are allowed.

8.1.3.7 Privacy

The privacy measure provides for the protection of sensitive data that might be derived from the observation of Event Service activities. The privacy measure may also provide the right of entities to determine what information related to them may be collected, stored and disclosed and by which entities and which entities may have access to that information. Examples of this data might include Event Service subscribers or publishers geographic location or some other privacy related information.

8.1.3.8 Communication security

The communication security measure ensures that data flows only between the authorized entities. This will also guarantee that the data is not diverted and intercepted as it passes between these entities. If messages are always exchanged between an Event Service and a client without an intermediary, different levels of secure communication may already be achieved using various network layer security protocols e.g. IPSec, HTTPS, TLSSSL, MPLS, VPN.... In situations where messages have to travel over multiple physical nodes over a public network it will be required to protect the message itself, not just between two endpoints. This is the case in a federated brokered Event Service environment. To protect a message from the event publisher to the final consumer, independent of the transport protocol, data confidentiality and data integrity measures must be applied to the message itself. Copyright © 2010 Open Geospatial Consortium, Inc. 87

8.1.4 Mapping security measures to threats

The Yes in a table designate that a particular security threat is mitigated by a corresponding security measure. It is usually a combination of security measures which can mitigate certain threats e.g. both authentication and authorization. Table 35 and Table 36 show in which way each of the security threats and vulnerabilities discussed in section 8.1.2.1 is mitigated by the security measures described in section 8.1.3. This way, solutions to enable event security can be discussed in a technology independent way. The sections 8.1.5 and 0 describe how the necessary security measures can be realized in WS- and RESTful environments. Table 35: Mapping security measures to threats – part one Security Measure\Threat Data destruction Unauthorized creation of malicious subscriptions Unauthorized modification and corruption of data Authentication Yes Verify the identity of the entity attempting to delete data. Yes Ensure that only authenticated entities can create subscriptions. This is in particular important if subscriptions are possible using on behalf of. Yes Verify the identity of the entity attempting to modify data. Authorization Yes Ensure that only authorized entities can delete data. Yes Ensure that only authorized entities can create subscriptions. This is in particular important if subscriptions are possible using on behalf of. Yes Ensure that only authorized entities can modify data.