7.4.1 Trust Model: The Client Perspective

The following picture shows the general trust model, picturing only the relations the client has with the different system entities: Identity Provider Issue Token Renew Token Validate Token Cancel Token License Broker Manager GeoDRM Enabled OGC Web Service GeoDRM Enabled OGC Client Security Policy Security Policy Security Policy Issue Token Renew Token Validate Token Cancel Token Identity Tokens License Tokens Security Tokens Claims Tokens OWSRequest Challange Negotiation Error OWSResponse Figure 3: Trust model from the client perspective The entities and their roles:

1. Identity Provider IP – An STS that manages identity tokens. Typically an IP

will issue identity tokens to clients as a result of a negotiation such as asking the client to provide some other tokens or proofs of claims. A typical example can be exchanging one token for another such as in a federation. Furthermore an IP can also validate identity tokens typically on behalf of the GeoDRM Enabled Service and cancel such tokens. For the purposes of this document, identity tokens are any of the tokens described in [WS-Security] that convey identity claims. The IP can have a Security Policy associated that describes the conditions that are placed on the client in order to establish the trust between the two so that the client can invoke the operations of the IP. Such conditions might include the kind of tokens that the client should present, protocols constrains, etc. Note that the IP is not a mandatory part of this trust model. A client can also obtain identity tokens by other out-of-band mechanisms such as for example Copyright © 2007 Open Geospatial Consortium 25 registering to a web site where at the end of the registration process it receives a username and a password.

2. License Broker License Manager LBLM – An STS that manages license

tokens. Typically a client will contact the LBLM in order to procure license tokens that will be used when interacting with the GeoDRM Enabled Service. The LBLM will typically issue such license tokens at the end of some interaction negotiation such as showing a proof of some claims – like having read and accepted a disclaimer or having paid a certain amount of money. Furthermore the LBLM can also validate license tokens typically on behalf of the GeoDRM Enabled Service, renew upgrade such licenses and cancel them. Similar to the IP, the LBLM can have a Security Policy associated that describes the constraints that are placed on the client in order to establish trust between the two. Such conditions might include the kind of tokens that the client should present, protocols constrains, etc. At this point no details are given as to how the LBLM is implemented or how it communicates with the other services IP GeoDRM Enabled Service. These will be specified in the next section.

3. GeoDRM Enabled OpenGIS® Web Service – An OpenGIS® Web Service that