SANY D2.3.4 Specification of the Sensor Service Architecture V3 Doc.V3.1 Copyright © 2007-2009 SANY Consortium Page 98 of 233 authorisation is carried out on the basis of successfully authenticated identities that are part of an authorisation request.

6.8.3.5 Policy Enforcement

Policies or access rules can be expressed in many ways from simple access control lists to complex statements in policy languages like the OASIS eXtensible Access Control Markup Language XACML OASIS 2005. The actual application of access rules is performed through the combination of Authentication section 6.8.3.3 and Authorisation section 6.8.3.4 and the actual enforcement of access control decisions.

6.8.3.6 Policy Management

Access control tasks include the provision of means to manage access rules. The main functions covered by Policy Management are - creation, update and deletion of instances of policies, - definition and management of policy templates for certain frequently used access control patterns, and - distribution of policy templates.

6.8.4 Access Control Service Architecture

As illustrated in Figure 6-13, access control in the SensorSA is accomplished through the interaction of services, each of which fulfils one or more of the access control tasks described above: - The Profile Management Service see section 8.3.2 manages profiles and their relations to identities. - The Identity Management Authentication Service see section 8.3.3 is responsible for the management of identities, their authentication and the management of credentials. An instance of the Identity Management Authentication Service acts as both authentication provider AP and identity provider IdP. - The Policy Management and Authorisation Service see section 8.3.4 supports the management of policies, acting as policy administration point PAP as well as policy information point PIP. Moreover, as an instance of the authorisation service interface it acts as policy decision point PDP - The Policy Enforcement Service see section 8.3.5 handles the necessary interaction authentication authorisation to obtain the required access control decision and is independent of the controlled service generic. - The Service Proxy mimics the controlled service and delegates the service request to the Policy Enforcement Service. SANY D2.3.4 Specification of the Sensor Service Architecture V3 Doc.V3.1 Copyright © 2007-2009 SANY Consortium Page 99 of 233 Ide ntity Ma nag eme nt Au the ntica tion Po licy Ma nag eme nt Po licy En force me nt Au tho risa tion Pro file Ma nag eme nt Identity Management Authentication Service Profile Management Service Service Proxy Policy Enforcement Service Policy Management Authorisation Service Figure 6-9: Abstract Access Control- Tasks Services In addition to the access control service infrastructure, the profile and identity model see section 7.4 as one vital part of the underlying information model, plays a key role in the access control service architecture and enables the separation of concerns. As an example, the support of different authentication methods, without compromising the whole service architecture, is made possible due to the decoupling of profiles and identities as well as the management of identities in different instances of the Identity Management and Authentication Service, each possibly supporting a different authentication method. Based on the Abstract Access control Pattern section Figure 6-12 the workflow involving relevant services can provide non intrusive access control i.e. realisation with a minimal impact on existing software components for all services specified in the SensorSA service viewpoint see section 8.3. Implementation options for non intrusive security on service and data level are described in section 10.5.1.

6.9. Conceptual Building blocks for “Plug-and-Measure”