Copyright © 2010 Open Geospatial Consortium, Inc. 83 There are eight security measures identified to address particular aspects of security threats. They are discussed in the following sections.

8.1.3.1 Authentication

The authentication measure serves to confirm the identities of communicating entities. The authentication ensures the validity of the claimed identities of the entities participating in Event Service communication e.g. publishers, subscribers, brokers.... One common requirement in such an environment is the authentication of the participants in the system that communicate with each other as the information that is exchanged must come from trusted sources. This requires that two communication entities have to authenticate with each other no matter in which topologic position in the system they are. This could be achieved by exchanging security tokens between the entities to prove their identity or using some kind of distributed identity management system e.g. brokered trust relationships to manage identities within a particular domain or cross domains. A security token is essentially a collection of claims. The most common security tokens are UsernamePassword combination, SAML tokens and X.509 Public Key Infrastructure PKI or any combination of them. The PKI provides a standard for strong authentication, based on public key certificates and certification authorities. SAML is the framework for communicating user authentication, authorization, and attribute information in a distributed Web Services environment. SAML allows entities to make assertions regarding the identity, and attributes of a subject to other entities. The authentication can be on a transaction, session, temporal or some other basis. For example, in case of distributed identity management the entity might obtain security tokens and establish security context for certain limited time period or session duration. In the context of the Event Service the authentication process may be performed when a data provider registers a data source with the Event Service andor with every data event that is send to the Event Service. Often, a subscriber needs to authenticate itself with the Event Service in order to be allowed access to certain events and operations. It is important to note that the authentication security measure not only addresses user authentication but also has to authenticate the individual services that participate in the Event Service notification distributed processing.

8.1.3.2 Authorization or access control

The authorization measure protects against unauthorized access to certain resources e.g. data, operations. The authorization measures ensure that only authorized entities e.g. personnel, device, software agent... are allowed access to stored information, information flows and services. The authorization requirement in a SOA environment supporting the Event Service determines who can do what on which service under certain conditions. Authorization policies can be attached to the subject that wants to access a service e.g. Role Based Access Control or assigned to the target that the subject wants to access e.g. Resource Based or both. The implementation of the authorization security can be