Copyright © 2009 Open Geospatial Consortium, Inc. 133 the adversary likes to cancel all sensor assignments with a certain SPS requires to know task IDs. It is relatively easy to fetch task ids as they are part of many request and response messages and communicated in the clear. Applying confidentiality to the task ID eliminates the risk that an adversary fetches valid task IDs by Eavesdropping.

11.1.6 Applicability of Non-Repudiation

Non-Repudiation is a security requirement that does make sense only for systems that have implemented other basic security requirements. It does not make sense to talk about the applicability of non-repudiation for the baseline services of this ER as they are not implementing any security requirement.

11.1.7 Applicability of Security Audit and Alerts

Security Audits and Alerts are in principal applicable to the baseline services, as they support administrators to determine the fact that attacks are exercised or have been. For example would the auditing of the execution of the GetStatus operation of the SPS that returns an error because the task ID from the request does not exist and the request come in with a high frequency burst, this could trigger an alert for the administrator. 12 Notification pattern based communication and Firewalls During the cross thread activities in OWS-6 between the Aeronautical Information Model AIM and the Sensor Web Enablement SWE threads some issues regarding notification pattern based communication also called push-based communication and firewalls arose. More precise, the issues were discovered in context of the integration of the SWE Event Service implementation into the AIM scenario. The question that evolved was: „How can events be delivered to a consumer 4 whose client is behind a firewall?―. In order to answer this question, notification pattern communication is introduced and the problems for different security solutions that make use of firewalls are discussed. This report does not specify solutions how a notification pattern based communication can be established in the different environments but presents general approaches to the problem.

12.1 Notification pattern based communication

Notification pattern based communication is an interaction pattern used in Event Driven Architectures EDAs. In contrast to request-response based communication it is initiated by the data source the publisher every time new data is available. This behavior allows transmitting notifications new data as soon as possible without the need of partly unnecessary requests or the possibility to miss important notifications. Thus notification 4 The consumer or target of a notification pattern based communication may be a client but can also be a service that for instance processes the received data and publishes the results. 134 Copyright © 2009 Open Geospatial Consortium, Inc. pattern based communication is an important means in highly reactive and event driven applications such as early warning systems.

12.2 Firewall and NAT

Networks in a private household are usually secured by a firewall and Network Address Translation NAT integrated in a router. In addition also personal software firewalls on each computer may be used. This security solution in general works if communication is initiated from clients inside the private network. Figure 6: Private Network protected by one Firewall When trying to establish notification pattern based communication, the incoming notifications are typically rejected by the firewall. In order to permit the communication requested from the outside, every firewall has to be configured to accept incoming communication. This is usually done on a port basis. Furthermore the Router has to be configured to forward the incoming notifications to the desired consumer computer. This is necessary because the publisher does only know the external IP address of the router but not the internal address of the actual consumer. By adding a static route from the router to a particular computer on the private network, incoming notifications can be delivered to the desired consumer.

12.3 Perimeter networks