Changes between Version 1 and Version 2 of TI12_Security/DEWS/SeaInfoAccess2GADS-WCSUseCase

12/01/07 14:11:15 (13 years ago)



  • TI12_Security/DEWS/SeaInfoAccess2GADS-WCSUseCase

    v1 v2  
    1 == Use Case: BMT SeaInfo access to GADS-WCS == 
     1== Use Case: BMT !SeaInfo access to GADS-WCS == 
    33=== Description === 
    4 The steps required for SeaInfo to access GADS-WCS data. 
     4The steps required for !SeaInfo to access GADS-WCS data. 
    66=== Actors === 
    1717=== Triggers === 
    18 A client makes a request to the Gatekeeper for data. 
     18BMT !SeaInfo client makes a request to the Gatekeeper for data. 
    2020=== Outcome === 
    2525 1. MarineAA receives the request from !SeaInfo and verifies the signature of the SOAP message. 
    2626 1. MarineAA extracts the Distinguished Name of the !SeaInfo certificate associated with the signature and looks up this user in its list of registered users. 
    27  1. Retrieve roles contained in the Attribute Certificate. 
    28  1. Parse Geoserver request and call getCapabilities to get the role name for the resource associated with the request. 
    29  1. Make access control decision matching the role of the Geoserver resource against the roles available in the Attribute Certificate.  If a match is found, access is granted. 
    30  1. Call the audit/logging web service for the Gatekeeper and record:  
    31     * timestamp 
    32     * user ID (contained in Attribute Certificate ''holder'' element) 
    33     * organisation (Attribute Certificate ''issuer'' or ''issuerName'' element) 
    34     * request 
    35     * response size 
    36     * response time. 
    37  1. Forward the Geoserver request to Geoserver. 
    38  1. Receive the response from Geoserver and put into a SOAP response. 
    39  1. Sign SOAP repsonse before dispatch if required or is practicable. 
    40  1. Dispatch SOAP response back to the client. 
     27 1. MarineAA finds an entry for the user and adds the associated users roles to a new Attribute Certificate. 
     28 1. The MarineAA signs the Attribute Certificate and sends it back a signed SOAP message. 
     29 1. !SeaInfo receives the SOAP message and verifies its signature checking it belongs to the MarineAA. 
     30 1. !SeaInfo extracts the Attribute Certificate from the message and verifies the signature of the certificate checking it belongs to the MarineAA. 
     31 1. !SeaInfo makes a request SOAP message containing the Attribute Certificate and the Geoserver request.   
     32 1, It signs the message using its private key before dispatch to the Gatekeeper. 
     33 1. The Gatekeeper processes the request and returns a response. 
     34 1. !SeaInfo polls the Gatekeeper for a response containing the data.