4.3 ADPEP

The Application Dependent Policy Enforcement Point (ADPEP) is a gateway that provides access to the TAS³ infrastructure for applications like web applications with a web frontend, business process engines, databases or repositories and many other systems, which are either requesting or responding over a TAS³ secured and trusted channel. Per section 2.2.1 (see also Fig-2.2), the ADPEP belongs to the Front End Services and Web Service components inside the Payload boundary.

As described in Section 2.2.2, the ADPEP is divided into two different types of Application Dependent Policy Enforcement Points:

1. ServiceRequester ADPEP: This web service is part of the Front End Services. Internally, the ServiceRequester ADPEP constitutes together with the Stack, the Service Requester. The Stack handles SOAP protocol details. The Application Independent Policy Enforcement Point (AIPEP) contacts Master PDP, which contacts different PDPs like User PDP, Organization PDP or a Trust PDP to decide whether a requested is trusted or not.

   The main task of the ServiceRequester ADPEP is to collect all required information for an appropriate request that has to be checked by the TAS3 authorization infrastructure. Further information about the payload, which builds up the request, can be found in [TAS3D81RepoSW] figure 8. Common information about the functionalities of the ServiceRequester ADPEP can be found in [TAS3D81RepoSW] and in [TAS3D83CliSW].

   The next steps before sending the request are done by the 'Stack'. As mentioned before, the 'Stack' (and its main component: the AIPEP) is application independent. Its main task is the preparation of the request. The message has to be signed and augmented according to web services binding. WP4, WP5 and especially WP7 work on this security related part of the service requester. Whereas WP8 is responsible for the application dependent part.

2. ServiceResponder ADPEP: This second application dependent service, which functions as responder, is part of the Service Responder component in the Web Service boundary (see Fig-2.3). In analogy to the ServiceRequester ADPEP, the ServiceResponder ADPEP also needs the 'Stack' (with AIPEP and its underlying PDPs) to function correctly. That means, signing and preparation of the message according to the web service binding, the policy checks and the communication with the 'Trust policy decision point', as done by the 'Stack components'.

   The main task of the ServiceResponder ADPEP is to receive requests, route them in an appropriate way to the 'Service Application' and then send back the response to the requester. More details about the functionalities of the ServiceResponder ADPEP can be found in [TAS3D81RepoSW] in chapter 3.2.

Auxiliary components in the both ADPEP Services

To fulfil the mentioned functions of the both ADPEP Services (Requester and Responder), some auxiliary services are required. These services belong to tasks (Task 8.3 - see DoW), which are documented in [TAS3D82BackOffice].

These services neither store person related data nor serve the user directly. They provide ontologies and metadata, perform search and aggregation operations and transform data into specific formats. The back office services are a component of the TAS³ Trusted Application Infrastructure but not of the core TAS³ Trust and Security Infrastructure.

The main Auxiliary or Back Office Services and Components are:

• The Generic Data Format ([TAS3D82BackOffice], section 2.1.2) used to store data in TAS³ repositories

• Services to transform ([TAS3D82BackOffice], section 2.1) data from a custom source format to the Generic Data Format and from the Generic Data Format to a format, which is requested (and supported).

• Aggregation Service ([TAS3D82BackOffice], section 2.2) and Policy Aggregation ([TAS3D82BackOffice], chapter 8)

• Request Logger Service ([TAS3D82BackOffice], section 3.2) to store information on requests issued and responses received by TAS³ web services for auditing and maintenance purposes