What is the difference between Web Access and SSL Access Layers in the context of blocking \ allowing HTTPS sites?

These two layers present actions based on different stages of an HTTPS transaction.

The SSL Access Layer can allow or deny sites based on the information within the SSL certificate presented by the OCS. Checks can be done on the hostname, validity, date, and other information contained within a certificate. No real SSL interception is done, the certificate is not encrypted, and the information contained within is public.

The Web Access Layer allows or denies HTTPS sites after a certificate has been accepted and the SSL connection has been intercepted. The Web Access Layer bases its decisions on the content within the website, which is usually encrypted. Hence, to effectively block HTTPS sites in this manner, SSL interception must be enabled for the site in question.