Copyright © 2015 Open Geospatial Consortium.
51
9.2.3 Define and Describe Common Security in Capabilities document
The description for the implementation of the security frameworks, as part of the Common Security, should be in the Capabilities document. In particular, ows:Constraint
shall be included for each operation.
ows:Constraint name
= authentication
ows:AllowedValues ows:Value
urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser ows:Value
ows:Value urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp
ows:Value ows:AllowedValues
ows:Metadata xlink:href
= http:www.unibw.de...inspireauthCodelists.xmlAuthenticationCode
ows:Constraint
9.2.4 GetCapabilities operation
In order to provide the common hook ows:Constraint for describing common security constraints on service operations, either:
the GetCapabilities operation is publically accessible and not protected, or a publically accessible Capabilities instance document is hosted on a web server
that contains the Operations section including the security description. In the case where the served content is classified, the full list of data offerings is only
returned if the user issues the GetCapabilties request as a recognized user. This implies the use of the publically assessable Capabilities instance document that does not contain
the classified data offerings but outline the GetCapabilities operation as protected. This ensures that the data offerings are not published to anonymous users, but authorized users
can bind to the service by following the protected GetCapabilities operation.
Table 7 — Example Capabilities document with no data offerings
ows:OperationsMetadata ows:Operation
name =
GetCapabilities ows:DCP
ows:HTTP ows:Get
xlink:href =
http:maps.dgs.udel.edu:80geoserverdgswfs ows:Post
xlink:href =
http:maps.dgs.udel.edu:80geoserverdgswfs ows:HTTP
ows:DCP ows:Parameter
name =
AcceptVersions ows:AllowedValues
ows:Value 1.0.0
ows:Value ows:Value
1.1.0 ows:Value
ows:Value 2.0.0
ows:Value ows:AllowedValues
ows:Parameter ows:Parameter
name =
AcceptFormats ows:AllowedValues
ows:Value textxml
ows:Value ows:AllowedValues
ows:Parameter ows:Constraint
name =
authentication
52
Copyright © 2015 Open Geospatial Consortium.
ows:AllowedValues ows:Value
urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser ows:Value
ows:Value urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp
ows:Value ows:AllowedValues
ows:Metadata xlink:href
= http:www.unibw.de...authCodelists.xmlAuthenticationCode
ows:Constraint ows:Constraint
name =
access ows:AllowedValues
ows:Value urn:tbd:policy:GetFeature
ows:Value ows:AllowedValues
ows:Metadata xlink:href
= http:www.unibw.de...accessCodelists.xmlAccessCode
ows:Constraint ows:Operation
ows:OperationsMetadata
-- FeatureTypeList
--
fes:Filter_Capabilities ...
fes:Filter_Capabilities
The example Capabilities instance is valid even though the FeatureTypeList element is missing.
9.2.5 OWS Common limitations on DCP element