OWS-6 Public Engineering Report OGC 09-035 Copyright © 2009 Open Geospatial Consortium, Inc. 1 OGC ® OWS-6 Security Engineering Report 1 Introduction

1.1 Scope

This Engineering Report describes work accomplished during the OGC Web Services Testbed, Phase 6 OWS-6 to investigate and implement security measures for OGC web services. This work was undertaken to address requirements stated in the OWS-6 RFQCFP originating from a number of sponsors, from OGC staff, and from OGC members. The tasks undertaken to satisfy these requirements provided results related to three different approaches: • Web services security using XACML policies with spatial obligations and related software implementations; • Web services security using GeoXACML policies and related software implementations; and • RESTful web services security using OpenID OAuth and related software implementations. Each approach and its solution provided opportunities to experiment with existing security specifications and standards to demonstrate applicability, interoperability and to identify potential implementation and standards issues where future work may be required. The outcome from these solutions, which was based on a variety of technology, standards, and engineering design choices, offers insights into ways to apply existing security standards from W3C, OASIS, and others with the architecture of OGC web services and standards. 2 Copyright © 2009 Open Geospatial Consortium, Inc.

1.2 Document contributor contact points

All questions regarding this document should be directed to the editor or the contributors: Name Organization Rüdiger Gartmann con terra GmbH Lewis Leinenweber BAE Systems Jan Hermann Technische Universität München Pat Cappeleare Vightel

1.3 Revision history

Date Release Editor Primary clauses modified Description 20081117 0.0.1 RG All Document initialized 20090401 0.0.2 RG 12 Policy encoding 20090403 0.0.3 RG 15 Unsolved issues 20090615 0.0.4 LEL 4,7,8,10, 13 General edits; added RFQ Use Cases 20090618 0.0.5 LEL Various Minor edits 20090619 0.0.6 LEL Various Minor edits 20090715 0.0.7 LEL 11 Added RESTful security; added reference material for GeoXACML and ER 20090717 0.0.8 LEL Various Overall document edits and update 20090803 0.0.9 RG Various Several edits 20090812 0.0.10 LEL Various Minor edits 20091008 0.3.0 Carl Reed Various Ready document for posting as Public ER

1.4 Future work