OGC 07-118r9 10 Copyright © 2014 Open Geospatial Consortium 2 Conformance

2.1 Conformance to base specifications

This present section describes the compliance testing required for an implementation of this Best Practice. It is worth highlighting that this OGC document references and uses specifications SAML, WS Security, XACML that come from other standards bodies such as the Organization for the Advancement of Structured Information Standards - OASIS for which the concept of “conformance testing” does not apply; consequently, it is not possible to recursively test the conformance to the compound specifications.

2.2 Conformance classes

We assume that a unique “core” conformance class encompassing all of the specification clauses in the Best Practice is defined and assume that the “Abstract Test Suite” is made up of this unique conformance class “the core”. This class defines test cases, which covers: ฀ Test Module Basic requirements ฀ Test Module Authentication ฀ Test Module Authorisation These are detailed in the Abstract Test Suite see Annex A. OGC 07-118r9 11 Copyright © 2014 Open Geospatial Consortium 3 References The following normative documents contain provisions that, through reference in this text, constitute provisions of this document. For dated references, subsequent amendments to, or revisions of, any of these publications do not apply. For undated references, the latest edition of the normative document referred to applies.

3.1 Normative references

[NR1] W3C Recommendation January 1999, Namespaces In XML, http:www.w3.orgTR2000REC-xml-names [NR2] W3C Recommendation 6 October 2000, Extensible Markup Language XML 1.0 Second Edition, http:www.w3.orgTRREC-xml [NR3] W3C Recommendation 2 May 2001: XML Schema Part 0: Primer, http:www.w3.orgTR2001REC-xmlschema-0-20010502 [NR4] W3C Recommendation 2 May 2001: XML Schema Part 1: Structures, http:www.w3.orgTR2001REC-xmlschema-1-20010502 [NR5] W3C Recommendation 2 May 2001: XML Schema Part 2: Datatypes, http:www.w3.orgTR2001REC-xmlschema-2-20010502 [NR6] W3C Simple Object Access Protocol SOAP Version 1.1 W3C Note 08 May 2000, http:www.w3.orgTR2000NOTE-SOAP-20000508 [NR7] WSDL, Web Services Description Language WSDL 1.1, http:www.w3.orgTRwsdl [NR8] IETF RFC 2119, Keywords for use in RFCs to Indicate Requirement Levels, http:rfc.netrfc2119.html [NR9] WS-Security, SOAP Message Security V1.1 http:www.oasis- open.orgcommitteesdownload.php16790wss-v1.1-spec-os- SOAPMessageSecurity.pdf [NR10] SAML, Assertions and Protocol for the OASIS Security Assertion Markup Language SAML V1.1 http:www.oasis- open.orgcommitteesdownload.php3406oasis-sstc-saml-core-1.1.pdf [NR11] Web Services Security SAML Token Profile 1.1 http:www.oasis- open.orgcommitteesdownload.php16768wss-v1.1-spec-os- SAMLTokenProfile.pdf [NR12] SAML, Assertions and Protocols for the OASIS Security Assertion Markup Language SAML V2.0 http:docs.oasis- open.orgsecuritysamlv2.0saml-core-2.0-os.pdf [NR13] Secure Hash Standards SHA-1 National Institute of Standards and Technology http:csrc.nist.govcryptvalshs.htm [NR14] Glossary for the OASIS Security Assertion Markup Language SAML http:www.oasis-open.orgcommitteessecuritydocscs-sstc-glossary- 01.pdf [NR15] Java Cryptography Architecture API Specification Reference http:java.sun.comj2se1.5.0docsguidesecurityCryptoSpec.html [NR16] OGC 06-121r8, OGC Web Services Standard, Implementation Standard, Version 1.2.0, 20090918 [NR17] XML encryption http:www.w3.orgTRxmlenc-core [NR18] XML signature http:www.w3.orgTRxmldsig-core OGC 07-118r9 12 Copyright © 2014 Open Geospatial Consortium [NR19] Apache XML Security http:santuario.apache.orgJavaindex.html [NR20] W3C Recommendation 04 September 2007, Web Services Policy 1.5 - Framework, http:www.w3.orgTRws-policy [NR21] OASIS eXtensible Access Control Markup Language XACML TC http:www.oasis-open.orgcommitteesxacml [NR22] SOAP Version 1.2 Part 1: Messaging Framework Second Edition, W3C Recommendation 27 April 2007, http:www.w3.orgTRsoap12-part1 [NR23] OASIS WS-Trust 1.3 http:docs.oasis-open.orgws-sxws-trust200512ws-trust-1.3-os.pdf [NR24] OASIS WS-Security UsernameToken Profile 1.1 http:docs.oasis-open.orgwssv1.1wss-v1.1-spec-os- UsernameTokenProfile.pdf [NR25] OGC 07-026r2, Geospatial eXtensible Access Control Markup Language GeoXACML, 1.0 [NR26] Web Services Federation Language WS-Federation Version 1.2 http:www.oasis-open.orgappsgroup_publicdownload.php31658ws- federation-1.2-spec-cs-01.doc [NR27] IETF RFC 2616, Hypertext Transfer Protocol -- HTTP1.1 http:www.ietf.orgrfcrfc2616.txt [NR28] IETF RFC 2045, Multipurpose Internet Mail Extensions MIME Part One: Format of Internet Message Bodies http:www.ietf.orgrfcrfc2045.txt [NR29] IETF RFC 3986, Uniform Resource Identifier URI: Generic Syntax http:www.ietf.orgrfcrfc3986.txt [NR30] IETF RFC 2234, Augmented BNF for Syntax Specifications: ABNF http:www.ietf.orgrfcrfc2234.txt [NR31] IETF RFC 6750, The OAuth 2.0 Authorization Framework: Bearer Token Usage http:www.ietf.orgrfcrfc6750.txt [NR32] W3C Recommendation 04 September 2007, Web Services Policy 1.5 – Attachment, http:www.w3.orgTRws-policy-attach [NR33] OASIS WS-SecurityPolicy 1.2, 1 July 2007 http:docs.oasis-open.orgws-sxws-securitypolicy200702ws- securitypolicy-1.2-spec-os.pdf

3.2 Other references