94 Copyright © 2013 Open Geospatial Consortium. SC-0051, SWIM-SCV-0052 and SWIM-SC-0053 which apply to communications among message brokers – a SWIM internal activity.

9.4.1 SWIM Requirements

The FAA SWIM Compliance document lists 31 requirements for compliance with SWIM. Two of those requirements, SWIM-SC-0001 and SWIM-SC-0002, were determined to be not applicable to OGC products in that they address technology acquisition requirements. The following table describes the levels of compliance with the remaining requirements. Summary Assessment Number of Requirements OGC Standards Perspective Fully Compliant 26 Provisionally Compliant Not Applicable 3 Product Implementation Perspective Fully Compliant 4 Provisionally Compliant 22 Not Applicable 3

9.4.2 Observations

฀ It was noted that the SWIM Requirements were defined for SWIM Segment 1 and the FAA is transitioning to SWIM Segment 2. The OWS-9 team confirmed with FAA representatives that the technical requirements and standards would be relatively unchanged from Segment 1 to Segment 2 so the assessment would still provide a valid indicator for the support of SWIM compliance requirements by OGC standards in general and OWS-9 service implementations in particular. ฀ The SWIM security requirements provided an interesting topic of discussion. A review of the SWIM-annotated Web Services – Interoperability Basic Security Profile Version Number 1.0 provided insight into three SWIM requirements that would be in addition to the WS-I Basic Security Profile Version 1.1. These requirements deal with replay of the username token and encryption with signatures, both aspects that can be implemented in a secure way within the OGC standards framework to prevent a security risk. In OGC Web Services, security functionality is separated as much as possible from service implementation. This Copyright © 2013 Open Geospatial Consortium. 95 practice enables the provision of security capabilities through separate security services e.g. authentication, authorization and audit services which can be flexibly combined and used in different configurations to suit the requirements of a specific implementation. This provides scalable solutions that allow new security services to be implemented without affecting other services e.g. WFS, ES, WPS. More information on OWS security implementation can be located at: o OWS-8 Aviation Architecture Engineering Report o OWS-6 Security Engineering Report

9.5 Summary and Recommendations